From a0a4bfb63a2ab3ce3feb15b52cfb9b39c9faee05 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 08:23:39 +0000 Subject: [PATCH] Update module github.com/sigstore/rekor to v1.2.0 [SECURITY] Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 20 +- go.sum | 46 +- vendor/github.com/blang/semver/.travis.yml | 21 + vendor/github.com/blang/semver/LICENSE | 22 + vendor/github.com/blang/semver/README.md | 194 ++ vendor/github.com/blang/semver/json.go | 23 + vendor/github.com/blang/semver/package.json | 17 + vendor/github.com/blang/semver/range.go | 416 +++ vendor/github.com/blang/semver/semver.go | 418 +++ vendor/github.com/blang/semver/sort.go | 28 + vendor/github.com/blang/semver/sql.go | 30 + .../gabriel-vasile/mimetype/.gitattributes | 1 + .../mimetype/CODE_OF_CONDUCT.md | 76 + .../gabriel-vasile/mimetype/CONTRIBUTING.md | 12 + .../gabriel-vasile/mimetype/LICENSE | 21 + .../gabriel-vasile/mimetype/README.md | 108 + .../mimetype/internal/charset/charset.go | 309 ++ .../mimetype/internal/json/json.go | 544 ++++ .../mimetype/internal/magic/archive.go | 124 + .../mimetype/internal/magic/audio.go | 76 + .../mimetype/internal/magic/binary.go | 196 ++ .../mimetype/internal/magic/database.go | 13 + .../mimetype/internal/magic/document.go | 62 + .../mimetype/internal/magic/font.go | 39 + .../mimetype/internal/magic/ftyp.go | 88 + .../mimetype/internal/magic/geo.go | 55 + .../mimetype/internal/magic/image.go | 110 + .../mimetype/internal/magic/magic.go | 239 ++ .../mimetype/internal/magic/ms_office.go | 225 ++ .../mimetype/internal/magic/ogg.go | 42 + .../mimetype/internal/magic/text.go | 375 +++ .../mimetype/internal/magic/text_csv.go | 51 + .../mimetype/internal/magic/video.go | 85 + .../mimetype/internal/magic/zip.go | 92 + .../gabriel-vasile/mimetype/mime.go | 186 ++ .../gabriel-vasile/mimetype/mimetype.gif | Bin 0 -> 1343793 bytes .../gabriel-vasile/mimetype/mimetype.go | 123 + .../mimetype/supported_mimes.md | 178 ++ .../gabriel-vasile/mimetype/tree.go | 260 ++ vendor/github.com/go-chi/chi/.gitignore | 3 + vendor/github.com/go-chi/chi/.travis.yml | 20 + vendor/github.com/go-chi/chi/CHANGELOG.md | 190 ++ vendor/github.com/go-chi/chi/CONTRIBUTING.md | 31 + vendor/github.com/go-chi/chi/LICENSE | 20 + vendor/github.com/go-chi/chi/README.md | 441 +++ vendor/github.com/go-chi/chi/chain.go | 49 + vendor/github.com/go-chi/chi/chi.go | 134 + vendor/github.com/go-chi/chi/context.go | 172 + .../go-chi/chi/middleware/basic_auth.go | 32 + .../go-chi/chi/middleware/compress.go | 399 +++ .../go-chi/chi/middleware/content_charset.go | 51 + .../go-chi/chi/middleware/content_encoding.go | 34 + .../go-chi/chi/middleware/content_type.go | 51 + .../go-chi/chi/middleware/get_head.go | 39 + .../go-chi/chi/middleware/heartbeat.go | 26 + .../go-chi/chi/middleware/logger.go | 155 + .../go-chi/chi/middleware/middleware.go | 23 + .../go-chi/chi/middleware/nocache.go | 58 + .../go-chi/chi/middleware/profiler.go | 55 + .../go-chi/chi/middleware/realip.go | 54 + .../go-chi/chi/middleware/recoverer.go | 192 ++ .../go-chi/chi/middleware/request_id.go | 96 + .../go-chi/chi/middleware/route_headers.go | 160 + .../github.com/go-chi/chi/middleware/strip.go | 56 + .../go-chi/chi/middleware/terminal.go | 63 + .../go-chi/chi/middleware/throttle.go | 132 + .../go-chi/chi/middleware/timeout.go | 49 + .../go-chi/chi/middleware/url_format.go | 72 + .../github.com/go-chi/chi/middleware/value.go | 17 + .../go-chi/chi/middleware/wrap_writer.go | 180 ++ vendor/github.com/go-chi/chi/mux.go | 466 +++ vendor/github.com/go-chi/chi/tree.go | 865 +++++ .../go-playground/locales/.gitignore | 24 + .../go-playground/locales/.travis.yml | 26 + .../github.com/go-playground/locales/LICENSE | 21 + .../go-playground/locales/README.md | 170 + .../locales/currency/currency.go | 311 ++ .../github.com/go-playground/locales/logo.png | Bin 0 -> 37360 bytes .../github.com/go-playground/locales/rules.go | 293 ++ .../universal-translator/.gitignore | 25 + .../universal-translator/.travis.yml | 27 + .../universal-translator/LICENSE | 21 + .../universal-translator/Makefile | 18 + .../universal-translator/README.md | 87 + .../universal-translator/errors.go | 148 + .../universal-translator/import_export.go | 274 ++ .../universal-translator/logo.png | Bin 0 -> 16598 bytes .../universal-translator/translator.go | 420 +++ .../universal_translator.go | 113 + .../go-playground/validator/v10/.gitignore | 32 + .../go-playground/validator/v10/LICENSE | 22 + .../validator/v10/MAINTAINERS.md | 16 + .../go-playground/validator/v10/Makefile | 18 + .../go-playground/validator/v10/README.md | 349 ++ .../go-playground/validator/v10/baked_in.go | 2848 +++++++++++++++++ .../go-playground/validator/v10/cache.go | 327 ++ .../validator/v10/country_codes.go | 1150 +++++++ .../validator/v10/currency_codes.go | 79 + .../go-playground/validator/v10/doc.go | 1463 +++++++++ .../go-playground/validator/v10/errors.go | 272 ++ .../validator/v10/field_level.go | 120 + .../go-playground/validator/v10/logo.png | Bin 0 -> 13443 bytes .../validator/v10/postcode_regexes.go | 173 + .../go-playground/validator/v10/regexes.go | 137 + .../validator/v10/struct_level.go | 175 + .../validator/v10/translations.go | 11 + .../go-playground/validator/v10/util.go | 288 ++ .../go-playground/validator/v10/validator.go | 485 +++ .../validator/v10/validator_instance.go | 702 ++++ .../github.com/google/trillian/.golangci.yaml | 16 - vendor/github.com/google/trillian/BUILD.bazel | 55 - .../github.com/google/trillian/CHANGELOG.md | 27 + vendor/github.com/google/trillian/README.md | 5 +- .../google/trillian/cloudbuild.yaml | 1 - .../github.com/google/trillian/trillian.pb.go | 34 +- .../google/trillian/trillian_admin_api.pb.go | 2 +- .../trillian/trillian_admin_api_grpc.pb.go | 49 +- .../google/trillian/trillian_log_api.pb.go | 21 +- .../trillian/trillian_log_api_grpc.pb.go | 64 +- .../jedisct1/go-minisign/.gitignore | 14 + .../github.com/jedisct1/go-minisign/LICENSE | 21 + .../github.com/jedisct1/go-minisign/README.md | 4 + .../jedisct1/go-minisign/minisign.go | 133 + vendor/github.com/leodido/go-urn/.gitignore | 12 + vendor/github.com/leodido/go-urn/LICENSE | 21 + vendor/github.com/leodido/go-urn/README.md | 81 + vendor/github.com/leodido/go-urn/machine.go | 1688 ++++++++++ .../github.com/leodido/go-urn/machine.go.rl | 159 + vendor/github.com/leodido/go-urn/makefile | 53 + vendor/github.com/leodido/go-urn/urn.go | 86 + vendor/github.com/sassoftware/relic/LICENSE | 202 ++ .../sassoftware/relic/lib/pkcs7/attributes.go | 88 + .../sassoftware/relic/lib/pkcs7/builder.go | 151 + .../sassoftware/relic/lib/pkcs7/content.go | 81 + .../sassoftware/relic/lib/pkcs7/marshal.go | 74 + .../sassoftware/relic/lib/pkcs7/structs.go | 85 + .../sassoftware/relic/lib/pkcs7/verify.go | 162 + .../relic/lib/x509tools/certpool.go | 51 + .../relic/lib/x509tools/digests.go | 97 + .../relic/lib/x509tools/ecdsa_curves.go | 191 ++ .../relic/lib/x509tools/keylogfile.go | 37 + .../sassoftware/relic/lib/x509tools/names.go | 214 ++ .../sassoftware/relic/lib/x509tools/pkix.go | 209 ++ .../relic/lib/x509tools/printcert.go | 275 ++ .../sassoftware/relic/lib/x509tools/rsapss.go | 108 + .../sassoftware/relic/lib/x509tools/util.go | 130 + .../relic/lib/x509tools/x509cmd.go | 340 ++ .../go-securesystemslib/LICENSE | 21 + .../cjson/canonicaljson.go | 151 + .../sigstore/protobuf-specs/COPYRIGHT.txt | 14 + .../sigstore/protobuf-specs/LICENSE | 202 ++ .../gen/pb-go/common/v1/sigstore_common.pb.go | 1343 ++++++++ .../gen/pb-go/rekor/v1/sigstore_rekor.pb.go | 606 ++++ .../sigstore/rekor/pkg/client/rekor_client.go | 76 + .../client/tlog/get_log_info_parameters.go | 49 +- .../rekor/pkg/generated/models/dsse.go | 210 ++ .../rekor/pkg/generated/models/dsse_schema.go | 29 + .../pkg/generated/models/dsse_v001_schema.go | 665 ++++ .../generated/models/intoto_v002_schema.go | 36 +- .../pkg/generated/models/proposed_entry.go | 6 + .../pkg/generated/models/tuf_v001_schema.go | 21 +- .../github.com/sigstore/rekor/pkg/log/log.go | 115 + .../sigstore/rekor/pkg/pki/factory.go | 126 + .../rekor/pkg/pki/minisign/minisign.go | 194 ++ .../sigstore/rekor/pkg/pki/pgp/pgp.go | 318 ++ .../sigstore/rekor/pkg/pki/pkcs7/pkcs7.go | 247 ++ .../github.com/sigstore/rekor/pkg/pki/pki.go | 39 + .../sigstore/rekor/pkg/pki/ssh/README.md | 118 + .../sigstore/rekor/pkg/pki/ssh/encode.go | 95 + .../sigstore/rekor/pkg/pki/ssh/sign.go | 105 + .../sigstore/rekor/pkg/pki/ssh/ssh.go | 132 + .../sigstore/rekor/pkg/pki/ssh/verify.go | 50 + .../sigstore/rekor/pkg/pki/tuf/tuf.go | 181 ++ .../sigstore/rekor/pkg/pki/x509/e2e.go | 193 ++ .../sigstore/rekor/pkg/pki/x509/x509.go | 285 ++ .../sigstore/rekor/pkg/types/README.md | 32 + .../sigstore/rekor/pkg/types/entries.go | 175 + .../sigstore/rekor/pkg/types/error.go | 20 + .../sigstore/rekor/pkg/types/test_util.go | 90 + .../sigstore/rekor/pkg/types/types.go | 104 + .../sigstore/rekor/pkg/types/versionmap.go | 97 + .../go-tuf/data/hex_bytes.go | 42 + .../theupdateframework/go-tuf/data/types.go | 345 ++ .../go-tuf/internal/roles/roles.go | 48 + .../go-tuf/pkg/keys/deprecated_ecdsa.go | 101 + .../go-tuf/pkg/keys/ecdsa.go | 171 + .../go-tuf/pkg/keys/ed25519.go | 161 + .../go-tuf/pkg/keys/keys.go | 82 + .../go-tuf/pkg/keys/pkix.go | 56 + .../theupdateframework/go-tuf/pkg/keys/rsa.go | 162 + .../theupdateframework/go-tuf/verify/db.go | 104 + .../go-tuf/verify/errors.go | 73 + .../go-tuf/verify/verify.go | 187 ++ vendor/go.uber.org/atomic/.codecov.yml | 19 + vendor/go.uber.org/atomic/.gitignore | 15 + vendor/go.uber.org/atomic/CHANGELOG.md | 117 + vendor/go.uber.org/atomic/LICENSE.txt | 19 + vendor/go.uber.org/atomic/Makefile | 79 + vendor/go.uber.org/atomic/README.md | 63 + vendor/go.uber.org/atomic/bool.go | 88 + vendor/go.uber.org/atomic/bool_ext.go | 53 + vendor/go.uber.org/atomic/doc.go | 23 + vendor/go.uber.org/atomic/duration.go | 89 + vendor/go.uber.org/atomic/duration_ext.go | 40 + vendor/go.uber.org/atomic/error.go | 62 + vendor/go.uber.org/atomic/error_ext.go | 39 + vendor/go.uber.org/atomic/float32.go | 77 + vendor/go.uber.org/atomic/float32_ext.go | 76 + vendor/go.uber.org/atomic/float64.go | 77 + vendor/go.uber.org/atomic/float64_ext.go | 76 + vendor/go.uber.org/atomic/gen.go | 27 + vendor/go.uber.org/atomic/int32.go | 109 + vendor/go.uber.org/atomic/int64.go | 109 + vendor/go.uber.org/atomic/nocmp.go | 35 + vendor/go.uber.org/atomic/pointer_go118.go | 60 + vendor/go.uber.org/atomic/pointer_go119.go | 61 + vendor/go.uber.org/atomic/string.go | 65 + vendor/go.uber.org/atomic/string_ext.go | 43 + vendor/go.uber.org/atomic/time.go | 55 + vendor/go.uber.org/atomic/time_ext.go | 36 + vendor/go.uber.org/atomic/uint32.go | 109 + vendor/go.uber.org/atomic/uint64.go | 109 + vendor/go.uber.org/atomic/uintptr.go | 109 + vendor/go.uber.org/atomic/unsafe_pointer.go | 65 + vendor/go.uber.org/atomic/value.go | 31 + vendor/go.uber.org/multierr/.codecov.yml | 15 + vendor/go.uber.org/multierr/.gitignore | 4 + vendor/go.uber.org/multierr/CHANGELOG.md | 95 + vendor/go.uber.org/multierr/LICENSE.txt | 19 + vendor/go.uber.org/multierr/Makefile | 38 + vendor/go.uber.org/multierr/README.md | 43 + vendor/go.uber.org/multierr/error.go | 646 ++++ .../go.uber.org/multierr/error_post_go120.go | 48 + .../go.uber.org/multierr/error_pre_go120.go | 79 + vendor/go.uber.org/zap/.codecov.yml | 17 + vendor/go.uber.org/zap/.gitignore | 32 + vendor/go.uber.org/zap/.readme.tmpl | 109 + vendor/go.uber.org/zap/CHANGELOG.md | 617 ++++ vendor/go.uber.org/zap/CODE_OF_CONDUCT.md | 75 + vendor/go.uber.org/zap/CONTRIBUTING.md | 70 + vendor/go.uber.org/zap/FAQ.md | 164 + vendor/go.uber.org/zap/LICENSE.txt | 19 + vendor/go.uber.org/zap/Makefile | 73 + vendor/go.uber.org/zap/README.md | 133 + vendor/go.uber.org/zap/array.go | 320 ++ vendor/go.uber.org/zap/array_go118.go | 156 + vendor/go.uber.org/zap/buffer/buffer.go | 141 + vendor/go.uber.org/zap/buffer/pool.go | 49 + vendor/go.uber.org/zap/checklicense.sh | 17 + vendor/go.uber.org/zap/config.go | 264 ++ vendor/go.uber.org/zap/doc.go | 117 + vendor/go.uber.org/zap/encoder.go | 79 + vendor/go.uber.org/zap/error.go | 80 + vendor/go.uber.org/zap/field.go | 549 ++++ vendor/go.uber.org/zap/flag.go | 39 + vendor/go.uber.org/zap/glide.yaml | 34 + vendor/go.uber.org/zap/global.go | 169 + vendor/go.uber.org/zap/http_handler.go | 133 + .../zap/internal/bufferpool/bufferpool.go | 31 + .../go.uber.org/zap/internal/color/color.go | 44 + vendor/go.uber.org/zap/internal/exit/exit.go | 66 + .../go.uber.org/zap/internal/level_enabler.go | 35 + vendor/go.uber.org/zap/level.go | 152 + vendor/go.uber.org/zap/logger.go | 400 +++ vendor/go.uber.org/zap/options.go | 167 + vendor/go.uber.org/zap/sink.go | 179 ++ vendor/go.uber.org/zap/stacktrace.go | 176 + vendor/go.uber.org/zap/sugar.go | 416 +++ vendor/go.uber.org/zap/time.go | 27 + vendor/go.uber.org/zap/writer.go | 98 + .../zap/zapcore/buffered_write_syncer.go | 219 ++ vendor/go.uber.org/zap/zapcore/clock.go | 48 + .../zap/zapcore/console_encoder.go | 157 + vendor/go.uber.org/zap/zapcore/core.go | 122 + vendor/go.uber.org/zap/zapcore/doc.go | 24 + vendor/go.uber.org/zap/zapcore/encoder.go | 451 +++ vendor/go.uber.org/zap/zapcore/entry.go | 300 ++ vendor/go.uber.org/zap/zapcore/error.go | 132 + vendor/go.uber.org/zap/zapcore/field.go | 233 ++ vendor/go.uber.org/zap/zapcore/hook.go | 77 + .../go.uber.org/zap/zapcore/increase_level.go | 75 + .../go.uber.org/zap/zapcore/json_encoder.go | 562 ++++ vendor/go.uber.org/zap/zapcore/level.go | 229 ++ .../go.uber.org/zap/zapcore/level_strings.go | 46 + vendor/go.uber.org/zap/zapcore/marshaler.go | 61 + .../go.uber.org/zap/zapcore/memory_encoder.go | 179 ++ .../zap/zapcore/reflected_encoder.go | 41 + vendor/go.uber.org/zap/zapcore/sampler.go | 230 ++ vendor/go.uber.org/zap/zapcore/tee.go | 96 + .../go.uber.org/zap/zapcore/write_syncer.go | 122 + vendor/golang.org/x/crypto/blake2b/blake2b.go | 291 ++ .../x/crypto/blake2b/blake2bAVX2_amd64.go | 38 + .../x/crypto/blake2b/blake2bAVX2_amd64.s | 745 +++++ .../x/crypto/blake2b/blake2b_amd64.go | 25 + .../x/crypto/blake2b/blake2b_amd64.s | 279 ++ .../x/crypto/blake2b/blake2b_generic.go | 182 ++ .../x/crypto/blake2b/blake2b_ref.go | 12 + vendor/golang.org/x/crypto/blake2b/blake2x.go | 177 + .../golang.org/x/crypto/blake2b/register.go | 33 + .../x/crypto/ssh/terminal/terminal.go | 76 + .../api/annotations/annotations.pb.go | 119 + .../googleapis/api/annotations/client.pb.go | 1766 ++++++++++ .../api/annotations/field_behavior.pb.go | 250 ++ .../googleapis/api/annotations/http.pb.go | 782 +++++ .../googleapis/api/annotations/resource.pb.go | 655 ++++ .../googleapis/api/annotations/routing.pb.go | 693 ++++ .../googleapis/api/launch_stage.pb.go | 203 ++ vendor/modules.txt | 80 +- 308 files changed, 50589 insertions(+), 163 deletions(-) create mode 100644 vendor/github.com/blang/semver/.travis.yml create mode 100644 vendor/github.com/blang/semver/LICENSE create mode 100644 vendor/github.com/blang/semver/README.md create mode 100644 vendor/github.com/blang/semver/json.go create mode 100644 vendor/github.com/blang/semver/package.json create mode 100644 vendor/github.com/blang/semver/range.go create mode 100644 vendor/github.com/blang/semver/semver.go create mode 100644 vendor/github.com/blang/semver/sort.go create mode 100644 vendor/github.com/blang/semver/sql.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/.gitattributes create mode 100644 vendor/github.com/gabriel-vasile/mimetype/CODE_OF_CONDUCT.md create mode 100644 vendor/github.com/gabriel-vasile/mimetype/CONTRIBUTING.md create mode 100644 vendor/github.com/gabriel-vasile/mimetype/LICENSE create mode 100644 vendor/github.com/gabriel-vasile/mimetype/README.md create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/charset/charset.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/json/json.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/audio.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/database.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/document.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/font.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/ftyp.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/image.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/ms_office.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/ogg.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/video.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/mime.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/mimetype.gif create mode 100644 vendor/github.com/gabriel-vasile/mimetype/mimetype.go create mode 100644 vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md create mode 100644 vendor/github.com/gabriel-vasile/mimetype/tree.go create mode 100644 vendor/github.com/go-chi/chi/.gitignore create mode 100644 vendor/github.com/go-chi/chi/.travis.yml create mode 100644 vendor/github.com/go-chi/chi/CHANGELOG.md create mode 100644 vendor/github.com/go-chi/chi/CONTRIBUTING.md create mode 100644 vendor/github.com/go-chi/chi/LICENSE create mode 100644 vendor/github.com/go-chi/chi/README.md create mode 100644 vendor/github.com/go-chi/chi/chain.go create mode 100644 vendor/github.com/go-chi/chi/chi.go create mode 100644 vendor/github.com/go-chi/chi/context.go create mode 100644 vendor/github.com/go-chi/chi/middleware/basic_auth.go create mode 100644 vendor/github.com/go-chi/chi/middleware/compress.go create mode 100644 vendor/github.com/go-chi/chi/middleware/content_charset.go create mode 100644 vendor/github.com/go-chi/chi/middleware/content_encoding.go create mode 100644 vendor/github.com/go-chi/chi/middleware/content_type.go create mode 100644 vendor/github.com/go-chi/chi/middleware/get_head.go create mode 100644 vendor/github.com/go-chi/chi/middleware/heartbeat.go create mode 100644 vendor/github.com/go-chi/chi/middleware/logger.go create mode 100644 vendor/github.com/go-chi/chi/middleware/middleware.go create mode 100644 vendor/github.com/go-chi/chi/middleware/nocache.go create mode 100644 vendor/github.com/go-chi/chi/middleware/profiler.go create mode 100644 vendor/github.com/go-chi/chi/middleware/realip.go create mode 100644 vendor/github.com/go-chi/chi/middleware/recoverer.go create mode 100644 vendor/github.com/go-chi/chi/middleware/request_id.go create mode 100644 vendor/github.com/go-chi/chi/middleware/route_headers.go create mode 100644 vendor/github.com/go-chi/chi/middleware/strip.go create mode 100644 vendor/github.com/go-chi/chi/middleware/terminal.go create mode 100644 vendor/github.com/go-chi/chi/middleware/throttle.go create mode 100644 vendor/github.com/go-chi/chi/middleware/timeout.go create mode 100644 vendor/github.com/go-chi/chi/middleware/url_format.go create mode 100644 vendor/github.com/go-chi/chi/middleware/value.go create mode 100644 vendor/github.com/go-chi/chi/middleware/wrap_writer.go create mode 100644 vendor/github.com/go-chi/chi/mux.go create mode 100644 vendor/github.com/go-chi/chi/tree.go create mode 100644 vendor/github.com/go-playground/locales/.gitignore create mode 100644 vendor/github.com/go-playground/locales/.travis.yml create mode 100644 vendor/github.com/go-playground/locales/LICENSE create mode 100644 vendor/github.com/go-playground/locales/README.md create mode 100644 vendor/github.com/go-playground/locales/currency/currency.go create mode 100644 vendor/github.com/go-playground/locales/logo.png create mode 100644 vendor/github.com/go-playground/locales/rules.go create mode 100644 vendor/github.com/go-playground/universal-translator/.gitignore create mode 100644 vendor/github.com/go-playground/universal-translator/.travis.yml create mode 100644 vendor/github.com/go-playground/universal-translator/LICENSE create mode 100644 vendor/github.com/go-playground/universal-translator/Makefile create mode 100644 vendor/github.com/go-playground/universal-translator/README.md create mode 100644 vendor/github.com/go-playground/universal-translator/errors.go create mode 100644 vendor/github.com/go-playground/universal-translator/import_export.go create mode 100644 vendor/github.com/go-playground/universal-translator/logo.png create mode 100644 vendor/github.com/go-playground/universal-translator/translator.go create mode 100644 vendor/github.com/go-playground/universal-translator/universal_translator.go create mode 100644 vendor/github.com/go-playground/validator/v10/.gitignore create mode 100644 vendor/github.com/go-playground/validator/v10/LICENSE create mode 100644 vendor/github.com/go-playground/validator/v10/MAINTAINERS.md create mode 100644 vendor/github.com/go-playground/validator/v10/Makefile create mode 100644 vendor/github.com/go-playground/validator/v10/README.md create mode 100644 vendor/github.com/go-playground/validator/v10/baked_in.go create mode 100644 vendor/github.com/go-playground/validator/v10/cache.go create mode 100644 vendor/github.com/go-playground/validator/v10/country_codes.go create mode 100644 vendor/github.com/go-playground/validator/v10/currency_codes.go create mode 100644 vendor/github.com/go-playground/validator/v10/doc.go create mode 100644 vendor/github.com/go-playground/validator/v10/errors.go create mode 100644 vendor/github.com/go-playground/validator/v10/field_level.go create mode 100644 vendor/github.com/go-playground/validator/v10/logo.png create mode 100644 vendor/github.com/go-playground/validator/v10/postcode_regexes.go create mode 100644 vendor/github.com/go-playground/validator/v10/regexes.go create mode 100644 vendor/github.com/go-playground/validator/v10/struct_level.go create mode 100644 vendor/github.com/go-playground/validator/v10/translations.go create mode 100644 vendor/github.com/go-playground/validator/v10/util.go create mode 100644 vendor/github.com/go-playground/validator/v10/validator.go create mode 100644 vendor/github.com/go-playground/validator/v10/validator_instance.go delete mode 100644 vendor/github.com/google/trillian/BUILD.bazel create mode 100644 vendor/github.com/jedisct1/go-minisign/.gitignore create mode 100644 vendor/github.com/jedisct1/go-minisign/LICENSE create mode 100644 vendor/github.com/jedisct1/go-minisign/README.md create mode 100644 vendor/github.com/jedisct1/go-minisign/minisign.go create mode 100644 vendor/github.com/leodido/go-urn/.gitignore create mode 100644 vendor/github.com/leodido/go-urn/LICENSE create mode 100644 vendor/github.com/leodido/go-urn/README.md create mode 100644 vendor/github.com/leodido/go-urn/machine.go create mode 100644 vendor/github.com/leodido/go-urn/machine.go.rl create mode 100644 vendor/github.com/leodido/go-urn/makefile create mode 100644 vendor/github.com/leodido/go-urn/urn.go create mode 100644 vendor/github.com/sassoftware/relic/LICENSE create mode 100644 vendor/github.com/sassoftware/relic/lib/pkcs7/attributes.go create mode 100644 vendor/github.com/sassoftware/relic/lib/pkcs7/builder.go create mode 100644 vendor/github.com/sassoftware/relic/lib/pkcs7/content.go create mode 100644 vendor/github.com/sassoftware/relic/lib/pkcs7/marshal.go create mode 100644 vendor/github.com/sassoftware/relic/lib/pkcs7/structs.go create mode 100644 vendor/github.com/sassoftware/relic/lib/pkcs7/verify.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/certpool.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/digests.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/ecdsa_curves.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/keylogfile.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/names.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/pkix.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/printcert.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/rsapss.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/util.go create mode 100644 vendor/github.com/sassoftware/relic/lib/x509tools/x509cmd.go create mode 100644 vendor/github.com/secure-systems-lab/go-securesystemslib/LICENSE create mode 100644 vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go create mode 100644 vendor/github.com/sigstore/protobuf-specs/COPYRIGHT.txt create mode 100644 vendor/github.com/sigstore/protobuf-specs/LICENSE create mode 100644 vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go create mode 100644 vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/log/log.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/factory.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/pki.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/ssh/README.md create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/ssh/encode.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/ssh/sign.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/ssh/verify.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/x509/e2e.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/types/README.md create mode 100644 vendor/github.com/sigstore/rekor/pkg/types/entries.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/types/error.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/types/test_util.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/types/types.go create mode 100644 vendor/github.com/sigstore/rekor/pkg/types/versionmap.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/data/hex_bytes.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/data/types.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/internal/roles/roles.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/pkg/keys/deprecated_ecdsa.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/pkg/keys/ed25519.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/pkg/keys/keys.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/pkg/keys/pkix.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/pkg/keys/rsa.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/verify/db.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/verify/errors.go create mode 100644 vendor/github.com/theupdateframework/go-tuf/verify/verify.go create mode 100644 vendor/go.uber.org/atomic/.codecov.yml create mode 100644 vendor/go.uber.org/atomic/.gitignore create mode 100644 vendor/go.uber.org/atomic/CHANGELOG.md create mode 100644 vendor/go.uber.org/atomic/LICENSE.txt create mode 100644 vendor/go.uber.org/atomic/Makefile create mode 100644 vendor/go.uber.org/atomic/README.md create mode 100644 vendor/go.uber.org/atomic/bool.go create mode 100644 vendor/go.uber.org/atomic/bool_ext.go create mode 100644 vendor/go.uber.org/atomic/doc.go create mode 100644 vendor/go.uber.org/atomic/duration.go create mode 100644 vendor/go.uber.org/atomic/duration_ext.go create mode 100644 vendor/go.uber.org/atomic/error.go create mode 100644 vendor/go.uber.org/atomic/error_ext.go create mode 100644 vendor/go.uber.org/atomic/float32.go create mode 100644 vendor/go.uber.org/atomic/float32_ext.go create mode 100644 vendor/go.uber.org/atomic/float64.go create mode 100644 vendor/go.uber.org/atomic/float64_ext.go create mode 100644 vendor/go.uber.org/atomic/gen.go create mode 100644 vendor/go.uber.org/atomic/int32.go create mode 100644 vendor/go.uber.org/atomic/int64.go create mode 100644 vendor/go.uber.org/atomic/nocmp.go create mode 100644 vendor/go.uber.org/atomic/pointer_go118.go create mode 100644 vendor/go.uber.org/atomic/pointer_go119.go create mode 100644 vendor/go.uber.org/atomic/string.go create mode 100644 vendor/go.uber.org/atomic/string_ext.go create mode 100644 vendor/go.uber.org/atomic/time.go create mode 100644 vendor/go.uber.org/atomic/time_ext.go create mode 100644 vendor/go.uber.org/atomic/uint32.go create mode 100644 vendor/go.uber.org/atomic/uint64.go create mode 100644 vendor/go.uber.org/atomic/uintptr.go create mode 100644 vendor/go.uber.org/atomic/unsafe_pointer.go create mode 100644 vendor/go.uber.org/atomic/value.go create mode 100644 vendor/go.uber.org/multierr/.codecov.yml create mode 100644 vendor/go.uber.org/multierr/.gitignore create mode 100644 vendor/go.uber.org/multierr/CHANGELOG.md create mode 100644 vendor/go.uber.org/multierr/LICENSE.txt create mode 100644 vendor/go.uber.org/multierr/Makefile create mode 100644 vendor/go.uber.org/multierr/README.md create mode 100644 vendor/go.uber.org/multierr/error.go create mode 100644 vendor/go.uber.org/multierr/error_post_go120.go create mode 100644 vendor/go.uber.org/multierr/error_pre_go120.go create mode 100644 vendor/go.uber.org/zap/.codecov.yml create mode 100644 vendor/go.uber.org/zap/.gitignore create mode 100644 vendor/go.uber.org/zap/.readme.tmpl create mode 100644 vendor/go.uber.org/zap/CHANGELOG.md create mode 100644 vendor/go.uber.org/zap/CODE_OF_CONDUCT.md create mode 100644 vendor/go.uber.org/zap/CONTRIBUTING.md create mode 100644 vendor/go.uber.org/zap/FAQ.md create mode 100644 vendor/go.uber.org/zap/LICENSE.txt create mode 100644 vendor/go.uber.org/zap/Makefile create mode 100644 vendor/go.uber.org/zap/README.md create mode 100644 vendor/go.uber.org/zap/array.go create mode 100644 vendor/go.uber.org/zap/array_go118.go create mode 100644 vendor/go.uber.org/zap/buffer/buffer.go create mode 100644 vendor/go.uber.org/zap/buffer/pool.go create mode 100644 vendor/go.uber.org/zap/checklicense.sh create mode 100644 vendor/go.uber.org/zap/config.go create mode 100644 vendor/go.uber.org/zap/doc.go create mode 100644 vendor/go.uber.org/zap/encoder.go create mode 100644 vendor/go.uber.org/zap/error.go create mode 100644 vendor/go.uber.org/zap/field.go create mode 100644 vendor/go.uber.org/zap/flag.go create mode 100644 vendor/go.uber.org/zap/glide.yaml create mode 100644 vendor/go.uber.org/zap/global.go create mode 100644 vendor/go.uber.org/zap/http_handler.go create mode 100644 vendor/go.uber.org/zap/internal/bufferpool/bufferpool.go create mode 100644 vendor/go.uber.org/zap/internal/color/color.go create mode 100644 vendor/go.uber.org/zap/internal/exit/exit.go create mode 100644 vendor/go.uber.org/zap/internal/level_enabler.go create mode 100644 vendor/go.uber.org/zap/level.go create mode 100644 vendor/go.uber.org/zap/logger.go create mode 100644 vendor/go.uber.org/zap/options.go create mode 100644 vendor/go.uber.org/zap/sink.go create mode 100644 vendor/go.uber.org/zap/stacktrace.go create mode 100644 vendor/go.uber.org/zap/sugar.go create mode 100644 vendor/go.uber.org/zap/time.go create mode 100644 vendor/go.uber.org/zap/writer.go create mode 100644 vendor/go.uber.org/zap/zapcore/buffered_write_syncer.go create mode 100644 vendor/go.uber.org/zap/zapcore/clock.go create mode 100644 vendor/go.uber.org/zap/zapcore/console_encoder.go create mode 100644 vendor/go.uber.org/zap/zapcore/core.go create mode 100644 vendor/go.uber.org/zap/zapcore/doc.go create mode 100644 vendor/go.uber.org/zap/zapcore/encoder.go create mode 100644 vendor/go.uber.org/zap/zapcore/entry.go create mode 100644 vendor/go.uber.org/zap/zapcore/error.go create mode 100644 vendor/go.uber.org/zap/zapcore/field.go create mode 100644 vendor/go.uber.org/zap/zapcore/hook.go create mode 100644 vendor/go.uber.org/zap/zapcore/increase_level.go create mode 100644 vendor/go.uber.org/zap/zapcore/json_encoder.go create mode 100644 vendor/go.uber.org/zap/zapcore/level.go create mode 100644 vendor/go.uber.org/zap/zapcore/level_strings.go create mode 100644 vendor/go.uber.org/zap/zapcore/marshaler.go create mode 100644 vendor/go.uber.org/zap/zapcore/memory_encoder.go create mode 100644 vendor/go.uber.org/zap/zapcore/reflected_encoder.go create mode 100644 vendor/go.uber.org/zap/zapcore/sampler.go create mode 100644 vendor/go.uber.org/zap/zapcore/tee.go create mode 100644 vendor/go.uber.org/zap/zapcore/write_syncer.go create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b.go create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_generic.go create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_ref.go create mode 100644 vendor/golang.org/x/crypto/blake2b/blake2x.go create mode 100644 vendor/golang.org/x/crypto/blake2b/register.go create mode 100644 vendor/golang.org/x/crypto/ssh/terminal/terminal.go create mode 100644 vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go create mode 100644 vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go diff --git a/go.mod b/go.mod index df78a6ce66..95ebe76eb5 100644 --- a/go.mod +++ b/go.mod @@ -79,6 +79,7 @@ require ( github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/blang/semver v3.5.1+incompatible // indirect github.com/chzyer/readline v1.5.1 // indirect github.com/containerd/cgroups v1.1.0 // indirect github.com/containerd/containerd v1.7.0 // indirect @@ -94,6 +95,8 @@ require ( github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect github.com/fsouza/go-dockerclient v1.9.7 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect + github.com/go-chi/chi v4.1.2+incompatible // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -108,6 +111,9 @@ require ( github.com/go-openapi/strfmt v0.21.7 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-openapi/validate v0.22.1 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.14.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -116,17 +122,19 @@ require ( github.com/google/go-containerregistry v0.14.0 // indirect github.com/google/go-intervals v0.0.2 // indirect github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect - github.com/google/trillian v1.5.1 // indirect + github.com/google/trillian v1.5.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.2 // indirect github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect github.com/jinzhu/copier v0.3.5 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/klauspost/compress v1.16.5 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/kr/fs v0.1.0 // indirect + github.com/leodido/go-urn v1.2.4 // indirect github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/manifoldco/promptui v0.9.0 // indirect @@ -148,10 +156,13 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/proglottis/gpgme v0.1.3 // indirect github.com/rivo/uniseg v0.4.4 // indirect + github.com/sassoftware/relic v7.2.1+incompatible // indirect github.com/seccomp/libseccomp-golang v0.10.0 // indirect + github.com/secure-systems-lab/go-securesystemslib v0.6.0 // indirect github.com/segmentio/ksuid v1.0.4 // indirect github.com/sigstore/fulcio v1.3.1 // indirect - github.com/sigstore/rekor v1.1.2-0.20230508234306-ad288b385a44 // indirect + github.com/sigstore/protobuf-specs v0.1.0 // indirect + github.com/sigstore/rekor v1.2.0 // indirect github.com/sigstore/sigstore v1.6.4 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect @@ -166,7 +177,10 @@ require ( go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel v1.15.0 // indirect go.opentelemetry.io/otel/trace v1.15.0 // indirect - golang.org/x/crypto v0.8.0 // indirect + go.uber.org/atomic v1.10.0 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.24.0 // indirect + golang.org/x/crypto v0.9.0 // indirect golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 // indirect golang.org/x/mod v0.10.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect diff --git a/go.sum b/go.sum index 1e2340deea..b9290dd8bd 100644 --- a/go.sum +++ b/go.sum @@ -93,6 +93,7 @@ github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:W github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -102,6 +103,7 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= @@ -370,9 +372,13 @@ github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbS github.com/fsouza/go-dockerclient v1.9.7 h1:FlIrT71E62zwKgRvCvWGdxRD+a/pIy+miY/n3MXgfuw= github.com/fsouza/go-dockerclient v1.9.7/go.mod h1:vx9C32kE2D15yDSOMCDaAEIARZpDQDFBHeqL3MgQy/U= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= +github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= +github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= +github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -436,6 +442,13 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js= +github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-rod/rod v0.112.9 h1:uA/yLbB+t0UlqJcLJtK2pZrCNPzd15dOKRUEOnmnt9k= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= @@ -555,8 +568,8 @@ github.com/google/pprof v0.0.0-20230323073829-e72429f035bd/go.mod h1:79YE0hCXdHa github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/trillian v1.5.1 h1:2p1l13f0eWd7eOShwarwIxutYYnGzY/5S+xYewQIPkU= -github.com/google/trillian v1.5.1/go.mod h1:EcDttN8nf+EoAiyLigBAp9ebncZI6rhJPyxZ+dQ6HSo= +github.com/google/trillian v1.5.2 h1:roGP6G8aaAch7vP08+oitPkvmZzxjTfIkguozqJ04Ok= +github.com/google/trillian v1.5.2/go.mod h1:H8vOoa2dxd3xCdMzOOwt9kIz/3MSoJhcqLJGG8iRwbg= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -619,6 +632,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= +github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b h1:ZGiXF8sz7PDk6RgkP+A/SFfUD0ZR/AgG6SpRNEDKZy8= +github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b/go.mod h1:hQmNrgofl+IY/8L+n20H6E6PWBBTokdsv+q49j0QhsU= github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg= github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -670,6 +685,8 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= +github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 h1:unJdfS94Y3k85TKy+mvKzjW5R9rIC+Lv4KGbE7uNu0I= github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6/go.mod h1:PUgW5vI9ANEaV6qv9a6EKu8gAySgwf0xrzG9xIB/CK0= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= @@ -840,7 +857,7 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -876,19 +893,25 @@ github.com/rootless-containers/rootlesskit v1.1.1/go.mod h1:UD5GoA3dqKCJrnvnhVgQ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= +github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= +github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= +github.com/secure-systems-lab/go-securesystemslib v0.6.0 h1:T65atpAVCJQK14UA57LMdZGpHi4QYSH/9FZyNGqMYIA= +github.com/secure-systems-lab/go-securesystemslib v0.6.0/go.mod h1:8Mtpo9JKks/qhPG4HGZ2LGMvrPbzuxwfz/f/zLfEWkk= github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sigstore/fulcio v1.3.1 h1:0ntW9VbQbt2JytoSs8BOGB84A65eeyvGSavWteYp29Y= github.com/sigstore/fulcio v1.3.1/go.mod h1:/XfqazOec45ulJZpyL9sq+OsVQ8g2UOVoNVi7abFgqU= -github.com/sigstore/rekor v1.1.2-0.20230508234306-ad288b385a44 h1:03iBveStHVfP97eB54lMjkgrSMYWW7F7X9IlOI9N+A0= -github.com/sigstore/rekor v1.1.2-0.20230508234306-ad288b385a44/go.mod h1:4/htUXiP2z4KwvZOXTalCkh5C9I7msJbVWrdjWyD+fU= +github.com/sigstore/protobuf-specs v0.1.0 h1:X0l/E2C2c79t/rI/lmSu8WAoKWsQtMqDzAMiDdEMGr8= +github.com/sigstore/protobuf-specs v0.1.0/go.mod h1:5shUCxf82hGnjUEFVWiktcxwzdtn6EfeeJssxZ5Q5HE= +github.com/sigstore/rekor v1.2.0 h1:ahlnoEY3zo8Vc+eZLPobamw6YfBTAbI0lthzUQd6qe4= +github.com/sigstore/rekor v1.2.0/go.mod h1:zcFO54qIg2G1/i0sE/nvmELUOng/n0MPjTszRYByVPo= github.com/sigstore/sigstore v1.6.4 h1:jH4AzR7qlEH/EWzm+opSpxCfuUcjHL+LJPuQE7h40WE= github.com/sigstore/sigstore v1.6.4/go.mod h1:pjR64lBxnjoSrAr+Ydye/FV73IfrgtoYlAI11a8xMfA= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -944,6 +967,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/sylabs/sif/v2 v2.11.3 h1:EQxi5zl6i5DsbVal9HHpk/zuSx7aNLeZBy8vmvFz838= @@ -1048,9 +1072,15 @@ go.opentelemetry.io/otel/trace v1.15.0/go.mod h1:CUsmE2Ht1CRkvE8OsMESvraoZrrcgD1 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= +go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= +go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -1070,8 +1100,8 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= -golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= +golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1513,7 +1543,7 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= diff --git a/vendor/github.com/blang/semver/.travis.yml b/vendor/github.com/blang/semver/.travis.yml new file mode 100644 index 0000000000..102fb9a691 --- /dev/null +++ b/vendor/github.com/blang/semver/.travis.yml @@ -0,0 +1,21 @@ +language: go +matrix: + include: + - go: 1.4.3 + - go: 1.5.4 + - go: 1.6.3 + - go: 1.7 + - go: tip + allow_failures: + - go: tip +install: +- go get golang.org/x/tools/cmd/cover +- go get github.com/mattn/goveralls +script: +- echo "Test and track coverage" ; $HOME/gopath/bin/goveralls -package "." -service=travis-ci + -repotoken $COVERALLS_TOKEN +- echo "Build examples" ; cd examples && go build +- echo "Check if gofmt'd" ; diff -u <(echo -n) <(gofmt -d -s .) +env: + global: + secure: HroGEAUQpVq9zX1b1VIkraLiywhGbzvNnTZq2TMxgK7JHP8xqNplAeF1izrR2i4QLL9nsY+9WtYss4QuPvEtZcVHUobw6XnL6radF7jS1LgfYZ9Y7oF+zogZ2I5QUMRLGA7rcxQ05s7mKq3XZQfeqaNts4bms/eZRefWuaFZbkw= diff --git a/vendor/github.com/blang/semver/LICENSE b/vendor/github.com/blang/semver/LICENSE new file mode 100644 index 0000000000..5ba5c86fcb --- /dev/null +++ b/vendor/github.com/blang/semver/LICENSE @@ -0,0 +1,22 @@ +The MIT License + +Copyright (c) 2014 Benedikt Lang + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/vendor/github.com/blang/semver/README.md b/vendor/github.com/blang/semver/README.md new file mode 100644 index 0000000000..08b2e4a3d7 --- /dev/null +++ b/vendor/github.com/blang/semver/README.md @@ -0,0 +1,194 @@ +semver for golang [![Build Status](https://travis-ci.org/blang/semver.svg?branch=master)](https://travis-ci.org/blang/semver) [![GoDoc](https://godoc.org/github.com/blang/semver?status.png)](https://godoc.org/github.com/blang/semver) [![Coverage Status](https://img.shields.io/coveralls/blang/semver.svg)](https://coveralls.io/r/blang/semver?branch=master) +====== + +semver is a [Semantic Versioning](http://semver.org/) library written in golang. It fully covers spec version `2.0.0`. + +Usage +----- +```bash +$ go get github.com/blang/semver +``` +Note: Always vendor your dependencies or fix on a specific version tag. + +```go +import github.com/blang/semver +v1, err := semver.Make("1.0.0-beta") +v2, err := semver.Make("2.0.0-beta") +v1.Compare(v2) +``` + +Also check the [GoDocs](http://godoc.org/github.com/blang/semver). + +Why should I use this lib? +----- + +- Fully spec compatible +- No reflection +- No regex +- Fully tested (Coverage >99%) +- Readable parsing/validation errors +- Fast (See [Benchmarks](#benchmarks)) +- Only Stdlib +- Uses values instead of pointers +- Many features, see below + + +Features +----- + +- Parsing and validation at all levels +- Comparator-like comparisons +- Compare Helper Methods +- InPlace manipulation +- Ranges `>=1.0.0 <2.0.0 || >=3.0.0 !3.0.1-beta.1` +- Wildcards `>=1.x`, `<=2.5.x` +- Sortable (implements sort.Interface) +- database/sql compatible (sql.Scanner/Valuer) +- encoding/json compatible (json.Marshaler/Unmarshaler) + +Ranges +------ + +A `Range` is a set of conditions which specify which versions satisfy the range. + +A condition is composed of an operator and a version. The supported operators are: + +- `<1.0.0` Less than `1.0.0` +- `<=1.0.0` Less than or equal to `1.0.0` +- `>1.0.0` Greater than `1.0.0` +- `>=1.0.0` Greater than or equal to `1.0.0` +- `1.0.0`, `=1.0.0`, `==1.0.0` Equal to `1.0.0` +- `!1.0.0`, `!=1.0.0` Not equal to `1.0.0`. Excludes version `1.0.0`. + +Note that spaces between the operator and the version will be gracefully tolerated. + +A `Range` can link multiple `Ranges` separated by space: + +Ranges can be linked by logical AND: + + - `>1.0.0 <2.0.0` would match between both ranges, so `1.1.1` and `1.8.7` but not `1.0.0` or `2.0.0` + - `>1.0.0 <3.0.0 !2.0.3-beta.2` would match every version between `1.0.0` and `3.0.0` except `2.0.3-beta.2` + +Ranges can also be linked by logical OR: + + - `<2.0.0 || >=3.0.0` would match `1.x.x` and `3.x.x` but not `2.x.x` + +AND has a higher precedence than OR. It's not possible to use brackets. + +Ranges can be combined by both AND and OR + + - `>1.0.0 <2.0.0 || >3.0.0 !4.2.1` would match `1.2.3`, `1.9.9`, `3.1.1`, but not `4.2.1`, `2.1.1` + +Range usage: + +``` +v, err := semver.Parse("1.2.3") +range, err := semver.ParseRange(">1.0.0 <2.0.0 || >=3.0.0") +if range(v) { + //valid +} + +``` + +Example +----- + +Have a look at full examples in [examples/main.go](examples/main.go) + +```go +import github.com/blang/semver + +v, err := semver.Make("0.0.1-alpha.preview+123.github") +fmt.Printf("Major: %d\n", v.Major) +fmt.Printf("Minor: %d\n", v.Minor) +fmt.Printf("Patch: %d\n", v.Patch) +fmt.Printf("Pre: %s\n", v.Pre) +fmt.Printf("Build: %s\n", v.Build) + +// Prerelease versions array +if len(v.Pre) > 0 { + fmt.Println("Prerelease versions:") + for i, pre := range v.Pre { + fmt.Printf("%d: %q\n", i, pre) + } +} + +// Build meta data array +if len(v.Build) > 0 { + fmt.Println("Build meta data:") + for i, build := range v.Build { + fmt.Printf("%d: %q\n", i, build) + } +} + +v001, err := semver.Make("0.0.1") +// Compare using helpers: v.GT(v2), v.LT, v.GTE, v.LTE +v001.GT(v) == true +v.LT(v001) == true +v.GTE(v) == true +v.LTE(v) == true + +// Or use v.Compare(v2) for comparisons (-1, 0, 1): +v001.Compare(v) == 1 +v.Compare(v001) == -1 +v.Compare(v) == 0 + +// Manipulate Version in place: +v.Pre[0], err = semver.NewPRVersion("beta") +if err != nil { + fmt.Printf("Error parsing pre release version: %q", err) +} + +fmt.Println("\nValidate versions:") +v.Build[0] = "?" + +err = v.Validate() +if err != nil { + fmt.Printf("Validation failed: %s\n", err) +} +``` + + +Benchmarks +----- + + BenchmarkParseSimple-4 5000000 390 ns/op 48 B/op 1 allocs/op + BenchmarkParseComplex-4 1000000 1813 ns/op 256 B/op 7 allocs/op + BenchmarkParseAverage-4 1000000 1171 ns/op 163 B/op 4 allocs/op + BenchmarkStringSimple-4 20000000 119 ns/op 16 B/op 1 allocs/op + BenchmarkStringLarger-4 10000000 206 ns/op 32 B/op 2 allocs/op + BenchmarkStringComplex-4 5000000 324 ns/op 80 B/op 3 allocs/op + BenchmarkStringAverage-4 5000000 273 ns/op 53 B/op 2 allocs/op + BenchmarkValidateSimple-4 200000000 9.33 ns/op 0 B/op 0 allocs/op + BenchmarkValidateComplex-4 3000000 469 ns/op 0 B/op 0 allocs/op + BenchmarkValidateAverage-4 5000000 256 ns/op 0 B/op 0 allocs/op + BenchmarkCompareSimple-4 100000000 11.8 ns/op 0 B/op 0 allocs/op + BenchmarkCompareComplex-4 50000000 30.8 ns/op 0 B/op 0 allocs/op + BenchmarkCompareAverage-4 30000000 41.5 ns/op 0 B/op 0 allocs/op + BenchmarkSort-4 3000000 419 ns/op 256 B/op 2 allocs/op + BenchmarkRangeParseSimple-4 2000000 850 ns/op 192 B/op 5 allocs/op + BenchmarkRangeParseAverage-4 1000000 1677 ns/op 400 B/op 10 allocs/op + BenchmarkRangeParseComplex-4 300000 5214 ns/op 1440 B/op 30 allocs/op + BenchmarkRangeMatchSimple-4 50000000 25.6 ns/op 0 B/op 0 allocs/op + BenchmarkRangeMatchAverage-4 30000000 56.4 ns/op 0 B/op 0 allocs/op + BenchmarkRangeMatchComplex-4 10000000 153 ns/op 0 B/op 0 allocs/op + +See benchmark cases at [semver_test.go](semver_test.go) + + +Motivation +----- + +I simply couldn't find any lib supporting the full spec. Others were just wrong or used reflection and regex which i don't like. + + +Contribution +----- + +Feel free to make a pull request. For bigger changes create a issue first to discuss about it. + + +License +----- + +See [LICENSE](LICENSE) file. diff --git a/vendor/github.com/blang/semver/json.go b/vendor/github.com/blang/semver/json.go new file mode 100644 index 0000000000..a74bf7c449 --- /dev/null +++ b/vendor/github.com/blang/semver/json.go @@ -0,0 +1,23 @@ +package semver + +import ( + "encoding/json" +) + +// MarshalJSON implements the encoding/json.Marshaler interface. +func (v Version) MarshalJSON() ([]byte, error) { + return json.Marshal(v.String()) +} + +// UnmarshalJSON implements the encoding/json.Unmarshaler interface. +func (v *Version) UnmarshalJSON(data []byte) (err error) { + var versionString string + + if err = json.Unmarshal(data, &versionString); err != nil { + return + } + + *v, err = Parse(versionString) + + return +} diff --git a/vendor/github.com/blang/semver/package.json b/vendor/github.com/blang/semver/package.json new file mode 100644 index 0000000000..1cf8ebdd9c --- /dev/null +++ b/vendor/github.com/blang/semver/package.json @@ -0,0 +1,17 @@ +{ + "author": "blang", + "bugs": { + "URL": "https://github.com/blang/semver/issues", + "url": "https://github.com/blang/semver/issues" + }, + "gx": { + "dvcsimport": "github.com/blang/semver" + }, + "gxVersion": "0.10.0", + "language": "go", + "license": "MIT", + "name": "semver", + "releaseCmd": "git commit -a -m \"gx publish $VERSION\"", + "version": "3.5.1" +} + diff --git a/vendor/github.com/blang/semver/range.go b/vendor/github.com/blang/semver/range.go new file mode 100644 index 0000000000..fca406d479 --- /dev/null +++ b/vendor/github.com/blang/semver/range.go @@ -0,0 +1,416 @@ +package semver + +import ( + "fmt" + "strconv" + "strings" + "unicode" +) + +type wildcardType int + +const ( + noneWildcard wildcardType = iota + majorWildcard wildcardType = 1 + minorWildcard wildcardType = 2 + patchWildcard wildcardType = 3 +) + +func wildcardTypefromInt(i int) wildcardType { + switch i { + case 1: + return majorWildcard + case 2: + return minorWildcard + case 3: + return patchWildcard + default: + return noneWildcard + } +} + +type comparator func(Version, Version) bool + +var ( + compEQ comparator = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) == 0 + } + compNE = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) != 0 + } + compGT = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) == 1 + } + compGE = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) >= 0 + } + compLT = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) == -1 + } + compLE = func(v1 Version, v2 Version) bool { + return v1.Compare(v2) <= 0 + } +) + +type versionRange struct { + v Version + c comparator +} + +// rangeFunc creates a Range from the given versionRange. +func (vr *versionRange) rangeFunc() Range { + return Range(func(v Version) bool { + return vr.c(v, vr.v) + }) +} + +// Range represents a range of versions. +// A Range can be used to check if a Version satisfies it: +// +// range, err := semver.ParseRange(">1.0.0 <2.0.0") +// range(semver.MustParse("1.1.1") // returns true +type Range func(Version) bool + +// OR combines the existing Range with another Range using logical OR. +func (rf Range) OR(f Range) Range { + return Range(func(v Version) bool { + return rf(v) || f(v) + }) +} + +// AND combines the existing Range with another Range using logical AND. +func (rf Range) AND(f Range) Range { + return Range(func(v Version) bool { + return rf(v) && f(v) + }) +} + +// ParseRange parses a range and returns a Range. +// If the range could not be parsed an error is returned. +// +// Valid ranges are: +// - "<1.0.0" +// - "<=1.0.0" +// - ">1.0.0" +// - ">=1.0.0" +// - "1.0.0", "=1.0.0", "==1.0.0" +// - "!1.0.0", "!=1.0.0" +// +// A Range can consist of multiple ranges separated by space: +// Ranges can be linked by logical AND: +// - ">1.0.0 <2.0.0" would match between both ranges, so "1.1.1" and "1.8.7" but not "1.0.0" or "2.0.0" +// - ">1.0.0 <3.0.0 !2.0.3-beta.2" would match every version between 1.0.0 and 3.0.0 except 2.0.3-beta.2 +// +// Ranges can also be linked by logical OR: +// - "<2.0.0 || >=3.0.0" would match "1.x.x" and "3.x.x" but not "2.x.x" +// +// AND has a higher precedence than OR. It's not possible to use brackets. +// +// Ranges can be combined by both AND and OR +// +// - `>1.0.0 <2.0.0 || >3.0.0 !4.2.1` would match `1.2.3`, `1.9.9`, `3.1.1`, but not `4.2.1`, `2.1.1` +func ParseRange(s string) (Range, error) { + parts := splitAndTrim(s) + orParts, err := splitORParts(parts) + if err != nil { + return nil, err + } + expandedParts, err := expandWildcardVersion(orParts) + if err != nil { + return nil, err + } + var orFn Range + for _, p := range expandedParts { + var andFn Range + for _, ap := range p { + opStr, vStr, err := splitComparatorVersion(ap) + if err != nil { + return nil, err + } + vr, err := buildVersionRange(opStr, vStr) + if err != nil { + return nil, fmt.Errorf("Could not parse Range %q: %s", ap, err) + } + rf := vr.rangeFunc() + + // Set function + if andFn == nil { + andFn = rf + } else { // Combine with existing function + andFn = andFn.AND(rf) + } + } + if orFn == nil { + orFn = andFn + } else { + orFn = orFn.OR(andFn) + } + + } + return orFn, nil +} + +// splitORParts splits the already cleaned parts by '||'. +// Checks for invalid positions of the operator and returns an +// error if found. +func splitORParts(parts []string) ([][]string, error) { + var ORparts [][]string + last := 0 + for i, p := range parts { + if p == "||" { + if i == 0 { + return nil, fmt.Errorf("First element in range is '||'") + } + ORparts = append(ORparts, parts[last:i]) + last = i + 1 + } + } + if last == len(parts) { + return nil, fmt.Errorf("Last element in range is '||'") + } + ORparts = append(ORparts, parts[last:]) + return ORparts, nil +} + +// buildVersionRange takes a slice of 2: operator and version +// and builds a versionRange, otherwise an error. +func buildVersionRange(opStr, vStr string) (*versionRange, error) { + c := parseComparator(opStr) + if c == nil { + return nil, fmt.Errorf("Could not parse comparator %q in %q", opStr, strings.Join([]string{opStr, vStr}, "")) + } + v, err := Parse(vStr) + if err != nil { + return nil, fmt.Errorf("Could not parse version %q in %q: %s", vStr, strings.Join([]string{opStr, vStr}, ""), err) + } + + return &versionRange{ + v: v, + c: c, + }, nil + +} + +// inArray checks if a byte is contained in an array of bytes +func inArray(s byte, list []byte) bool { + for _, el := range list { + if el == s { + return true + } + } + return false +} + +// splitAndTrim splits a range string by spaces and cleans whitespaces +func splitAndTrim(s string) (result []string) { + last := 0 + var lastChar byte + excludeFromSplit := []byte{'>', '<', '='} + for i := 0; i < len(s); i++ { + if s[i] == ' ' && !inArray(lastChar, excludeFromSplit) { + if last < i-1 { + result = append(result, s[last:i]) + } + last = i + 1 + } else if s[i] != ' ' { + lastChar = s[i] + } + } + if last < len(s)-1 { + result = append(result, s[last:]) + } + + for i, v := range result { + result[i] = strings.Replace(v, " ", "", -1) + } + + // parts := strings.Split(s, " ") + // for _, x := range parts { + // if s := strings.TrimSpace(x); len(s) != 0 { + // result = append(result, s) + // } + // } + return +} + +// splitComparatorVersion splits the comparator from the version. +// Input must be free of leading or trailing spaces. +func splitComparatorVersion(s string) (string, string, error) { + i := strings.IndexFunc(s, unicode.IsDigit) + if i == -1 { + return "", "", fmt.Errorf("Could not get version from string: %q", s) + } + return strings.TrimSpace(s[0:i]), s[i:], nil +} + +// getWildcardType will return the type of wildcard that the +// passed version contains +func getWildcardType(vStr string) wildcardType { + parts := strings.Split(vStr, ".") + nparts := len(parts) + wildcard := parts[nparts-1] + + possibleWildcardType := wildcardTypefromInt(nparts) + if wildcard == "x" { + return possibleWildcardType + } + + return noneWildcard +} + +// createVersionFromWildcard will convert a wildcard version +// into a regular version, replacing 'x's with '0's, handling +// special cases like '1.x.x' and '1.x' +func createVersionFromWildcard(vStr string) string { + // handle 1.x.x + vStr2 := strings.Replace(vStr, ".x.x", ".x", 1) + vStr2 = strings.Replace(vStr2, ".x", ".0", 1) + parts := strings.Split(vStr2, ".") + + // handle 1.x + if len(parts) == 2 { + return vStr2 + ".0" + } + + return vStr2 +} + +// incrementMajorVersion will increment the major version +// of the passed version +func incrementMajorVersion(vStr string) (string, error) { + parts := strings.Split(vStr, ".") + i, err := strconv.Atoi(parts[0]) + if err != nil { + return "", err + } + parts[0] = strconv.Itoa(i + 1) + + return strings.Join(parts, "."), nil +} + +// incrementMajorVersion will increment the minor version +// of the passed version +func incrementMinorVersion(vStr string) (string, error) { + parts := strings.Split(vStr, ".") + i, err := strconv.Atoi(parts[1]) + if err != nil { + return "", err + } + parts[1] = strconv.Itoa(i + 1) + + return strings.Join(parts, "."), nil +} + +// expandWildcardVersion will expand wildcards inside versions +// following these rules: +// +// * when dealing with patch wildcards: +// >= 1.2.x will become >= 1.2.0 +// <= 1.2.x will become < 1.3.0 +// > 1.2.x will become >= 1.3.0 +// < 1.2.x will become < 1.2.0 +// != 1.2.x will become < 1.2.0 >= 1.3.0 +// +// * when dealing with minor wildcards: +// >= 1.x will become >= 1.0.0 +// <= 1.x will become < 2.0.0 +// > 1.x will become >= 2.0.0 +// < 1.0 will become < 1.0.0 +// != 1.x will become < 1.0.0 >= 2.0.0 +// +// * when dealing with wildcards without +// version operator: +// 1.2.x will become >= 1.2.0 < 1.3.0 +// 1.x will become >= 1.0.0 < 2.0.0 +func expandWildcardVersion(parts [][]string) ([][]string, error) { + var expandedParts [][]string + for _, p := range parts { + var newParts []string + for _, ap := range p { + if strings.Index(ap, "x") != -1 { + opStr, vStr, err := splitComparatorVersion(ap) + if err != nil { + return nil, err + } + + versionWildcardType := getWildcardType(vStr) + flatVersion := createVersionFromWildcard(vStr) + + var resultOperator string + var shouldIncrementVersion bool + switch opStr { + case ">": + resultOperator = ">=" + shouldIncrementVersion = true + case ">=": + resultOperator = ">=" + case "<": + resultOperator = "<" + case "<=": + resultOperator = "<" + shouldIncrementVersion = true + case "", "=", "==": + newParts = append(newParts, ">="+flatVersion) + resultOperator = "<" + shouldIncrementVersion = true + case "!=", "!": + newParts = append(newParts, "<"+flatVersion) + resultOperator = ">=" + shouldIncrementVersion = true + } + + var resultVersion string + if shouldIncrementVersion { + switch versionWildcardType { + case patchWildcard: + resultVersion, _ = incrementMinorVersion(flatVersion) + case minorWildcard: + resultVersion, _ = incrementMajorVersion(flatVersion) + } + } else { + resultVersion = flatVersion + } + + ap = resultOperator + resultVersion + } + newParts = append(newParts, ap) + } + expandedParts = append(expandedParts, newParts) + } + + return expandedParts, nil +} + +func parseComparator(s string) comparator { + switch s { + case "==": + fallthrough + case "": + fallthrough + case "=": + return compEQ + case ">": + return compGT + case ">=": + return compGE + case "<": + return compLT + case "<=": + return compLE + case "!": + fallthrough + case "!=": + return compNE + } + + return nil +} + +// MustParseRange is like ParseRange but panics if the range cannot be parsed. +func MustParseRange(s string) Range { + r, err := ParseRange(s) + if err != nil { + panic(`semver: ParseRange(` + s + `): ` + err.Error()) + } + return r +} diff --git a/vendor/github.com/blang/semver/semver.go b/vendor/github.com/blang/semver/semver.go new file mode 100644 index 0000000000..8ee0842e6a --- /dev/null +++ b/vendor/github.com/blang/semver/semver.go @@ -0,0 +1,418 @@ +package semver + +import ( + "errors" + "fmt" + "strconv" + "strings" +) + +const ( + numbers string = "0123456789" + alphas = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-" + alphanum = alphas + numbers +) + +// SpecVersion is the latest fully supported spec version of semver +var SpecVersion = Version{ + Major: 2, + Minor: 0, + Patch: 0, +} + +// Version represents a semver compatible version +type Version struct { + Major uint64 + Minor uint64 + Patch uint64 + Pre []PRVersion + Build []string //No Precendence +} + +// Version to string +func (v Version) String() string { + b := make([]byte, 0, 5) + b = strconv.AppendUint(b, v.Major, 10) + b = append(b, '.') + b = strconv.AppendUint(b, v.Minor, 10) + b = append(b, '.') + b = strconv.AppendUint(b, v.Patch, 10) + + if len(v.Pre) > 0 { + b = append(b, '-') + b = append(b, v.Pre[0].String()...) + + for _, pre := range v.Pre[1:] { + b = append(b, '.') + b = append(b, pre.String()...) + } + } + + if len(v.Build) > 0 { + b = append(b, '+') + b = append(b, v.Build[0]...) + + for _, build := range v.Build[1:] { + b = append(b, '.') + b = append(b, build...) + } + } + + return string(b) +} + +// Equals checks if v is equal to o. +func (v Version) Equals(o Version) bool { + return (v.Compare(o) == 0) +} + +// EQ checks if v is equal to o. +func (v Version) EQ(o Version) bool { + return (v.Compare(o) == 0) +} + +// NE checks if v is not equal to o. +func (v Version) NE(o Version) bool { + return (v.Compare(o) != 0) +} + +// GT checks if v is greater than o. +func (v Version) GT(o Version) bool { + return (v.Compare(o) == 1) +} + +// GTE checks if v is greater than or equal to o. +func (v Version) GTE(o Version) bool { + return (v.Compare(o) >= 0) +} + +// GE checks if v is greater than or equal to o. +func (v Version) GE(o Version) bool { + return (v.Compare(o) >= 0) +} + +// LT checks if v is less than o. +func (v Version) LT(o Version) bool { + return (v.Compare(o) == -1) +} + +// LTE checks if v is less than or equal to o. +func (v Version) LTE(o Version) bool { + return (v.Compare(o) <= 0) +} + +// LE checks if v is less than or equal to o. +func (v Version) LE(o Version) bool { + return (v.Compare(o) <= 0) +} + +// Compare compares Versions v to o: +// -1 == v is less than o +// 0 == v is equal to o +// 1 == v is greater than o +func (v Version) Compare(o Version) int { + if v.Major != o.Major { + if v.Major > o.Major { + return 1 + } + return -1 + } + if v.Minor != o.Minor { + if v.Minor > o.Minor { + return 1 + } + return -1 + } + if v.Patch != o.Patch { + if v.Patch > o.Patch { + return 1 + } + return -1 + } + + // Quick comparison if a version has no prerelease versions + if len(v.Pre) == 0 && len(o.Pre) == 0 { + return 0 + } else if len(v.Pre) == 0 && len(o.Pre) > 0 { + return 1 + } else if len(v.Pre) > 0 && len(o.Pre) == 0 { + return -1 + } + + i := 0 + for ; i < len(v.Pre) && i < len(o.Pre); i++ { + if comp := v.Pre[i].Compare(o.Pre[i]); comp == 0 { + continue + } else if comp == 1 { + return 1 + } else { + return -1 + } + } + + // If all pr versions are the equal but one has further prversion, this one greater + if i == len(v.Pre) && i == len(o.Pre) { + return 0 + } else if i == len(v.Pre) && i < len(o.Pre) { + return -1 + } else { + return 1 + } + +} + +// Validate validates v and returns error in case +func (v Version) Validate() error { + // Major, Minor, Patch already validated using uint64 + + for _, pre := range v.Pre { + if !pre.IsNum { //Numeric prerelease versions already uint64 + if len(pre.VersionStr) == 0 { + return fmt.Errorf("Prerelease can not be empty %q", pre.VersionStr) + } + if !containsOnly(pre.VersionStr, alphanum) { + return fmt.Errorf("Invalid character(s) found in prerelease %q", pre.VersionStr) + } + } + } + + for _, build := range v.Build { + if len(build) == 0 { + return fmt.Errorf("Build meta data can not be empty %q", build) + } + if !containsOnly(build, alphanum) { + return fmt.Errorf("Invalid character(s) found in build meta data %q", build) + } + } + + return nil +} + +// New is an alias for Parse and returns a pointer, parses version string and returns a validated Version or error +func New(s string) (vp *Version, err error) { + v, err := Parse(s) + vp = &v + return +} + +// Make is an alias for Parse, parses version string and returns a validated Version or error +func Make(s string) (Version, error) { + return Parse(s) +} + +// ParseTolerant allows for certain version specifications that do not strictly adhere to semver +// specs to be parsed by this library. It does so by normalizing versions before passing them to +// Parse(). It currently trims spaces, removes a "v" prefix, and adds a 0 patch number to versions +// with only major and minor components specified +func ParseTolerant(s string) (Version, error) { + s = strings.TrimSpace(s) + s = strings.TrimPrefix(s, "v") + + // Split into major.minor.(patch+pr+meta) + parts := strings.SplitN(s, ".", 3) + if len(parts) < 3 { + if strings.ContainsAny(parts[len(parts)-1], "+-") { + return Version{}, errors.New("Short version cannot contain PreRelease/Build meta data") + } + for len(parts) < 3 { + parts = append(parts, "0") + } + s = strings.Join(parts, ".") + } + + return Parse(s) +} + +// Parse parses version string and returns a validated Version or error +func Parse(s string) (Version, error) { + if len(s) == 0 { + return Version{}, errors.New("Version string empty") + } + + // Split into major.minor.(patch+pr+meta) + parts := strings.SplitN(s, ".", 3) + if len(parts) != 3 { + return Version{}, errors.New("No Major.Minor.Patch elements found") + } + + // Major + if !containsOnly(parts[0], numbers) { + return Version{}, fmt.Errorf("Invalid character(s) found in major number %q", parts[0]) + } + if hasLeadingZeroes(parts[0]) { + return Version{}, fmt.Errorf("Major number must not contain leading zeroes %q", parts[0]) + } + major, err := strconv.ParseUint(parts[0], 10, 64) + if err != nil { + return Version{}, err + } + + // Minor + if !containsOnly(parts[1], numbers) { + return Version{}, fmt.Errorf("Invalid character(s) found in minor number %q", parts[1]) + } + if hasLeadingZeroes(parts[1]) { + return Version{}, fmt.Errorf("Minor number must not contain leading zeroes %q", parts[1]) + } + minor, err := strconv.ParseUint(parts[1], 10, 64) + if err != nil { + return Version{}, err + } + + v := Version{} + v.Major = major + v.Minor = minor + + var build, prerelease []string + patchStr := parts[2] + + if buildIndex := strings.IndexRune(patchStr, '+'); buildIndex != -1 { + build = strings.Split(patchStr[buildIndex+1:], ".") + patchStr = patchStr[:buildIndex] + } + + if preIndex := strings.IndexRune(patchStr, '-'); preIndex != -1 { + prerelease = strings.Split(patchStr[preIndex+1:], ".") + patchStr = patchStr[:preIndex] + } + + if !containsOnly(patchStr, numbers) { + return Version{}, fmt.Errorf("Invalid character(s) found in patch number %q", patchStr) + } + if hasLeadingZeroes(patchStr) { + return Version{}, fmt.Errorf("Patch number must not contain leading zeroes %q", patchStr) + } + patch, err := strconv.ParseUint(patchStr, 10, 64) + if err != nil { + return Version{}, err + } + + v.Patch = patch + + // Prerelease + for _, prstr := range prerelease { + parsedPR, err := NewPRVersion(prstr) + if err != nil { + return Version{}, err + } + v.Pre = append(v.Pre, parsedPR) + } + + // Build meta data + for _, str := range build { + if len(str) == 0 { + return Version{}, errors.New("Build meta data is empty") + } + if !containsOnly(str, alphanum) { + return Version{}, fmt.Errorf("Invalid character(s) found in build meta data %q", str) + } + v.Build = append(v.Build, str) + } + + return v, nil +} + +// MustParse is like Parse but panics if the version cannot be parsed. +func MustParse(s string) Version { + v, err := Parse(s) + if err != nil { + panic(`semver: Parse(` + s + `): ` + err.Error()) + } + return v +} + +// PRVersion represents a PreRelease Version +type PRVersion struct { + VersionStr string + VersionNum uint64 + IsNum bool +} + +// NewPRVersion creates a new valid prerelease version +func NewPRVersion(s string) (PRVersion, error) { + if len(s) == 0 { + return PRVersion{}, errors.New("Prerelease is empty") + } + v := PRVersion{} + if containsOnly(s, numbers) { + if hasLeadingZeroes(s) { + return PRVersion{}, fmt.Errorf("Numeric PreRelease version must not contain leading zeroes %q", s) + } + num, err := strconv.ParseUint(s, 10, 64) + + // Might never be hit, but just in case + if err != nil { + return PRVersion{}, err + } + v.VersionNum = num + v.IsNum = true + } else if containsOnly(s, alphanum) { + v.VersionStr = s + v.IsNum = false + } else { + return PRVersion{}, fmt.Errorf("Invalid character(s) found in prerelease %q", s) + } + return v, nil +} + +// IsNumeric checks if prerelease-version is numeric +func (v PRVersion) IsNumeric() bool { + return v.IsNum +} + +// Compare compares two PreRelease Versions v and o: +// -1 == v is less than o +// 0 == v is equal to o +// 1 == v is greater than o +func (v PRVersion) Compare(o PRVersion) int { + if v.IsNum && !o.IsNum { + return -1 + } else if !v.IsNum && o.IsNum { + return 1 + } else if v.IsNum && o.IsNum { + if v.VersionNum == o.VersionNum { + return 0 + } else if v.VersionNum > o.VersionNum { + return 1 + } else { + return -1 + } + } else { // both are Alphas + if v.VersionStr == o.VersionStr { + return 0 + } else if v.VersionStr > o.VersionStr { + return 1 + } else { + return -1 + } + } +} + +// PreRelease version to string +func (v PRVersion) String() string { + if v.IsNum { + return strconv.FormatUint(v.VersionNum, 10) + } + return v.VersionStr +} + +func containsOnly(s string, set string) bool { + return strings.IndexFunc(s, func(r rune) bool { + return !strings.ContainsRune(set, r) + }) == -1 +} + +func hasLeadingZeroes(s string) bool { + return len(s) > 1 && s[0] == '0' +} + +// NewBuildVersion creates a new valid build version +func NewBuildVersion(s string) (string, error) { + if len(s) == 0 { + return "", errors.New("Buildversion is empty") + } + if !containsOnly(s, alphanum) { + return "", fmt.Errorf("Invalid character(s) found in build meta data %q", s) + } + return s, nil +} diff --git a/vendor/github.com/blang/semver/sort.go b/vendor/github.com/blang/semver/sort.go new file mode 100644 index 0000000000..e18f880826 --- /dev/null +++ b/vendor/github.com/blang/semver/sort.go @@ -0,0 +1,28 @@ +package semver + +import ( + "sort" +) + +// Versions represents multiple versions. +type Versions []Version + +// Len returns length of version collection +func (s Versions) Len() int { + return len(s) +} + +// Swap swaps two versions inside the collection by its indices +func (s Versions) Swap(i, j int) { + s[i], s[j] = s[j], s[i] +} + +// Less checks if version at index i is less than version at index j +func (s Versions) Less(i, j int) bool { + return s[i].LT(s[j]) +} + +// Sort sorts a slice of versions +func Sort(versions []Version) { + sort.Sort(Versions(versions)) +} diff --git a/vendor/github.com/blang/semver/sql.go b/vendor/github.com/blang/semver/sql.go new file mode 100644 index 0000000000..eb4d802666 --- /dev/null +++ b/vendor/github.com/blang/semver/sql.go @@ -0,0 +1,30 @@ +package semver + +import ( + "database/sql/driver" + "fmt" +) + +// Scan implements the database/sql.Scanner interface. +func (v *Version) Scan(src interface{}) (err error) { + var str string + switch src := src.(type) { + case string: + str = src + case []byte: + str = string(src) + default: + return fmt.Errorf("Version.Scan: cannot convert %T to string.", src) + } + + if t, err := Parse(str); err == nil { + *v = t + } + + return +} + +// Value implements the database/sql/driver.Valuer interface. +func (v Version) Value() (driver.Value, error) { + return v.String(), nil +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/.gitattributes b/vendor/github.com/gabriel-vasile/mimetype/.gitattributes new file mode 100644 index 0000000000..0cc26ec01c --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/.gitattributes @@ -0,0 +1 @@ +testdata/* linguist-vendored diff --git a/vendor/github.com/gabriel-vasile/mimetype/CODE_OF_CONDUCT.md b/vendor/github.com/gabriel-vasile/mimetype/CODE_OF_CONDUCT.md new file mode 100644 index 0000000000..8479cd87d6 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at vasile.gabriel@email.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/vendor/github.com/gabriel-vasile/mimetype/CONTRIBUTING.md b/vendor/github.com/gabriel-vasile/mimetype/CONTRIBUTING.md new file mode 100644 index 0000000000..56ae4e57c6 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/CONTRIBUTING.md @@ -0,0 +1,12 @@ +## Contribute +Contributions to **mimetype** are welcome. If you find an issue and you consider +contributing, you can use the [Github issues tracker](https://github.com/gabriel-vasile/mimetype/issues) +in order to report it, or better yet, open a pull request. + +Code contributions must respect these rules: + - code must be test covered + - code must be formatted using gofmt tool + - exported names must be documented + +**Important**: By submitting a pull request, you agree to allow the project +owner to license your work under the same license as that used by the project. diff --git a/vendor/github.com/gabriel-vasile/mimetype/LICENSE b/vendor/github.com/gabriel-vasile/mimetype/LICENSE new file mode 100644 index 0000000000..6aac070c78 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018-2020 Gabriel Vasile + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/gabriel-vasile/mimetype/README.md b/vendor/github.com/gabriel-vasile/mimetype/README.md new file mode 100644 index 0000000000..d310928dea --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/README.md @@ -0,0 +1,108 @@ +

+ mimetype +

+ +

+ A package for detecting MIME types and extensions based on magic numbers +

+
+ Goroutine safe, extensible, no C bindings +
+ +

+ + Build Status + + + Go Reference + + + Go report card + + + Code coverage + + + License + +

+ +## Features +- fast and precise MIME type and file extension detection +- long list of [supported MIME types](supported_mimes.md) +- possibility to [extend](https://pkg.go.dev/github.com/gabriel-vasile/mimetype#example-package-Extend) with other file formats +- common file formats are prioritized +- [text vs. binary files differentiation](https://pkg.go.dev/github.com/gabriel-vasile/mimetype#example-package-TextVsBinary) +- safe for concurrent usage + +## Install +```bash +go get github.com/gabriel-vasile/mimetype +``` + +## Usage +```go +mtype := mimetype.Detect([]byte) +// OR +mtype, err := mimetype.DetectReader(io.Reader) +// OR +mtype, err := mimetype.DetectFile("/path/to/file") +fmt.Println(mtype.String(), mtype.Extension()) +``` +See the [runnable Go Playground examples](https://pkg.go.dev/github.com/gabriel-vasile/mimetype#pkg-overview). + +## Usage' +Only use libraries like **mimetype** as a last resort. Content type detection +using magic numbers is slow, inaccurate, and non-standard. Most of the times +protocols have methods for specifying such metadata; e.g., `Content-Type` header +in HTTP and SMTP. + +## FAQ +Q: My file is in the list of [supported MIME types](supported_mimes.md) but +it is not correctly detected. What should I do? + +A: Some file formats (often Microsoft Office documents) keep their signatures +towards the end of the file. Try increasing the number of bytes used for detection +with: +```go +mimetype.SetLimit(1024*1024) // Set limit to 1MB. +// or +mimetype.SetLimit(0) // No limit, whole file content used. +mimetype.DetectFile("file.doc") +``` +If increasing the limit does not help, please +[open an issue](https://github.com/gabriel-vasile/mimetype/issues/new?assignees=&labels=&template=mismatched-mime-type-detected.md&title=). + +## Structure +**mimetype** uses a hierarchical structure to keep the MIME type detection logic. +This reduces the number of calls needed for detecting the file type. The reason +behind this choice is that there are file formats used as containers for other +file formats. For example, Microsoft Office files are just zip archives, +containing specific metadata files. Once a file has been identified as a +zip, there is no need to check if it is a text file, but it is worth checking if +it is an Microsoft Office file. + +To prevent loading entire files into memory, when detecting from a +[reader](https://pkg.go.dev/github.com/gabriel-vasile/mimetype#DetectReader) +or from a [file](https://pkg.go.dev/github.com/gabriel-vasile/mimetype#DetectFile) +**mimetype** limits itself to reading only the header of the input. +
+ structure +
+ +## Performance +Thanks to the hierarchical structure, searching for common formats first, +and limiting itself to file headers, **mimetype** matches the performance of +stdlib `http.DetectContentType` while outperforming the alternative package. + +```bash + mimetype http.DetectContentType filetype +BenchmarkMatchTar-24 250 ns/op 400 ns/op 3778 ns/op +BenchmarkMatchZip-24 524 ns/op 351 ns/op 4884 ns/op +BenchmarkMatchJpeg-24 103 ns/op 228 ns/op 839 ns/op +BenchmarkMatchGif-24 139 ns/op 202 ns/op 751 ns/op +BenchmarkMatchPng-24 165 ns/op 221 ns/op 1176 ns/op +``` + +## Contributing +See [CONTRIBUTING.md](CONTRIBUTING.md). diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/charset/charset.go b/vendor/github.com/gabriel-vasile/mimetype/internal/charset/charset.go new file mode 100644 index 0000000000..0647f730e5 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/charset/charset.go @@ -0,0 +1,309 @@ +package charset + +import ( + "bytes" + "encoding/xml" + "strings" + "unicode/utf8" + + "golang.org/x/net/html" +) + +const ( + F = 0 /* character never appears in text */ + T = 1 /* character appears in plain ASCII text */ + I = 2 /* character appears in ISO-8859 text */ + X = 3 /* character appears in non-ISO extended ASCII (Mac, IBM PC) */ +) + +var ( + boms = []struct { + bom []byte + enc string + }{ + {[]byte{0xEF, 0xBB, 0xBF}, "utf-8"}, + {[]byte{0x00, 0x00, 0xFE, 0xFF}, "utf-32be"}, + {[]byte{0xFF, 0xFE, 0x00, 0x00}, "utf-32le"}, + {[]byte{0xFE, 0xFF}, "utf-16be"}, + {[]byte{0xFF, 0xFE}, "utf-16le"}, + } + + // https://github.com/file/file/blob/fa93fb9f7d21935f1c7644c47d2975d31f12b812/src/encoding.c#L241 + textChars = [256]byte{ + /* BEL BS HT LF VT FF CR */ + F, F, F, F, F, F, F, T, T, T, T, T, T, T, F, F, /* 0x0X */ + /* ESC */ + F, F, F, F, F, F, F, F, F, F, F, T, F, F, F, F, /* 0x1X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x2X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x3X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x4X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x5X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x6X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, F, /* 0x7X */ + /* NEL */ + X, X, X, X, X, T, X, X, X, X, X, X, X, X, X, X, /* 0x8X */ + X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, /* 0x9X */ + I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, /* 0xaX */ + I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, /* 0xbX */ + I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, /* 0xcX */ + I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, /* 0xdX */ + I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, /* 0xeX */ + I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, I, /* 0xfX */ + } +) + +// FromBOM returns the charset declared in the BOM of content. +func FromBOM(content []byte) string { + for _, b := range boms { + if bytes.HasPrefix(content, b.bom) { + return b.enc + } + } + return "" +} + +// FromPlain returns the charset of a plain text. It relies on BOM presence +// and it falls back on checking each byte in content. +func FromPlain(content []byte) string { + if len(content) == 0 { + return "" + } + if cset := FromBOM(content); cset != "" { + return cset + } + origContent := content + // Try to detect UTF-8. + // First eliminate any partial rune at the end. + for i := len(content) - 1; i >= 0 && i > len(content)-4; i-- { + b := content[i] + if b < 0x80 { + break + } + if utf8.RuneStart(b) { + content = content[:i] + break + } + } + hasHighBit := false + for _, c := range content { + if c >= 0x80 { + hasHighBit = true + break + } + } + if hasHighBit && utf8.Valid(content) { + return "utf-8" + } + + // ASCII is a subset of UTF8. Follow W3C recommendation and replace with UTF8. + if ascii(origContent) { + return "utf-8" + } + + return latin(origContent) +} + +func latin(content []byte) string { + hasControlBytes := false + for _, b := range content { + t := textChars[b] + if t != T && t != I { + return "" + } + if b >= 0x80 && b <= 0x9F { + hasControlBytes = true + } + } + // Code range 0x80 to 0x9F is reserved for control characters in ISO-8859-1 + // (so-called C1 Controls). Windows 1252, however, has printable punctuation + // characters in this range. + if hasControlBytes { + return "windows-1252" + } + return "iso-8859-1" +} + +func ascii(content []byte) bool { + for _, b := range content { + if textChars[b] != T { + return false + } + } + return true +} + +// FromXML returns the charset of an XML document. It relies on the XML +// header and falls back on the plain +// text content. +func FromXML(content []byte) string { + if cset := fromXML(content); cset != "" { + return cset + } + return FromPlain(content) +} +func fromXML(content []byte) string { + content = trimLWS(content) + dec := xml.NewDecoder(bytes.NewReader(content)) + rawT, err := dec.RawToken() + if err != nil { + return "" + } + + t, ok := rawT.(xml.ProcInst) + if !ok { + return "" + } + + return strings.ToLower(xmlEncoding(string(t.Inst))) +} + +// FromHTML returns the charset of an HTML document. It first looks if a BOM is +// present and if so uses it to determine the charset. If no BOM is present, +// it relies on the meta tag and falls back on the +// plain text content. +func FromHTML(content []byte) string { + if cset := FromBOM(content); cset != "" { + return cset + } + if cset := fromHTML(content); cset != "" { + return cset + } + return FromPlain(content) +} + +func fromHTML(content []byte) string { + z := html.NewTokenizer(bytes.NewReader(content)) + for { + switch z.Next() { + case html.ErrorToken: + return "" + + case html.StartTagToken, html.SelfClosingTagToken: + tagName, hasAttr := z.TagName() + if !bytes.Equal(tagName, []byte("meta")) { + continue + } + attrList := make(map[string]bool) + gotPragma := false + + const ( + dontKnow = iota + doNeedPragma + doNotNeedPragma + ) + needPragma := dontKnow + + name := "" + for hasAttr { + var key, val []byte + key, val, hasAttr = z.TagAttr() + ks := string(key) + if attrList[ks] { + continue + } + attrList[ks] = true + for i, c := range val { + if 'A' <= c && c <= 'Z' { + val[i] = c + 0x20 + } + } + + switch ks { + case "http-equiv": + if bytes.Equal(val, []byte("content-type")) { + gotPragma = true + } + + case "content": + name = fromMetaElement(string(val)) + if name != "" { + needPragma = doNeedPragma + } + + case "charset": + name = string(val) + needPragma = doNotNeedPragma + } + } + + if needPragma == dontKnow || needPragma == doNeedPragma && !gotPragma { + continue + } + + if strings.HasPrefix(name, "utf-16") { + name = "utf-8" + } + + return name + } + } +} + +func fromMetaElement(s string) string { + for s != "" { + csLoc := strings.Index(s, "charset") + if csLoc == -1 { + return "" + } + s = s[csLoc+len("charset"):] + s = strings.TrimLeft(s, " \t\n\f\r") + if !strings.HasPrefix(s, "=") { + continue + } + s = s[1:] + s = strings.TrimLeft(s, " \t\n\f\r") + if s == "" { + return "" + } + if q := s[0]; q == '"' || q == '\'' { + s = s[1:] + closeQuote := strings.IndexRune(s, rune(q)) + if closeQuote == -1 { + return "" + } + return s[:closeQuote] + } + + end := strings.IndexAny(s, "; \t\n\f\r") + if end == -1 { + end = len(s) + } + return s[:end] + } + return "" +} + +func xmlEncoding(s string) string { + param := "encoding=" + idx := strings.Index(s, param) + if idx == -1 { + return "" + } + v := s[idx+len(param):] + if v == "" { + return "" + } + if v[0] != '\'' && v[0] != '"' { + return "" + } + idx = strings.IndexRune(v[1:], rune(v[0])) + if idx == -1 { + return "" + } + return v[1 : idx+1] +} + +// trimLWS trims whitespace from beginning of the input. +// TODO: find a way to call trimLWS once per detection instead of once in each +// detector which needs the trimmed input. +func trimLWS(in []byte) []byte { + firstNonWS := 0 + for ; firstNonWS < len(in) && isWS(in[firstNonWS]); firstNonWS++ { + } + + return in[firstNonWS:] +} + +func isWS(b byte) bool { + return b == '\t' || b == '\n' || b == '\x0c' || b == '\r' || b == ' ' +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/json/json.go b/vendor/github.com/gabriel-vasile/mimetype/internal/json/json.go new file mode 100644 index 0000000000..ee39349aef --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/json/json.go @@ -0,0 +1,544 @@ +// Copyright (c) 2009 The Go Authors. All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Package json provides a JSON value parser state machine. +// This package is almost entirely copied from the Go stdlib. +// Changes made to it permit users of the package to tell +// if some slice of bytes is a valid beginning of a json string. +package json + +import ( + "fmt" +) + +type ( + scanStatus int +) + +const ( + parseObjectKey = iota // parsing object key (before colon) + parseObjectValue // parsing object value (after colon) + parseArrayValue // parsing array value + + scanContinue scanStatus = iota // uninteresting byte + scanBeginLiteral // end implied by next result != scanContinue + scanBeginObject // begin object + scanObjectKey // just finished object key (string) + scanObjectValue // just finished non-last object value + scanEndObject // end object (implies scanObjectValue if possible) + scanBeginArray // begin array + scanArrayValue // just finished array value + scanEndArray // end array (implies scanArrayValue if possible) + scanSkipSpace // space byte; can skip; known to be last "continue" result + scanEnd // top-level value ended *before* this byte; known to be first "stop" result + scanError // hit an error, scanner.err. + + // This limits the max nesting depth to prevent stack overflow. + // This is permitted by https://tools.ietf.org/html/rfc7159#section-9 + maxNestingDepth = 10000 +) + +type ( + scanner struct { + step func(*scanner, byte) scanStatus + parseState []int + endTop bool + err error + index int + } +) + +// Scan returns the number of bytes scanned and if there was any error +// in trying to reach the end of data. +func Scan(data []byte) (int, error) { + s := &scanner{} + _ = checkValid(data, s) + return s.index, s.err +} + +// checkValid verifies that data is valid JSON-encoded data. +// scan is passed in for use by checkValid to avoid an allocation. +func checkValid(data []byte, scan *scanner) error { + scan.reset() + for _, c := range data { + scan.index++ + if scan.step(scan, c) == scanError { + return scan.err + } + } + if scan.eof() == scanError { + return scan.err + } + return nil +} + +func isSpace(c byte) bool { + return c == ' ' || c == '\t' || c == '\r' || c == '\n' +} + +func (s *scanner) reset() { + s.step = stateBeginValue + s.parseState = s.parseState[0:0] + s.err = nil +} + +// eof tells the scanner that the end of input has been reached. +// It returns a scan status just as s.step does. +func (s *scanner) eof() scanStatus { + if s.err != nil { + return scanError + } + if s.endTop { + return scanEnd + } + s.step(s, ' ') + if s.endTop { + return scanEnd + } + if s.err == nil { + s.err = fmt.Errorf("unexpected end of JSON input") + } + return scanError +} + +// pushParseState pushes a new parse state p onto the parse stack. +// an error state is returned if maxNestingDepth was exceeded, otherwise successState is returned. +func (s *scanner) pushParseState(c byte, newParseState int, successState scanStatus) scanStatus { + s.parseState = append(s.parseState, newParseState) + if len(s.parseState) <= maxNestingDepth { + return successState + } + return s.error(c, "exceeded max depth") +} + +// popParseState pops a parse state (already obtained) off the stack +// and updates s.step accordingly. +func (s *scanner) popParseState() { + n := len(s.parseState) - 1 + s.parseState = s.parseState[0:n] + if n == 0 { + s.step = stateEndTop + s.endTop = true + } else { + s.step = stateEndValue + } +} + +// stateBeginValueOrEmpty is the state after reading `[`. +func stateBeginValueOrEmpty(s *scanner, c byte) scanStatus { + if c <= ' ' && isSpace(c) { + return scanSkipSpace + } + if c == ']' { + return stateEndValue(s, c) + } + return stateBeginValue(s, c) +} + +// stateBeginValue is the state at the beginning of the input. +func stateBeginValue(s *scanner, c byte) scanStatus { + if c <= ' ' && isSpace(c) { + return scanSkipSpace + } + switch c { + case '{': + s.step = stateBeginStringOrEmpty + return s.pushParseState(c, parseObjectKey, scanBeginObject) + case '[': + s.step = stateBeginValueOrEmpty + return s.pushParseState(c, parseArrayValue, scanBeginArray) + case '"': + s.step = stateInString + return scanBeginLiteral + case '-': + s.step = stateNeg + return scanBeginLiteral + case '0': // beginning of 0.123 + s.step = state0 + return scanBeginLiteral + case 't': // beginning of true + s.step = stateT + return scanBeginLiteral + case 'f': // beginning of false + s.step = stateF + return scanBeginLiteral + case 'n': // beginning of null + s.step = stateN + return scanBeginLiteral + } + if '1' <= c && c <= '9' { // beginning of 1234.5 + s.step = state1 + return scanBeginLiteral + } + return s.error(c, "looking for beginning of value") +} + +// stateBeginStringOrEmpty is the state after reading `{`. +func stateBeginStringOrEmpty(s *scanner, c byte) scanStatus { + if c <= ' ' && isSpace(c) { + return scanSkipSpace + } + if c == '}' { + n := len(s.parseState) + s.parseState[n-1] = parseObjectValue + return stateEndValue(s, c) + } + return stateBeginString(s, c) +} + +// stateBeginString is the state after reading `{"key": value,`. +func stateBeginString(s *scanner, c byte) scanStatus { + if c <= ' ' && isSpace(c) { + return scanSkipSpace + } + if c == '"' { + s.step = stateInString + return scanBeginLiteral + } + return s.error(c, "looking for beginning of object key string") +} + +// stateEndValue is the state after completing a value, +// such as after reading `{}` or `true` or `["x"`. +func stateEndValue(s *scanner, c byte) scanStatus { + n := len(s.parseState) + if n == 0 { + // Completed top-level before the current byte. + s.step = stateEndTop + s.endTop = true + return stateEndTop(s, c) + } + if c <= ' ' && isSpace(c) { + s.step = stateEndValue + return scanSkipSpace + } + ps := s.parseState[n-1] + switch ps { + case parseObjectKey: + if c == ':' { + s.parseState[n-1] = parseObjectValue + s.step = stateBeginValue + return scanObjectKey + } + return s.error(c, "after object key") + case parseObjectValue: + if c == ',' { + s.parseState[n-1] = parseObjectKey + s.step = stateBeginString + return scanObjectValue + } + if c == '}' { + s.popParseState() + return scanEndObject + } + return s.error(c, "after object key:value pair") + case parseArrayValue: + if c == ',' { + s.step = stateBeginValue + return scanArrayValue + } + if c == ']' { + s.popParseState() + return scanEndArray + } + return s.error(c, "after array element") + } + return s.error(c, "") +} + +// stateEndTop is the state after finishing the top-level value, +// such as after reading `{}` or `[1,2,3]`. +// Only space characters should be seen now. +func stateEndTop(s *scanner, c byte) scanStatus { + if c != ' ' && c != '\t' && c != '\r' && c != '\n' { + // Complain about non-space byte on next call. + s.error(c, "after top-level value") + } + return scanEnd +} + +// stateInString is the state after reading `"`. +func stateInString(s *scanner, c byte) scanStatus { + if c == '"' { + s.step = stateEndValue + return scanContinue + } + if c == '\\' { + s.step = stateInStringEsc + return scanContinue + } + if c < 0x20 { + return s.error(c, "in string literal") + } + return scanContinue +} + +// stateInStringEsc is the state after reading `"\` during a quoted string. +func stateInStringEsc(s *scanner, c byte) scanStatus { + switch c { + case 'b', 'f', 'n', 'r', 't', '\\', '/', '"': + s.step = stateInString + return scanContinue + case 'u': + s.step = stateInStringEscU + return scanContinue + } + return s.error(c, "in string escape code") +} + +// stateInStringEscU is the state after reading `"\u` during a quoted string. +func stateInStringEscU(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { + s.step = stateInStringEscU1 + return scanContinue + } + // numbers + return s.error(c, "in \\u hexadecimal character escape") +} + +// stateInStringEscU1 is the state after reading `"\u1` during a quoted string. +func stateInStringEscU1(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { + s.step = stateInStringEscU12 + return scanContinue + } + // numbers + return s.error(c, "in \\u hexadecimal character escape") +} + +// stateInStringEscU12 is the state after reading `"\u12` during a quoted string. +func stateInStringEscU12(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { + s.step = stateInStringEscU123 + return scanContinue + } + // numbers + return s.error(c, "in \\u hexadecimal character escape") +} + +// stateInStringEscU123 is the state after reading `"\u123` during a quoted string. +func stateInStringEscU123(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' { + s.step = stateInString + return scanContinue + } + // numbers + return s.error(c, "in \\u hexadecimal character escape") +} + +// stateNeg is the state after reading `-` during a number. +func stateNeg(s *scanner, c byte) scanStatus { + if c == '0' { + s.step = state0 + return scanContinue + } + if '1' <= c && c <= '9' { + s.step = state1 + return scanContinue + } + return s.error(c, "in numeric literal") +} + +// state1 is the state after reading a non-zero integer during a number, +// such as after reading `1` or `100` but not `0`. +func state1(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' { + s.step = state1 + return scanContinue + } + return state0(s, c) +} + +// state0 is the state after reading `0` during a number. +func state0(s *scanner, c byte) scanStatus { + if c == '.' { + s.step = stateDot + return scanContinue + } + if c == 'e' || c == 'E' { + s.step = stateE + return scanContinue + } + return stateEndValue(s, c) +} + +// stateDot is the state after reading the integer and decimal point in a number, +// such as after reading `1.`. +func stateDot(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' { + s.step = stateDot0 + return scanContinue + } + return s.error(c, "after decimal point in numeric literal") +} + +// stateDot0 is the state after reading the integer, decimal point, and subsequent +// digits of a number, such as after reading `3.14`. +func stateDot0(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' { + return scanContinue + } + if c == 'e' || c == 'E' { + s.step = stateE + return scanContinue + } + return stateEndValue(s, c) +} + +// stateE is the state after reading the mantissa and e in a number, +// such as after reading `314e` or `0.314e`. +func stateE(s *scanner, c byte) scanStatus { + if c == '+' || c == '-' { + s.step = stateESign + return scanContinue + } + return stateESign(s, c) +} + +// stateESign is the state after reading the mantissa, e, and sign in a number, +// such as after reading `314e-` or `0.314e+`. +func stateESign(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' { + s.step = stateE0 + return scanContinue + } + return s.error(c, "in exponent of numeric literal") +} + +// stateE0 is the state after reading the mantissa, e, optional sign, +// and at least one digit of the exponent in a number, +// such as after reading `314e-2` or `0.314e+1` or `3.14e0`. +func stateE0(s *scanner, c byte) scanStatus { + if '0' <= c && c <= '9' { + return scanContinue + } + return stateEndValue(s, c) +} + +// stateT is the state after reading `t`. +func stateT(s *scanner, c byte) scanStatus { + if c == 'r' { + s.step = stateTr + return scanContinue + } + return s.error(c, "in literal true (expecting 'r')") +} + +// stateTr is the state after reading `tr`. +func stateTr(s *scanner, c byte) scanStatus { + if c == 'u' { + s.step = stateTru + return scanContinue + } + return s.error(c, "in literal true (expecting 'u')") +} + +// stateTru is the state after reading `tru`. +func stateTru(s *scanner, c byte) scanStatus { + if c == 'e' { + s.step = stateEndValue + return scanContinue + } + return s.error(c, "in literal true (expecting 'e')") +} + +// stateF is the state after reading `f`. +func stateF(s *scanner, c byte) scanStatus { + if c == 'a' { + s.step = stateFa + return scanContinue + } + return s.error(c, "in literal false (expecting 'a')") +} + +// stateFa is the state after reading `fa`. +func stateFa(s *scanner, c byte) scanStatus { + if c == 'l' { + s.step = stateFal + return scanContinue + } + return s.error(c, "in literal false (expecting 'l')") +} + +// stateFal is the state after reading `fal`. +func stateFal(s *scanner, c byte) scanStatus { + if c == 's' { + s.step = stateFals + return scanContinue + } + return s.error(c, "in literal false (expecting 's')") +} + +// stateFals is the state after reading `fals`. +func stateFals(s *scanner, c byte) scanStatus { + if c == 'e' { + s.step = stateEndValue + return scanContinue + } + return s.error(c, "in literal false (expecting 'e')") +} + +// stateN is the state after reading `n`. +func stateN(s *scanner, c byte) scanStatus { + if c == 'u' { + s.step = stateNu + return scanContinue + } + return s.error(c, "in literal null (expecting 'u')") +} + +// stateNu is the state after reading `nu`. +func stateNu(s *scanner, c byte) scanStatus { + if c == 'l' { + s.step = stateNul + return scanContinue + } + return s.error(c, "in literal null (expecting 'l')") +} + +// stateNul is the state after reading `nul`. +func stateNul(s *scanner, c byte) scanStatus { + if c == 'l' { + s.step = stateEndValue + return scanContinue + } + return s.error(c, "in literal null (expecting 'l')") +} + +// stateError is the state after reaching a syntax error, +// such as after reading `[1}` or `5.1.2`. +func stateError(s *scanner, c byte) scanStatus { + return scanError +} + +// error records an error and switches to the error state. +func (s *scanner) error(c byte, context string) scanStatus { + s.step = stateError + s.err = fmt.Errorf("invalid character <<%c>> %s", c, context) + return scanError +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go new file mode 100644 index 0000000000..fec11f080a --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go @@ -0,0 +1,124 @@ +package magic + +import ( + "bytes" + "encoding/binary" +) + +var ( + // SevenZ matches a 7z archive. + SevenZ = prefix([]byte{0x37, 0x7A, 0xBC, 0xAF, 0x27, 0x1C}) + // Gzip matches gzip files based on http://www.zlib.org/rfc-gzip.html#header-trailer. + Gzip = prefix([]byte{0x1f, 0x8b}) + // Fits matches an Flexible Image Transport System file. + Fits = prefix([]byte{ + 0x53, 0x49, 0x4D, 0x50, 0x4C, 0x45, 0x20, 0x20, 0x3D, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x54, + }) + // Xar matches an eXtensible ARchive format file. + Xar = prefix([]byte{0x78, 0x61, 0x72, 0x21}) + // Bz2 matches a bzip2 file. + Bz2 = prefix([]byte{0x42, 0x5A, 0x68}) + // Ar matches an ar (Unix) archive file. + Ar = prefix([]byte{0x21, 0x3C, 0x61, 0x72, 0x63, 0x68, 0x3E}) + // Deb matches a Debian package file. + Deb = offset([]byte{ + 0x64, 0x65, 0x62, 0x69, 0x61, 0x6E, 0x2D, + 0x62, 0x69, 0x6E, 0x61, 0x72, 0x79, + }, 8) + // Warc matches a Web ARChive file. + Warc = prefix([]byte("WARC/1.0"), []byte("WARC/1.1")) + // Cab matches a Microsoft Cabinet archive file. + Cab = prefix([]byte("MSCF\x00\x00\x00\x00")) + // Xz matches an xz compressed stream based on https://tukaani.org/xz/xz-file-format.txt. + Xz = prefix([]byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00}) + // Lzip matches an Lzip compressed file. + Lzip = prefix([]byte{0x4c, 0x5a, 0x49, 0x50}) + // RPM matches an RPM or Delta RPM package file. + RPM = prefix([]byte{0xed, 0xab, 0xee, 0xdb}, []byte("drpm")) + // Cpio matches a cpio archive file. + Cpio = prefix([]byte("070707"), []byte("070701"), []byte("070702")) + // RAR matches a RAR archive file. + RAR = prefix([]byte("Rar!\x1A\x07\x00"), []byte("Rar!\x1A\x07\x01\x00")) +) + +// InstallShieldCab matches an InstallShield Cabinet archive file. +func InstallShieldCab(raw []byte, _ uint32) bool { + return len(raw) > 7 && + bytes.Equal(raw[0:4], []byte("ISc(")) && + raw[6] == 0 && + (raw[7] == 1 || raw[7] == 2 || raw[7] == 4) +} + +// Zstd matches a Zstandard archive file. +func Zstd(raw []byte, limit uint32) bool { + return len(raw) >= 4 && + (0x22 <= raw[0] && raw[0] <= 0x28 || raw[0] == 0x1E) && // Different Zstandard versions. + bytes.HasPrefix(raw[1:], []byte{0xB5, 0x2F, 0xFD}) +} + +// CRX matches a Chrome extension file: a zip archive prepended by a package header. +func CRX(raw []byte, limit uint32) bool { + const minHeaderLen = 16 + if len(raw) < minHeaderLen || !bytes.HasPrefix(raw, []byte("Cr24")) { + return false + } + pubkeyLen := binary.LittleEndian.Uint32(raw[8:12]) + sigLen := binary.LittleEndian.Uint32(raw[12:16]) + zipOffset := minHeaderLen + pubkeyLen + sigLen + if uint32(len(raw)) < zipOffset { + return false + } + return Zip(raw[zipOffset:], limit) +} + +// Tar matches a (t)ape (ar)chive file. +func Tar(raw []byte, _ uint32) bool { + // The "magic" header field for files in in UStar (POSIX IEEE P1003.1) archives + // has the prefix "ustar". The values of the remaining bytes in this field vary + // by archiver implementation. + if len(raw) >= 512 && bytes.HasPrefix(raw[257:], []byte{0x75, 0x73, 0x74, 0x61, 0x72}) { + return true + } + + if len(raw) < 256 { + return false + } + + // The older v7 format has no "magic" field, and therefore must be identified + // with heuristics based on legal ranges of values for other header fields: + // https://www.nationalarchives.gov.uk/PRONOM/Format/proFormatSearch.aspx?status=detailReport&id=385&strPageToDisplay=signatures + rules := []struct { + min, max uint8 + i int + }{ + {0x21, 0xEF, 0}, + {0x30, 0x37, 105}, + {0x20, 0x37, 106}, + {0x00, 0x00, 107}, + {0x30, 0x37, 113}, + {0x20, 0x37, 114}, + {0x00, 0x00, 115}, + {0x30, 0x37, 121}, + {0x20, 0x37, 122}, + {0x00, 0x00, 123}, + {0x30, 0x37, 134}, + {0x30, 0x37, 146}, + {0x30, 0x37, 153}, + {0x00, 0x37, 154}, + } + for _, r := range rules { + if raw[r.i] < r.min || raw[r.i] > r.max { + return false + } + } + + for _, i := range []uint8{135, 147, 155} { + if raw[i] != 0x00 && raw[i] != 0x20 { + return false + } + } + + return true +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/audio.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/audio.go new file mode 100644 index 0000000000..d17e32482c --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/audio.go @@ -0,0 +1,76 @@ +package magic + +import ( + "bytes" + "encoding/binary" +) + +var ( + // Flac matches a Free Lossless Audio Codec file. + Flac = prefix([]byte("\x66\x4C\x61\x43\x00\x00\x00\x22")) + // Midi matches a Musical Instrument Digital Interface file. + Midi = prefix([]byte("\x4D\x54\x68\x64")) + // Ape matches a Monkey's Audio file. + Ape = prefix([]byte("\x4D\x41\x43\x20\x96\x0F\x00\x00\x34\x00\x00\x00\x18\x00\x00\x00\x90\xE3")) + // MusePack matches a Musepack file. + MusePack = prefix([]byte("MPCK")) + // Au matches a Sun Microsystems au file. + Au = prefix([]byte("\x2E\x73\x6E\x64")) + // Amr matches an Adaptive Multi-Rate file. + Amr = prefix([]byte("\x23\x21\x41\x4D\x52")) + // Voc matches a Creative Voice file. + Voc = prefix([]byte("Creative Voice File")) + // M3u matches a Playlist file. + M3u = prefix([]byte("#EXTM3U")) + // AAC matches an Advanced Audio Coding file. + AAC = prefix([]byte{0xFF, 0xF1}, []byte{0xFF, 0xF9}) +) + +// Mp3 matches an mp3 file. +func Mp3(raw []byte, limit uint32) bool { + if len(raw) < 3 { + return false + } + + if bytes.HasPrefix(raw, []byte("ID3")) { + // MP3s with an ID3v2 tag will start with "ID3" + // ID3v1 tags, however appear at the end of the file. + return true + } + + // Match MP3 files without tags + switch binary.BigEndian.Uint16(raw[:2]) & 0xFFFE { + case 0xFFFA: + // MPEG ADTS, layer III, v1 + return true + case 0xFFF2: + // MPEG ADTS, layer III, v2 + return true + case 0xFFE2: + // MPEG ADTS, layer III, v2.5 + return true + } + + return false +} + +// Wav matches a Waveform Audio File Format file. +func Wav(raw []byte, limit uint32) bool { + return len(raw) > 12 && + bytes.Equal(raw[:4], []byte("RIFF")) && + bytes.Equal(raw[8:12], []byte{0x57, 0x41, 0x56, 0x45}) +} + +// Aiff matches Audio Interchange File Format file. +func Aiff(raw []byte, limit uint32) bool { + return len(raw) > 12 && + bytes.Equal(raw[:4], []byte{0x46, 0x4F, 0x52, 0x4D}) && + bytes.Equal(raw[8:12], []byte{0x41, 0x49, 0x46, 0x46}) +} + +// Qcp matches a Qualcomm Pure Voice file. +func Qcp(raw []byte, limit uint32) bool { + return len(raw) > 12 && + bytes.Equal(raw[:4], []byte("RIFF")) && + bytes.Equal(raw[8:12], []byte("QLCM")) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go new file mode 100644 index 0000000000..29bdded3e8 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go @@ -0,0 +1,196 @@ +package magic + +import ( + "bytes" + "debug/macho" + "encoding/binary" +) + +var ( + // Lnk matches Microsoft lnk binary format. + Lnk = prefix([]byte{0x4C, 0x00, 0x00, 0x00, 0x01, 0x14, 0x02, 0x00}) + // Wasm matches a web assembly File Format file. + Wasm = prefix([]byte{0x00, 0x61, 0x73, 0x6D}) + // Exe matches a Windows/DOS executable file. + Exe = prefix([]byte{0x4D, 0x5A}) + // Elf matches an Executable and Linkable Format file. + Elf = prefix([]byte{0x7F, 0x45, 0x4C, 0x46}) + // Nes matches a Nintendo Entertainment system ROM file. + Nes = prefix([]byte{0x4E, 0x45, 0x53, 0x1A}) + // SWF matches an Adobe Flash swf file. + SWF = prefix([]byte("CWS"), []byte("FWS"), []byte("ZWS")) + // Torrent has bencoded text in the beginning. + Torrent = prefix([]byte("d8:announce")) +) + +// Java bytecode and Mach-O binaries share the same magic number. +// More info here https://github.com/threatstack/libmagic/blob/master/magic/Magdir/cafebabe +func classOrMachOFat(in []byte) bool { + // There should be at least 8 bytes for both of them because the only way to + // quickly distinguish them is by comparing byte at position 7 + if len(in) < 8 { + return false + } + + return bytes.HasPrefix(in, []byte{0xCA, 0xFE, 0xBA, 0xBE}) +} + +// Class matches a java class file. +func Class(raw []byte, limit uint32) bool { + return classOrMachOFat(raw) && raw[7] > 30 +} + +// MachO matches Mach-O binaries format. +func MachO(raw []byte, limit uint32) bool { + if classOrMachOFat(raw) && raw[7] < 20 { + return true + } + + if len(raw) < 4 { + return false + } + + be := binary.BigEndian.Uint32(raw) + le := binary.LittleEndian.Uint32(raw) + + return be == macho.Magic32 || + le == macho.Magic32 || + be == macho.Magic64 || + le == macho.Magic64 +} + +// Dbf matches a dBase file. +// https://www.dbase.com/Knowledgebase/INT/db7_file_fmt.htm +func Dbf(raw []byte, limit uint32) bool { + if len(raw) < 68 { + return false + } + + // 3rd and 4th bytes contain the last update month and day of month. + if !(0 < raw[2] && raw[2] < 13 && 0 < raw[3] && raw[3] < 32) { + return false + } + + // 12, 13, 30, 31 are reserved bytes and always filled with 0x00. + if raw[12] != 0x00 || raw[13] != 0x00 || raw[30] != 0x00 || raw[31] != 0x00 { + return false + } + // Production MDX flag; + // 0x01 if a production .MDX file exists for this table; + // 0x00 if no .MDX file exists. + if raw[28] > 0x01 { + return false + } + + // dbf type is dictated by the first byte. + dbfTypes := []byte{ + 0x02, 0x03, 0x04, 0x05, 0x30, 0x31, 0x32, 0x42, 0x62, 0x7B, 0x82, + 0x83, 0x87, 0x8A, 0x8B, 0x8E, 0xB3, 0xCB, 0xE5, 0xF5, 0xF4, 0xFB, + } + for _, b := range dbfTypes { + if raw[0] == b { + return true + } + } + + return false +} + +// ElfObj matches an object file. +func ElfObj(raw []byte, limit uint32) bool { + return len(raw) > 17 && ((raw[16] == 0x01 && raw[17] == 0x00) || + (raw[16] == 0x00 && raw[17] == 0x01)) +} + +// ElfExe matches an executable file. +func ElfExe(raw []byte, limit uint32) bool { + return len(raw) > 17 && ((raw[16] == 0x02 && raw[17] == 0x00) || + (raw[16] == 0x00 && raw[17] == 0x02)) +} + +// ElfLib matches a shared library file. +func ElfLib(raw []byte, limit uint32) bool { + return len(raw) > 17 && ((raw[16] == 0x03 && raw[17] == 0x00) || + (raw[16] == 0x00 && raw[17] == 0x03)) +} + +// ElfDump matches a core dump file. +func ElfDump(raw []byte, limit uint32) bool { + return len(raw) > 17 && ((raw[16] == 0x04 && raw[17] == 0x00) || + (raw[16] == 0x00 && raw[17] == 0x04)) +} + +// Dcm matches a DICOM medical format file. +func Dcm(raw []byte, limit uint32) bool { + return len(raw) > 131 && + bytes.Equal(raw[128:132], []byte{0x44, 0x49, 0x43, 0x4D}) +} + +// Marc matches a MARC21 (MAchine-Readable Cataloging) file. +func Marc(raw []byte, limit uint32) bool { + // File is at least 24 bytes ("leader" field size). + if len(raw) < 24 { + return false + } + + // Fixed bytes at offset 20. + if !bytes.Equal(raw[20:24], []byte("4500")) { + return false + } + + // First 5 bytes are ASCII digits. + for i := 0; i < 5; i++ { + if raw[i] < '0' || raw[i] > '9' { + return false + } + } + + // Field terminator is present in first 2048 bytes. + return bytes.Contains(raw[:min(2048, len(raw))], []byte{0x1E}) +} + +// Glb matches a glTF model format file. +// GLB is the binary file format representation of 3D models save in +// the GL transmission Format (glTF). +// see more: https://docs.fileformat.com/3d/glb/ +// https://www.iana.org/assignments/media-types/model/gltf-binary +// GLB file format is based on little endian and its header structure +// show below: +// +// <-- 12-byte header --> +// | magic | version | length | +// | (uint32) | (uint32) | (uint32) | +// | \x67\x6C\x54\x46 | \x01\x00\x00\x00 | ... | +// | g l T F | 1 | ... | +var Glb = prefix([]byte("\x67\x6C\x54\x46\x02\x00\x00\x00"), + []byte("\x67\x6C\x54\x46\x01\x00\x00\x00")) + +// TzIf matches a Time Zone Information Format (TZif) file. +// See more: https://tools.ietf.org/id/draft-murchison-tzdist-tzif-00.html#rfc.section.3 +// Its header structure is shown below: +// +---------------+---+ +// | magic (4) | <-+-- version (1) +// +---------------+---+---------------------------------------+ +// | [unused - reserved for future use] (15) | +// +---------------+---------------+---------------+-----------+ +// | isutccnt (4) | isstdcnt (4) | leapcnt (4) | +// +---------------+---------------+---------------+ +// | timecnt (4) | typecnt (4) | charcnt (4) | +func TzIf(raw []byte, limit uint32) bool { + // File is at least 44 bytes (header size). + if len(raw) < 44 { + return false + } + + if !bytes.HasPrefix(raw, []byte("TZif")) { + return false + } + + // Field "typecnt" MUST not be zero. + if binary.BigEndian.Uint32(raw[36:40]) == 0 { + return false + } + + // Version has to be NUL (0x00), '2' (0x32) or '3' (0x33). + return raw[4] == 0x00 || raw[4] == 0x32 || raw[4] == 0x33 +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/database.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/database.go new file mode 100644 index 0000000000..cb1fed12f7 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/database.go @@ -0,0 +1,13 @@ +package magic + +var ( + // Sqlite matches an SQLite database file. + Sqlite = prefix([]byte{ + 0x53, 0x51, 0x4c, 0x69, 0x74, 0x65, 0x20, 0x66, + 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x20, 0x33, 0x00, + }) + // MsAccessAce matches Microsoft Access dababase file. + MsAccessAce = offset([]byte("Standard ACE DB"), 4) + // MsAccessMdb matches legacy Microsoft Access database file (JET, 2003 and earlier). + MsAccessMdb = offset([]byte("Standard Jet DB"), 4) +) diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/document.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/document.go new file mode 100644 index 0000000000..b3b26d5a12 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/document.go @@ -0,0 +1,62 @@ +package magic + +import "bytes" + +var ( + // Pdf matches a Portable Document Format file. + // https://github.com/file/file/blob/11010cc805546a3e35597e67e1129a481aed40e8/magic/Magdir/pdf + Pdf = prefix( + // usual pdf signature + []byte("%PDF-"), + // new-line prefixed signature + []byte("\012%PDF-"), + // UTF-8 BOM prefixed signature + []byte("\xef\xbb\xbf%PDF-"), + ) + // Fdf matches a Forms Data Format file. + Fdf = prefix([]byte("%FDF")) + // Mobi matches a Mobi file. + Mobi = offset([]byte("BOOKMOBI"), 60) + // Lit matches a Microsoft Lit file. + Lit = prefix([]byte("ITOLITLS")) +) + +// DjVu matches a DjVu file. +func DjVu(raw []byte, limit uint32) bool { + if len(raw) < 12 { + return false + } + if !bytes.HasPrefix(raw, []byte{0x41, 0x54, 0x26, 0x54, 0x46, 0x4F, 0x52, 0x4D}) { + return false + } + return bytes.HasPrefix(raw[12:], []byte("DJVM")) || + bytes.HasPrefix(raw[12:], []byte("DJVU")) || + bytes.HasPrefix(raw[12:], []byte("DJVI")) || + bytes.HasPrefix(raw[12:], []byte("THUM")) +} + +// P7s matches an .p7s signature File (PEM, Base64). +func P7s(raw []byte, limit uint32) bool { + // Check for PEM Encoding. + if bytes.HasPrefix(raw, []byte("-----BEGIN PKCS7")) { + return true + } + // Check if DER Encoding is long enough. + if len(raw) < 20 { + return false + } + // Magic Bytes for the signedData ASN.1 encoding. + startHeader := [][]byte{{0x30, 0x80}, {0x30, 0x81}, {0x30, 0x82}, {0x30, 0x83}, {0x30, 0x84}} + signedDataMatch := []byte{0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07} + // Check if Header is correct. There are multiple valid headers. + for i, match := range startHeader { + // If first bytes match, then check for ASN.1 Object Type. + if bytes.HasPrefix(raw, match) { + if bytes.HasPrefix(raw[i+2:], signedDataMatch) { + return true + } + } + } + + return false +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/font.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/font.go new file mode 100644 index 0000000000..43af28212e --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/font.go @@ -0,0 +1,39 @@ +package magic + +import ( + "bytes" +) + +var ( + // Woff matches a Web Open Font Format file. + Woff = prefix([]byte("wOFF")) + // Woff2 matches a Web Open Font Format version 2 file. + Woff2 = prefix([]byte("wOF2")) + // Otf matches an OpenType font file. + Otf = prefix([]byte{0x4F, 0x54, 0x54, 0x4F, 0x00}) +) + +// Ttf matches a TrueType font file. +func Ttf(raw []byte, limit uint32) bool { + if !bytes.HasPrefix(raw, []byte{0x00, 0x01, 0x00, 0x00}) { + return false + } + return !MsAccessAce(raw, limit) && !MsAccessMdb(raw, limit) +} + +// Eot matches an Embedded OpenType font file. +func Eot(raw []byte, limit uint32) bool { + return len(raw) > 35 && + bytes.Equal(raw[34:36], []byte{0x4C, 0x50}) && + (bytes.Equal(raw[8:11], []byte{0x02, 0x00, 0x01}) || + bytes.Equal(raw[8:11], []byte{0x01, 0x00, 0x00}) || + bytes.Equal(raw[8:11], []byte{0x02, 0x00, 0x02})) +} + +// Ttc matches a TrueType Collection font file. +func Ttc(raw []byte, limit uint32) bool { + return len(raw) > 7 && + bytes.HasPrefix(raw, []byte("ttcf")) && + (bytes.Equal(raw[4:8], []byte{0x00, 0x01, 0x00, 0x00}) || + bytes.Equal(raw[4:8], []byte{0x00, 0x02, 0x00, 0x00})) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ftyp.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ftyp.go new file mode 100644 index 0000000000..6575b4aecd --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ftyp.go @@ -0,0 +1,88 @@ +package magic + +import "bytes" + +var ( + // AVIF matches an AV1 Image File Format still or animated. + // Wikipedia page seems outdated listing image/avif-sequence for animations. + // https://github.com/AOMediaCodec/av1-avif/issues/59 + AVIF = ftyp([]byte("avif"), []byte("avis")) + // Mp4 matches an MP4 file. + Mp4 = ftyp( + []byte("avc1"), []byte("dash"), []byte("iso2"), []byte("iso3"), + []byte("iso4"), []byte("iso5"), []byte("iso6"), []byte("isom"), + []byte("mmp4"), []byte("mp41"), []byte("mp42"), []byte("mp4v"), + []byte("mp71"), []byte("MSNV"), []byte("NDAS"), []byte("NDSC"), + []byte("NSDC"), []byte("NSDH"), []byte("NDSM"), []byte("NDSP"), + []byte("NDSS"), []byte("NDXC"), []byte("NDXH"), []byte("NDXM"), + []byte("NDXP"), []byte("NDXS"), []byte("F4V "), []byte("F4P "), + ) + // ThreeGP matches a 3GPP file. + ThreeGP = ftyp( + []byte("3gp1"), []byte("3gp2"), []byte("3gp3"), []byte("3gp4"), + []byte("3gp5"), []byte("3gp6"), []byte("3gp7"), []byte("3gs7"), + []byte("3ge6"), []byte("3ge7"), []byte("3gg6"), + ) + // ThreeG2 matches a 3GPP2 file. + ThreeG2 = ftyp( + []byte("3g24"), []byte("3g25"), []byte("3g26"), []byte("3g2a"), + []byte("3g2b"), []byte("3g2c"), []byte("KDDI"), + ) + // AMp4 matches an audio MP4 file. + AMp4 = ftyp( + // audio for Adobe Flash Player 9+ + []byte("F4A "), []byte("F4B "), + // Apple iTunes AAC-LC (.M4A) Audio + []byte("M4B "), []byte("M4P "), + // MPEG-4 (.MP4) for SonyPSP + []byte("MSNV"), + // Nero Digital AAC Audio + []byte("NDAS"), + ) + // Mqv matches a Sony / Mobile QuickTime file. + Mqv = ftyp([]byte("mqt ")) + // M4a matches an audio M4A file. + M4a = ftyp([]byte("M4A ")) + // M4v matches an Appl4 M4V video file. + M4v = ftyp([]byte("M4V "), []byte("M4VH"), []byte("M4VP")) + // Heic matches a High Efficiency Image Coding (HEIC) file. + Heic = ftyp([]byte("heic"), []byte("heix")) + // HeicSequence matches a High Efficiency Image Coding (HEIC) file sequence. + HeicSequence = ftyp([]byte("hevc"), []byte("hevx")) + // Heif matches a High Efficiency Image File Format (HEIF) file. + Heif = ftyp([]byte("mif1"), []byte("heim"), []byte("heis"), []byte("avic")) + // HeifSequence matches a High Efficiency Image File Format (HEIF) file sequence. + HeifSequence = ftyp([]byte("msf1"), []byte("hevm"), []byte("hevs"), []byte("avcs")) + // TODO: add support for remaining video formats at ftyps.com. +) + +// QuickTime matches a QuickTime File Format file. +// https://www.loc.gov/preservation/digital/formats/fdd/fdd000052.shtml +// https://developer.apple.com/library/archive/documentation/QuickTime/QTFF/QTFFChap1/qtff1.html#//apple_ref/doc/uid/TP40000939-CH203-38190 +// https://github.com/apache/tika/blob/0f5570691133c75ac4472c3340354a6c4080b104/tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml#L7758-L7777 +func QuickTime(raw []byte, _ uint32) bool { + if len(raw) < 12 { + return false + } + // First 4 bytes represent the size of the atom as unsigned int. + // Next 4 bytes are the type of the atom. + // For `ftyp` atoms check if first byte in size is 0, otherwise, a text file + // which happens to contain 'ftypqt ' at index 4 will trigger a false positive. + if bytes.Equal(raw[4:12], []byte("ftypqt ")) || + bytes.Equal(raw[4:12], []byte("ftypmoov")) { + return raw[0] == 0x00 + } + basicAtomTypes := [][]byte{ + []byte("moov\x00"), + []byte("mdat\x00"), + []byte("free\x00"), + []byte("skip\x00"), + []byte("pnot\x00"), + } + for _, a := range basicAtomTypes { + if bytes.Equal(raw[4:9], a) { + return true + } + } + return bytes.Equal(raw[:8], []byte("\x00\x00\x00\x08wide")) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go new file mode 100644 index 0000000000..f077e16724 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go @@ -0,0 +1,55 @@ +package magic + +import ( + "bytes" + "encoding/binary" +) + +// Shp matches a shape format file. +// https://www.esri.com/library/whitepapers/pdfs/shapefile.pdf +func Shp(raw []byte, limit uint32) bool { + if len(raw) < 112 { + return false + } + + if !(binary.BigEndian.Uint32(raw[0:4]) == 9994 && + binary.BigEndian.Uint32(raw[4:8]) == 0 && + binary.BigEndian.Uint32(raw[8:12]) == 0 && + binary.BigEndian.Uint32(raw[12:16]) == 0 && + binary.BigEndian.Uint32(raw[16:20]) == 0 && + binary.BigEndian.Uint32(raw[20:24]) == 0 && + binary.LittleEndian.Uint32(raw[28:32]) == 1000) { + return false + } + + shapeTypes := []int{ + 0, // Null shape + 1, // Point + 3, // Polyline + 5, // Polygon + 8, // MultiPoint + 11, // PointZ + 13, // PolylineZ + 15, // PolygonZ + 18, // MultiPointZ + 21, // PointM + 23, // PolylineM + 25, // PolygonM + 28, // MultiPointM + 31, // MultiPatch + } + + for _, st := range shapeTypes { + if st == int(binary.LittleEndian.Uint32(raw[108:112])) { + return true + } + } + + return false +} + +// Shx matches a shape index format file. +// https://www.esri.com/library/whitepapers/pdfs/shapefile.pdf +func Shx(raw []byte, limit uint32) bool { + return bytes.HasPrefix(raw, []byte{0x00, 0x00, 0x27, 0x0A}) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/image.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/image.go new file mode 100644 index 0000000000..0eb7e95f37 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/image.go @@ -0,0 +1,110 @@ +package magic + +import "bytes" + +var ( + // Png matches a Portable Network Graphics file. + // https://www.w3.org/TR/PNG/ + Png = prefix([]byte{0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A}) + // Apng matches an Animated Portable Network Graphics file. + // https://wiki.mozilla.org/APNG_Specification + Apng = offset([]byte("acTL"), 37) + // Jpg matches a Joint Photographic Experts Group file. + Jpg = prefix([]byte{0xFF, 0xD8, 0xFF}) + // Jp2 matches a JPEG 2000 Image file (ISO 15444-1). + Jp2 = jpeg2k([]byte{0x6a, 0x70, 0x32, 0x20}) + // Jpx matches a JPEG 2000 Image file (ISO 15444-2). + Jpx = jpeg2k([]byte{0x6a, 0x70, 0x78, 0x20}) + // Jpm matches a JPEG 2000 Image file (ISO 15444-6). + Jpm = jpeg2k([]byte{0x6a, 0x70, 0x6D, 0x20}) + // Gif matches a Graphics Interchange Format file. + Gif = prefix([]byte("GIF87a"), []byte("GIF89a")) + // Bmp matches a bitmap image file. + Bmp = prefix([]byte{0x42, 0x4D}) + // Ps matches a PostScript file. + Ps = prefix([]byte("%!PS-Adobe-")) + // Psd matches a Photoshop Document file. + Psd = prefix([]byte("8BPS")) + // Ico matches an ICO file. + Ico = prefix([]byte{0x00, 0x00, 0x01, 0x00}, []byte{0x00, 0x00, 0x02, 0x00}) + // Icns matches an ICNS (Apple Icon Image format) file. + Icns = prefix([]byte("icns")) + // Tiff matches a Tagged Image File Format file. + Tiff = prefix([]byte{0x49, 0x49, 0x2A, 0x00}, []byte{0x4D, 0x4D, 0x00, 0x2A}) + // Bpg matches a Better Portable Graphics file. + Bpg = prefix([]byte{0x42, 0x50, 0x47, 0xFB}) + // Xcf matches GIMP image data. + Xcf = prefix([]byte("gimp xcf")) + // Pat matches GIMP pattern data. + Pat = offset([]byte("GPAT"), 20) + // Gbr matches GIMP brush data. + Gbr = offset([]byte("GIMP"), 20) + // Hdr matches Radiance HDR image. + // https://web.archive.org/web/20060913152809/http://local.wasp.uwa.edu.au/~pbourke/dataformats/pic/ + Hdr = prefix([]byte("#?RADIANCE\n")) + // Xpm matches X PixMap image data. + Xpm = prefix([]byte{0x2F, 0x2A, 0x20, 0x58, 0x50, 0x4D, 0x20, 0x2A, 0x2F}) + // Jxs matches a JPEG XS coded image file (ISO/IEC 21122-3). + Jxs = prefix([]byte{0x00, 0x00, 0x00, 0x0C, 0x4A, 0x58, 0x53, 0x20, 0x0D, 0x0A, 0x87, 0x0A}) + // Jxr matches Microsoft HD JXR photo file. + Jxr = prefix([]byte{0x49, 0x49, 0xBC, 0x01}) +) + +func jpeg2k(sig []byte) Detector { + return func(raw []byte, _ uint32) bool { + if len(raw) < 24 { + return false + } + + if !bytes.Equal(raw[4:8], []byte{0x6A, 0x50, 0x20, 0x20}) && + !bytes.Equal(raw[4:8], []byte{0x6A, 0x50, 0x32, 0x20}) { + return false + } + return bytes.Equal(raw[20:24], sig) + } +} + +// Webp matches a WebP file. +func Webp(raw []byte, _ uint32) bool { + return len(raw) > 12 && + bytes.Equal(raw[0:4], []byte("RIFF")) && + bytes.Equal(raw[8:12], []byte{0x57, 0x45, 0x42, 0x50}) +} + +// Dwg matches a CAD drawing file. +func Dwg(raw []byte, _ uint32) bool { + if len(raw) < 6 || raw[0] != 0x41 || raw[1] != 0x43 { + return false + } + dwgVersions := [][]byte{ + {0x31, 0x2E, 0x34, 0x30}, + {0x31, 0x2E, 0x35, 0x30}, + {0x32, 0x2E, 0x31, 0x30}, + {0x31, 0x30, 0x30, 0x32}, + {0x31, 0x30, 0x30, 0x33}, + {0x31, 0x30, 0x30, 0x34}, + {0x31, 0x30, 0x30, 0x36}, + {0x31, 0x30, 0x30, 0x39}, + {0x31, 0x30, 0x31, 0x32}, + {0x31, 0x30, 0x31, 0x34}, + {0x31, 0x30, 0x31, 0x35}, + {0x31, 0x30, 0x31, 0x38}, + {0x31, 0x30, 0x32, 0x31}, + {0x31, 0x30, 0x32, 0x34}, + {0x31, 0x30, 0x33, 0x32}, + } + + for _, d := range dwgVersions { + if bytes.Equal(raw[2:6], d) { + return true + } + } + + return false +} + +// Jxl matches JPEG XL image file. +func Jxl(raw []byte, _ uint32) bool { + return bytes.HasPrefix(raw, []byte{0xFF, 0x0A}) || + bytes.HasPrefix(raw, []byte("\x00\x00\x00\x0cJXL\x20\x0d\x0a\x87\x0a")) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go new file mode 100644 index 0000000000..466058fbe2 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go @@ -0,0 +1,239 @@ +// Package magic holds the matching functions used to find MIME types. +package magic + +import ( + "bytes" + "fmt" +) + +type ( + // Detector receiveѕ the raw data of a file and returns whether the data + // meets any conditions. The limit parameter is an upper limit to the number + // of bytes received and is used to tell if the byte slice represents the + // whole file or is just the header of a file: len(raw) < limit or len(raw)>limit. + Detector func(raw []byte, limit uint32) bool + xmlSig struct { + // the local name of the root tag + localName []byte + // the namespace of the XML document + xmlns []byte + } +) + +// prefix creates a Detector which returns true if any of the provided signatures +// is the prefix of the raw input. +func prefix(sigs ...[]byte) Detector { + return func(raw []byte, limit uint32) bool { + for _, s := range sigs { + if bytes.HasPrefix(raw, s) { + return true + } + } + return false + } +} + +// offset creates a Detector which returns true if the provided signature can be +// found at offset in the raw input. +func offset(sig []byte, offset int) Detector { + return func(raw []byte, limit uint32) bool { + return len(raw) > offset && bytes.HasPrefix(raw[offset:], sig) + } +} + +// ciPrefix is like prefix but the check is case insensitive. +func ciPrefix(sigs ...[]byte) Detector { + return func(raw []byte, limit uint32) bool { + for _, s := range sigs { + if ciCheck(s, raw) { + return true + } + } + return false + } +} +func ciCheck(sig, raw []byte) bool { + if len(raw) < len(sig)+1 { + return false + } + // perform case insensitive check + for i, b := range sig { + db := raw[i] + if 'A' <= b && b <= 'Z' { + db &= 0xDF + } + if b != db { + return false + } + } + + return true +} + +// xml creates a Detector which returns true if any of the provided XML signatures +// matches the raw input. +func xml(sigs ...xmlSig) Detector { + return func(raw []byte, limit uint32) bool { + raw = trimLWS(raw) + if len(raw) == 0 { + return false + } + for _, s := range sigs { + if xmlCheck(s, raw) { + return true + } + } + return false + } +} +func xmlCheck(sig xmlSig, raw []byte) bool { + raw = raw[:min(len(raw), 512)] + + if len(sig.localName) == 0 { + return bytes.Index(raw, sig.xmlns) > 0 + } + if len(sig.xmlns) == 0 { + return bytes.Index(raw, sig.localName) > 0 + } + + localNameIndex := bytes.Index(raw, sig.localName) + return localNameIndex != -1 && localNameIndex < bytes.Index(raw, sig.xmlns) +} + +// markup creates a Detector which returns true is any of the HTML signatures +// matches the raw input. +func markup(sigs ...[]byte) Detector { + return func(raw []byte, limit uint32) bool { + if bytes.HasPrefix(raw, []byte{0xEF, 0xBB, 0xBF}) { + // We skip the UTF-8 BOM if present to ensure we correctly + // process any leading whitespace. The presence of the BOM + // is taken into account during charset detection in charset.go. + raw = trimLWS(raw[3:]) + } else { + raw = trimLWS(raw) + } + if len(raw) == 0 { + return false + } + for _, s := range sigs { + if markupCheck(s, raw) { + return true + } + } + return false + } +} +func markupCheck(sig, raw []byte) bool { + if len(raw) < len(sig)+1 { + return false + } + + // perform case insensitive check + for i, b := range sig { + db := raw[i] + if 'A' <= b && b <= 'Z' { + db &= 0xDF + } + if b != db { + return false + } + } + // Next byte must be space or right angle bracket. + if db := raw[len(sig)]; db != ' ' && db != '>' { + return false + } + + return true +} + +// ftyp creates a Detector which returns true if any of the FTYP signatures +// matches the raw input. +func ftyp(sigs ...[]byte) Detector { + return func(raw []byte, limit uint32) bool { + if len(raw) < 12 { + return false + } + for _, s := range sigs { + if bytes.Equal(raw[4:12], append([]byte("ftyp"), s...)) { + return true + } + } + return false + } +} + +func newXMLSig(localName, xmlns string) xmlSig { + ret := xmlSig{xmlns: []byte(xmlns)} + if localName != "" { + ret.localName = []byte(fmt.Sprintf("<%s", localName)) + } + + return ret +} + +// A valid shebang starts with the "#!" characters, +// followed by any number of spaces, +// followed by the path to the interpreter, +// and, optionally, followed by the arguments for the interpreter. +// +// Ex: +// #! /usr/bin/env php +// /usr/bin/env is the interpreter, php is the first and only argument. +func shebang(sigs ...[]byte) Detector { + return func(raw []byte, limit uint32) bool { + for _, s := range sigs { + if shebangCheck(s, firstLine(raw)) { + return true + } + } + return false + } +} + +func shebangCheck(sig, raw []byte) bool { + if len(raw) < len(sig)+2 { + return false + } + if raw[0] != '#' || raw[1] != '!' { + return false + } + + return bytes.Equal(trimLWS(trimRWS(raw[2:])), sig) +} + +// trimLWS trims whitespace from beginning of the input. +func trimLWS(in []byte) []byte { + firstNonWS := 0 + for ; firstNonWS < len(in) && isWS(in[firstNonWS]); firstNonWS++ { + } + + return in[firstNonWS:] +} + +// trimRWS trims whitespace from the end of the input. +func trimRWS(in []byte) []byte { + lastNonWS := len(in) - 1 + for ; lastNonWS > 0 && isWS(in[lastNonWS]); lastNonWS-- { + } + + return in[:lastNonWS+1] +} + +func firstLine(in []byte) []byte { + lineEnd := 0 + for ; lineEnd < len(in) && in[lineEnd] != '\n'; lineEnd++ { + } + + return in[:lineEnd] +} + +func isWS(b byte) bool { + return b == '\t' || b == '\n' || b == '\x0c' || b == '\r' || b == ' ' +} + +func min(a, b int) int { + if a < b { + return a + } + return b +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ms_office.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ms_office.go new file mode 100644 index 0000000000..5964ce596c --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ms_office.go @@ -0,0 +1,225 @@ +package magic + +import ( + "bytes" + "encoding/binary" +) + +var ( + xlsxSigFiles = []string{ + "xl/worksheets/", + "xl/drawings/", + "xl/theme/", + "xl/_rels/", + "xl/styles.xml", + "xl/workbook.xml", + "xl/sharedStrings.xml", + } + docxSigFiles = []string{ + "word/media/", + "word/_rels/document.xml.rels", + "word/document.xml", + "word/styles.xml", + "word/fontTable.xml", + "word/settings.xml", + "word/numbering.xml", + "word/header", + "word/footer", + } + pptxSigFiles = []string{ + "ppt/slides/", + "ppt/media/", + "ppt/slideLayouts/", + "ppt/theme/", + "ppt/slideMasters/", + "ppt/tags/", + "ppt/notesMasters/", + "ppt/_rels/", + "ppt/handoutMasters/", + "ppt/notesSlides/", + "ppt/presentation.xml", + "ppt/tableStyles.xml", + "ppt/presProps.xml", + "ppt/viewProps.xml", + } +) + +// Xlsx matches a Microsoft Excel 2007 file. +func Xlsx(raw []byte, limit uint32) bool { + return zipContains(raw, xlsxSigFiles...) +} + +// Docx matches a Microsoft Word 2007 file. +func Docx(raw []byte, limit uint32) bool { + return zipContains(raw, docxSigFiles...) +} + +// Pptx matches a Microsoft PowerPoint 2007 file. +func Pptx(raw []byte, limit uint32) bool { + return zipContains(raw, pptxSigFiles...) +} + +// Ole matches an Open Linking and Embedding file. +// +// https://en.wikipedia.org/wiki/Object_Linking_and_Embedding +func Ole(raw []byte, limit uint32) bool { + return bytes.HasPrefix(raw, []byte{0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1}) +} + +// Aaf matches an Advanced Authoring Format file. +// See: https://pyaaf.readthedocs.io/en/latest/about.html +// See: https://en.wikipedia.org/wiki/Advanced_Authoring_Format +func Aaf(raw []byte, limit uint32) bool { + if len(raw) < 31 { + return false + } + return bytes.HasPrefix(raw[8:], []byte{0x41, 0x41, 0x46, 0x42, 0x0D, 0x00, 0x4F, 0x4D}) && + (raw[30] == 0x09 || raw[30] == 0x0C) +} + +// Doc matches a Microsoft Word 97-2003 file. +// See: https://github.com/decalage2/oletools/blob/412ee36ae45e70f42123e835871bac956d958461/oletools/common/clsid.py +func Doc(raw []byte, _ uint32) bool { + clsids := [][]byte{ + // Microsoft Word 97-2003 Document (Word.Document.8) + {0x06, 0x09, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46}, + // Microsoft Word 6.0-7.0 Document (Word.Document.6) + {0x00, 0x09, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46}, + // Microsoft Word Picture (Word.Picture.8) + {0x07, 0x09, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46}, + } + + for _, clsid := range clsids { + if matchOleClsid(raw, clsid) { + return true + } + } + + return false +} + +// Ppt matches a Microsoft PowerPoint 97-2003 file or a PowerPoint 95 presentation. +func Ppt(raw []byte, limit uint32) bool { + // Root CLSID test is the safest way to detect identify OLE, however, the format + // often places the root CLSID at the end of the file. + if matchOleClsid(raw, []byte{ + 0x10, 0x8d, 0x81, 0x64, 0x9b, 0x4f, 0xcf, 0x11, + 0x86, 0xea, 0x00, 0xaa, 0x00, 0xb9, 0x29, 0xe8, + }) || matchOleClsid(raw, []byte{ + 0x70, 0xae, 0x7b, 0xea, 0x3b, 0xfb, 0xcd, 0x11, + 0xa9, 0x03, 0x00, 0xaa, 0x00, 0x51, 0x0e, 0xa3, + }) { + return true + } + + lin := len(raw) + if lin < 520 { + return false + } + pptSubHeaders := [][]byte{ + {0xA0, 0x46, 0x1D, 0xF0}, + {0x00, 0x6E, 0x1E, 0xF0}, + {0x0F, 0x00, 0xE8, 0x03}, + } + for _, h := range pptSubHeaders { + if bytes.HasPrefix(raw[512:], h) { + return true + } + } + + if bytes.HasPrefix(raw[512:], []byte{0xFD, 0xFF, 0xFF, 0xFF}) && + raw[518] == 0x00 && raw[519] == 0x00 { + return true + } + + return lin > 1152 && bytes.Contains(raw[1152:min(4096, lin)], + []byte("P\x00o\x00w\x00e\x00r\x00P\x00o\x00i\x00n\x00t\x00 D\x00o\x00c\x00u\x00m\x00e\x00n\x00t")) +} + +// Xls matches a Microsoft Excel 97-2003 file. +func Xls(raw []byte, limit uint32) bool { + // Root CLSID test is the safest way to detect identify OLE, however, the format + // often places the root CLSID at the end of the file. + if matchOleClsid(raw, []byte{ + 0x10, 0x08, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + }) || matchOleClsid(raw, []byte{ + 0x20, 0x08, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + }) { + return true + } + + lin := len(raw) + if lin < 520 { + return false + } + xlsSubHeaders := [][]byte{ + {0x09, 0x08, 0x10, 0x00, 0x00, 0x06, 0x05, 0x00}, + {0xFD, 0xFF, 0xFF, 0xFF, 0x10}, + {0xFD, 0xFF, 0xFF, 0xFF, 0x1F}, + {0xFD, 0xFF, 0xFF, 0xFF, 0x22}, + {0xFD, 0xFF, 0xFF, 0xFF, 0x23}, + {0xFD, 0xFF, 0xFF, 0xFF, 0x28}, + {0xFD, 0xFF, 0xFF, 0xFF, 0x29}, + } + for _, h := range xlsSubHeaders { + if bytes.HasPrefix(raw[512:], h) { + return true + } + } + + return lin > 1152 && bytes.Contains(raw[1152:min(4096, lin)], + []byte("W\x00k\x00s\x00S\x00S\x00W\x00o\x00r\x00k\x00B\x00o\x00o\x00k")) +} + +// Pub matches a Microsoft Publisher file. +func Pub(raw []byte, limit uint32) bool { + return matchOleClsid(raw, []byte{ + 0x01, 0x12, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, + }) +} + +// Msg matches a Microsoft Outlook email file. +func Msg(raw []byte, limit uint32) bool { + return matchOleClsid(raw, []byte{ + 0x0B, 0x0D, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, + }) +} + +// Msi matches a Microsoft Windows Installer file. +// http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File +func Msi(raw []byte, limit uint32) bool { + return matchOleClsid(raw, []byte{ + 0x84, 0x10, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, + }) +} + +// Helper to match by a specific CLSID of a compound file. +// +// http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File +func matchOleClsid(in []byte, clsid []byte) bool { + // Microsoft Compound files v3 have a sector length of 512, while v4 has 4096. + // Change sector offset depending on file version. + // https://www.loc.gov/preservation/digital/formats/fdd/fdd000392.shtml + sectorLength := 512 + if len(in) < sectorLength { + return false + } + if in[26] == 0x04 && in[27] == 0x00 { + sectorLength = 4096 + } + + // SecID of first sector of the directory stream. + firstSecID := int(binary.LittleEndian.Uint32(in[48:52])) + + // Expected offset of CLSID for root storage object. + clsidOffset := sectorLength*(1+firstSecID) + 80 + + if len(in) <= clsidOffset+16 { + return false + } + + return bytes.HasPrefix(in[clsidOffset:], clsid) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ogg.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ogg.go new file mode 100644 index 0000000000..bb4cd781b6 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/ogg.go @@ -0,0 +1,42 @@ +package magic + +import ( + "bytes" +) + +/* + NOTE: + + In May 2003, two Internet RFCs were published relating to the format. + The Ogg bitstream was defined in RFC 3533 (which is classified as + 'informative') and its Internet content type (application/ogg) in RFC + 3534 (which is, as of 2006, a proposed standard protocol). In + September 2008, RFC 3534 was obsoleted by RFC 5334, which added + content types video/ogg, audio/ogg and filename extensions .ogx, .ogv, + .oga, .spx. + + See: + https://tools.ietf.org/html/rfc3533 + https://developer.mozilla.org/en-US/docs/Web/HTTP/Configuring_servers_for_Ogg_media#Serve_media_with_the_correct_MIME_type + https://github.com/file/file/blob/master/magic/Magdir/vorbis +*/ + +// Ogg matches an Ogg file. +func Ogg(raw []byte, limit uint32) bool { + return bytes.HasPrefix(raw, []byte("\x4F\x67\x67\x53\x00")) +} + +// OggAudio matches an audio ogg file. +func OggAudio(raw []byte, limit uint32) bool { + return len(raw) >= 37 && (bytes.HasPrefix(raw[28:], []byte("\x7fFLAC")) || + bytes.HasPrefix(raw[28:], []byte("\x01vorbis")) || + bytes.HasPrefix(raw[28:], []byte("OpusHead")) || + bytes.HasPrefix(raw[28:], []byte("Speex\x20\x20\x20"))) +} + +// OggVideo matches a video ogg file. +func OggVideo(raw []byte, limit uint32) bool { + return len(raw) >= 37 && (bytes.HasPrefix(raw[28:], []byte("\x80theora")) || + bytes.HasPrefix(raw[28:], []byte("fishead\x00")) || + bytes.HasPrefix(raw[28:], []byte("\x01video\x00\x00\x00"))) // OGM video +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go new file mode 100644 index 0000000000..e2a03caf50 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go @@ -0,0 +1,375 @@ +package magic + +import ( + "bufio" + "bytes" + "strings" + "time" + + "github.com/gabriel-vasile/mimetype/internal/charset" + "github.com/gabriel-vasile/mimetype/internal/json" +) + +var ( + // HTML matches a Hypertext Markup Language file. + HTML = markup( + []byte(" 0 +} + +// GeoJSON matches a RFC 7946 GeoJSON file. +// +// GeoJSON detection implies searching for key:value pairs like: `"type": "Feature"` +// in the input. +// BUG(gabriel-vasile): The "type" key should be searched for in the root object. +func GeoJSON(raw []byte, limit uint32) bool { + raw = trimLWS(raw) + if len(raw) == 0 { + return false + } + // GeoJSON is always a JSON object, not a JSON array or any other JSON value. + if raw[0] != '{' { + return false + } + + s := []byte(`"type"`) + si, sl := bytes.Index(raw, s), len(s) + + if si == -1 { + return false + } + + // If the "type" string is the suffix of the input, + // there is no need to search for the value of the key. + if si+sl == len(raw) { + return false + } + // Skip the "type" part. + raw = raw[si+sl:] + // Skip any whitespace before the colon. + raw = trimLWS(raw) + // Check for colon. + if len(raw) == 0 || raw[0] != ':' { + return false + } + // Skip any whitespace after the colon. + raw = trimLWS(raw[1:]) + + geoJSONTypes := [][]byte{ + []byte(`"Feature"`), + []byte(`"FeatureCollection"`), + []byte(`"Point"`), + []byte(`"LineString"`), + []byte(`"Polygon"`), + []byte(`"MultiPoint"`), + []byte(`"MultiLineString"`), + []byte(`"MultiPolygon"`), + []byte(`"GeometryCollection"`), + } + for _, t := range geoJSONTypes { + if bytes.HasPrefix(raw, t) { + return true + } + } + + return false +} + +// NdJSON matches a Newline delimited JSON file. All complete lines from raw +// must be valid JSON documents meaning they contain one of the valid JSON data +// types. +func NdJSON(raw []byte, limit uint32) bool { + lCount, hasObjOrArr := 0, false + sc := bufio.NewScanner(dropLastLine(raw, limit)) + for sc.Scan() { + l := sc.Bytes() + // Empty lines are allowed in NDJSON. + if l = trimRWS(trimLWS(l)); len(l) == 0 { + continue + } + _, err := json.Scan(l) + if err != nil { + return false + } + if l[0] == '[' || l[0] == '{' { + hasObjOrArr = true + } + lCount++ + } + + return lCount > 1 && hasObjOrArr +} + +// HAR matches a HAR Spec file. +// Spec: http://www.softwareishard.com/blog/har-12-spec/ +func HAR(raw []byte, limit uint32) bool { + s := []byte(`"log"`) + si, sl := bytes.Index(raw, s), len(s) + + if si == -1 { + return false + } + + // If the "log" string is the suffix of the input, + // there is no need to search for the value of the key. + if si+sl == len(raw) { + return false + } + // Skip the "log" part. + raw = raw[si+sl:] + // Skip any whitespace before the colon. + raw = trimLWS(raw) + // Check for colon. + if len(raw) == 0 || raw[0] != ':' { + return false + } + // Skip any whitespace after the colon. + raw = trimLWS(raw[1:]) + + harJSONTypes := [][]byte{ + []byte(`"version"`), + []byte(`"creator"`), + []byte(`"entries"`), + } + for _, t := range harJSONTypes { + si := bytes.Index(raw, t) + if si > -1 { + return true + } + } + + return false +} + +// Svg matches a SVG file. +func Svg(raw []byte, limit uint32) bool { + return bytes.Contains(raw, []byte(" 00:02:19,376) limits secondLine + // length to exactly 29 characters. + if len(secondLine) != 29 { + return false + } + // Decimal separator of fractional seconds in the timestamps must be a + // comma, not a period. + if strings.Contains(secondLine, ".") { + return false + } + // For Go <1.17, comma is not recognised as a decimal separator by `time.Parse`. + secondLine = strings.ReplaceAll(secondLine, ",", ".") + // Second line must be a time range. + ts := strings.Split(secondLine, " --> ") + if len(ts) != 2 { + return false + } + const layout = "15:04:05.000" + t0, err := time.Parse(layout, ts[0]) + if err != nil { + return false + } + t1, err := time.Parse(layout, ts[1]) + if err != nil { + return false + } + if t0.After(t1) { + return false + } + + // A third line must exist and not be empty. This is the actual subtitle text. + return s.Scan() && len(s.Bytes()) != 0 +} + +// Vtt matches a Web Video Text Tracks (WebVTT) file. See +// https://www.iana.org/assignments/media-types/text/vtt. +func Vtt(raw []byte, limit uint32) bool { + // Prefix match. + prefixes := [][]byte{ + {0xEF, 0xBB, 0xBF, 0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x0A}, // UTF-8 BOM, "WEBVTT" and a line feed + {0xEF, 0xBB, 0xBF, 0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x0D}, // UTF-8 BOM, "WEBVTT" and a carriage return + {0xEF, 0xBB, 0xBF, 0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x20}, // UTF-8 BOM, "WEBVTT" and a space + {0xEF, 0xBB, 0xBF, 0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x09}, // UTF-8 BOM, "WEBVTT" and a horizontal tab + {0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x0A}, // "WEBVTT" and a line feed + {0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x0D}, // "WEBVTT" and a carriage return + {0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x20}, // "WEBVTT" and a space + {0x57, 0x45, 0x42, 0x56, 0x54, 0x54, 0x09}, // "WEBVTT" and a horizontal tab + } + for _, p := range prefixes { + if bytes.HasPrefix(raw, p) { + return true + } + } + + // Exact match. + return bytes.Equal(raw, []byte{0xEF, 0xBB, 0xBF, 0x57, 0x45, 0x42, 0x56, 0x54, 0x54}) || // UTF-8 BOM and "WEBVTT" + bytes.Equal(raw, []byte{0x57, 0x45, 0x42, 0x56, 0x54, 0x54}) // "WEBVTT" +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go new file mode 100644 index 0000000000..6a1561923c --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go @@ -0,0 +1,51 @@ +package magic + +import ( + "bytes" + "encoding/csv" + "io" +) + +// Csv matches a comma-separated values file. +func Csv(raw []byte, limit uint32) bool { + return sv(raw, ',', limit) +} + +// Tsv matches a tab-separated values file. +func Tsv(raw []byte, limit uint32) bool { + return sv(raw, '\t', limit) +} + +func sv(in []byte, comma rune, limit uint32) bool { + r := csv.NewReader(dropLastLine(in, limit)) + r.Comma = comma + r.TrimLeadingSpace = true + r.LazyQuotes = true + r.Comment = '#' + + lines, err := r.ReadAll() + return err == nil && r.FieldsPerRecord > 1 && len(lines) > 1 +} + +// dropLastLine drops the last incomplete line from b. +// +// mimetype limits itself to ReadLimit bytes when performing a detection. +// This means, for file formats like CSV for NDJSON, the last line of the input +// can be an incomplete line. +func dropLastLine(b []byte, cutAt uint32) io.Reader { + if cutAt == 0 { + return bytes.NewReader(b) + } + if uint32(len(b)) >= cutAt { + for i := cutAt - 1; i > 0; i-- { + if b[i] == '\n' { + return bytes.NewReader(b[:i]) + } + } + + // No newline was found between the 0 index and cutAt. + return bytes.NewReader(b[:cutAt]) + } + + return bytes.NewReader(b) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/video.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/video.go new file mode 100644 index 0000000000..9caf55538a --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/video.go @@ -0,0 +1,85 @@ +package magic + +import ( + "bytes" +) + +var ( + // Flv matches a Flash video file. + Flv = prefix([]byte("\x46\x4C\x56\x01")) + // Asf matches an Advanced Systems Format file. + Asf = prefix([]byte{ + 0x30, 0x26, 0xB2, 0x75, 0x8E, 0x66, 0xCF, 0x11, + 0xA6, 0xD9, 0x00, 0xAA, 0x00, 0x62, 0xCE, 0x6C, + }) + // Rmvb matches a RealMedia Variable Bitrate file. + Rmvb = prefix([]byte{0x2E, 0x52, 0x4D, 0x46}) +) + +// WebM matches a WebM file. +func WebM(raw []byte, limit uint32) bool { + return isMatroskaFileTypeMatched(raw, "webm") +} + +// Mkv matches a mkv file. +func Mkv(raw []byte, limit uint32) bool { + return isMatroskaFileTypeMatched(raw, "matroska") +} + +// isMatroskaFileTypeMatched is used for webm and mkv file matching. +// It checks for .Eߣ sequence. If the sequence is found, +// then it means it is Matroska media container, including WebM. +// Then it verifies which of the file type it is representing by matching the +// file specific string. +func isMatroskaFileTypeMatched(in []byte, flType string) bool { + if bytes.HasPrefix(in, []byte("\x1A\x45\xDF\xA3")) { + return isFileTypeNamePresent(in, flType) + } + return false +} + +// isFileTypeNamePresent accepts the matroska input data stream and searches +// for the given file type in the stream. Return whether a match is found. +// The logic of search is: find first instance of \x42\x82 and then +// search for given string after n bytes of above instance. +func isFileTypeNamePresent(in []byte, flType string) bool { + ind, maxInd, lenIn := 0, 4096, len(in) + if lenIn < maxInd { // restricting length to 4096 + maxInd = lenIn + } + ind = bytes.Index(in[:maxInd], []byte("\x42\x82")) + if ind > 0 && lenIn > ind+2 { + ind += 2 + + // filetype name will be present exactly + // n bytes after the match of the two bytes "\x42\x82" + n := vintWidth(int(in[ind])) + if lenIn > ind+n { + return bytes.HasPrefix(in[ind+n:], []byte(flType)) + } + } + return false +} + +// vintWidth parses the variable-integer width in matroska containers +func vintWidth(v int) int { + mask, max, num := 128, 8, 1 + for num < max && v&mask == 0 { + mask = mask >> 1 + num++ + } + return num +} + +// Mpeg matches a Moving Picture Experts Group file. +func Mpeg(raw []byte, limit uint32) bool { + return len(raw) > 3 && bytes.HasPrefix(raw, []byte{0x00, 0x00, 0x01}) && + raw[3] >= 0xB0 && raw[3] <= 0xBF +} + +// Avi matches an Audio Video Interleaved file. +func Avi(raw []byte, limit uint32) bool { + return len(raw) > 16 && + bytes.Equal(raw[:4], []byte("RIFF")) && + bytes.Equal(raw[8:16], []byte("AVI LIST")) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go new file mode 100644 index 0000000000..dabee947b9 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go @@ -0,0 +1,92 @@ +package magic + +import ( + "bytes" + "encoding/binary" + "strings" +) + +var ( + // Odt matches an OpenDocument Text file. + Odt = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.text"), 30) + // Ott matches an OpenDocument Text Template file. + Ott = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.text-template"), 30) + // Ods matches an OpenDocument Spreadsheet file. + Ods = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.spreadsheet"), 30) + // Ots matches an OpenDocument Spreadsheet Template file. + Ots = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.spreadsheet-template"), 30) + // Odp matches an OpenDocument Presentation file. + Odp = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.presentation"), 30) + // Otp matches an OpenDocument Presentation Template file. + Otp = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.presentation-template"), 30) + // Odg matches an OpenDocument Drawing file. + Odg = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.graphics"), 30) + // Otg matches an OpenDocument Drawing Template file. + Otg = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.graphics-template"), 30) + // Odf matches an OpenDocument Formula file. + Odf = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.formula"), 30) + // Odc matches an OpenDocument Chart file. + Odc = offset([]byte("mimetypeapplication/vnd.oasis.opendocument.chart"), 30) + // Epub matches an EPUB file. + Epub = offset([]byte("mimetypeapplication/epub+zip"), 30) + // Sxc matches an OpenOffice Spreadsheet file. + Sxc = offset([]byte("mimetypeapplication/vnd.sun.xml.calc"), 30) +) + +// Zip matches a zip archive. +func Zip(raw []byte, limit uint32) bool { + return len(raw) > 3 && + raw[0] == 0x50 && raw[1] == 0x4B && + (raw[2] == 0x3 || raw[2] == 0x5 || raw[2] == 0x7) && + (raw[3] == 0x4 || raw[3] == 0x6 || raw[3] == 0x8) +} + +// Jar matches a Java archive file. +func Jar(raw []byte, limit uint32) bool { + return zipContains(raw, "META-INF/MANIFEST.MF") +} + +// zipTokenizer holds the source zip file and scanned index. +type zipTokenizer struct { + in []byte + i int // current index +} + +// next returns the next file name from the zip headers. +// https://web.archive.org/web/20191129114319/https://users.cs.jmu.edu/buchhofp/forensics/formats/pkzip.html +func (t *zipTokenizer) next() (fileName string) { + if t.i > len(t.in) { + return + } + in := t.in[t.i:] + // pkSig is the signature of the zip local file header. + pkSig := []byte("PK\003\004") + pkIndex := bytes.Index(in, pkSig) + // 30 is the offset of the file name in the header. + fNameOffset := pkIndex + 30 + // end if signature not found or file name offset outside of file. + if pkIndex == -1 || fNameOffset > len(in) { + return + } + + fNameLen := int(binary.LittleEndian.Uint16(in[pkIndex+26 : pkIndex+28])) + if fNameLen <= 0 || fNameOffset+fNameLen > len(in) { + return + } + t.i += fNameOffset + fNameLen + return string(in[fNameOffset : fNameOffset+fNameLen]) +} + +// zipContains returns true if the zip file headers from in contain any of the paths. +func zipContains(in []byte, paths ...string) bool { + t := zipTokenizer{in: in} + for i, tok := 0, t.next(); tok != ""; i, tok = i+1, t.next() { + for p := range paths { + if strings.HasPrefix(tok, paths[p]) { + return true + } + } + } + + return false +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/mime.go b/vendor/github.com/gabriel-vasile/mimetype/mime.go new file mode 100644 index 0000000000..62cb15f593 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/mime.go @@ -0,0 +1,186 @@ +package mimetype + +import ( + "mime" + + "github.com/gabriel-vasile/mimetype/internal/charset" + "github.com/gabriel-vasile/mimetype/internal/magic" +) + +// MIME struct holds information about a file format: the string representation +// of the MIME type, the extension and the parent file format. +type MIME struct { + mime string + aliases []string + extension string + // detector receives the raw input and a limit for the number of bytes it is + // allowed to check. It returns whether the input matches a signature or not. + detector magic.Detector + children []*MIME + parent *MIME +} + +// String returns the string representation of the MIME type, e.g., "application/zip". +func (m *MIME) String() string { + return m.mime +} + +// Extension returns the file extension associated with the MIME type. +// It includes the leading dot, as in ".html". When the file format does not +// have an extension, the empty string is returned. +func (m *MIME) Extension() string { + return m.extension +} + +// Parent returns the parent MIME type from the hierarchy. +// Each MIME type has a non-nil parent, except for the root MIME type. +// +// For example, the application/json and text/html MIME types have text/plain as +// their parent because they are text files who happen to contain JSON or HTML. +// Another example is the ZIP format, which is used as container +// for Microsoft Office files, EPUB files, JAR files, and others. +func (m *MIME) Parent() *MIME { + return m.parent +} + +// Is checks whether this MIME type, or any of its aliases, is equal to the +// expected MIME type. MIME type equality test is done on the "type/subtype" +// section, ignores any optional MIME parameters, ignores any leading and +// trailing whitespace, and is case insensitive. +func (m *MIME) Is(expectedMIME string) bool { + // Parsing is needed because some detected MIME types contain parameters + // that need to be stripped for the comparison. + expectedMIME, _, _ = mime.ParseMediaType(expectedMIME) + found, _, _ := mime.ParseMediaType(m.mime) + + if expectedMIME == found { + return true + } + + for _, alias := range m.aliases { + if alias == expectedMIME { + return true + } + } + + return false +} + +func newMIME( + mime, extension string, + detector magic.Detector, + children ...*MIME) *MIME { + m := &MIME{ + mime: mime, + extension: extension, + detector: detector, + children: children, + } + + for _, c := range children { + c.parent = m + } + + return m +} + +func (m *MIME) alias(aliases ...string) *MIME { + m.aliases = aliases + return m +} + +// match does a depth-first search on the signature tree. It returns the deepest +// successful node for which all the children detection functions fail. +func (m *MIME) match(in []byte, readLimit uint32) *MIME { + for _, c := range m.children { + if c.detector(in, readLimit) { + return c.match(in, readLimit) + } + } + + needsCharset := map[string]func([]byte) string{ + "text/plain": charset.FromPlain, + "text/html": charset.FromHTML, + "text/xml": charset.FromXML, + } + // ps holds optional MIME parameters. + ps := map[string]string{} + if f, ok := needsCharset[m.mime]; ok { + if cset := f(in); cset != "" { + ps["charset"] = cset + } + } + + return m.cloneHierarchy(ps) +} + +// flatten transforms an hierarchy of MIMEs into a slice of MIMEs. +func (m *MIME) flatten() []*MIME { + out := []*MIME{m} + for _, c := range m.children { + out = append(out, c.flatten()...) + } + + return out +} + +// clone creates a new MIME with the provided optional MIME parameters. +func (m *MIME) clone(ps map[string]string) *MIME { + clonedMIME := m.mime + if len(ps) > 0 { + clonedMIME = mime.FormatMediaType(m.mime, ps) + } + + return &MIME{ + mime: clonedMIME, + aliases: m.aliases, + extension: m.extension, + } +} + +// cloneHierarchy creates a clone of m and all its ancestors. The optional MIME +// parameters are set on the last child of the hierarchy. +func (m *MIME) cloneHierarchy(ps map[string]string) *MIME { + ret := m.clone(ps) + lastChild := ret + for p := m.Parent(); p != nil; p = p.Parent() { + pClone := p.clone(nil) + lastChild.parent = pClone + lastChild = pClone + } + + return ret +} + +func (m *MIME) lookup(mime string) *MIME { + for _, n := range append(m.aliases, m.mime) { + if n == mime { + return m + } + } + + for _, c := range m.children { + if m := c.lookup(mime); m != nil { + return m + } + } + return nil +} + +// Extend adds detection for a sub-format. The detector is a function +// returning true when the raw input file satisfies a signature. +// The sub-format will be detected if all the detectors in the parent chain return true. +// The extension should include the leading dot, as in ".html". +func (m *MIME) Extend(detector func(raw []byte, limit uint32) bool, mime, extension string, aliases ...string) { + c := &MIME{ + mime: mime, + extension: extension, + detector: detector, + parent: m, + aliases: aliases, + } + + mu.Lock() + m.children = append([]*MIME{c}, m.children...) + mu.Unlock() +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/mimetype.gif b/vendor/github.com/gabriel-vasile/mimetype/mimetype.gif new file mode 100644 index 0000000000000000000000000000000000000000..c3e80876738f11cdbdb4d4328df05fe72bf48a23 GIT binary patch literal 1343793 zcmeFYWm6n(@UA&C*x-XZ8GO*-5Zr?YhhV`SLV_gt;Dfuny9al7*Wkh3EjHQTzs_#$ zeuh1#Up{ZTx~rb9uDkE+t&)Q98}konZ&04Q08cN!%>1H`&o0gVqn*PN!!wHNI{FSy z&M&U-x<@9H3adP#(yZXIiG@|&!;@aI86898Hi5Bg+k2A>t9HTh4P66w4^ML|>!E3d zxz*nePA(oEU-GNJ-P}Ls*EVOCH(cL7TwLGA=9WJ^y;QYyU*6nz4NoktZDy3$e~C#S zomq5`N^?adyG5pY$7fBgySnj-&$@qnUi`k*)IB&c zzY>>M@$mHXQAbNamIlrd)@bsdjp>26%$2KT#d~RuH|2Un3C5sGIjUxyt=tNyZn9c==5t$hEr%_OW#P&|0JCcNXjj5>fG8p zENN&DOwNzWF4_8V_~Y<2IIUn~_h4*xX=QVFaANlI<}N((%R$mubaEa?foPF#2kl^gvhMYqWae6-r?i(tLoOCj=}Mr z{iD;1>!jkUZ#_c`Yn!R1wGo-cVd;fwrM1!7Wnmdbqq9pfxn=O=-0GH|$@!Jr`={Er z-rlk4^s>5<>4nCwfyk_ql;Y~*`c}aIkAm(eDuDLCdg%UPtIO+X%Svm=^Kx;c0RPvM zlC!z3wVJuDy`>|rt+}(axi~i$zW~300D$9vdhkDg2mnR`fM9CH`uzT2FcF*aSbf1@ zID|ntTd|>VIEtLlVRNjZXfzHg8%eFySUjEt)2=igZ!DQi(n8ao>@vUO9OruCSN4dFjxyqo)VQZqfYPHU6Fp@^4rTTl5-D0K5 zWJ}FPtLy$mj!J9oR_E9Iv#rV2x}9D)3O223Tm6qg1QEOGR9nOTXgq^Tu4;SZ;bc0W z5k^})q2axT(!=Y%Z)a-^X=)**6W?VVC+}wU2V7f zV@d2EX1dz%kLQY1^3=OK9?#dB9Cv2AJD;z22a!>)-t~0-ygym2`Y_wm{rmZ5e=_e~ zZ_nS~FZbs=v%S6l{sGWoyKq!eyWK!AbNOx%j^N2|Fhl|NBZOGb?nfxOP5F;7YR{7& z;m|PH9)dB|ZZ85>TD}*_(Q>jE#XSPskLF*o+m8`GD&LP4dpg;VlR{@bh?gU^KS)qy zt~f|k6+Asi(okSMOxDq}KTI*OsW?nE_B=gIGYexqO1Db2KgzHxtvJebYB@d1avfnk z&URn1KhF7jRB@c^`*eDo2S;Z+$qylQI4M9dSDq9`3!a@6#VfF#7ANaDoR*~9RGyY* zd!C(^<%hAIl^3TvoK=*UR-RQ>x160-A?ruj&a1zzIGoqC9aWy!c0HY)*Y%;ZU(^qg zI$ku4F;`tQP6?i0G|efnUw&KCbG&R`v#Gjl+4MZWY~2lGziK;3b-ZdnDXqHdxM(@Q z>bx0YzwUZialGz+IjXwu`SWys-3!3rxamVBbGqpVvsB*<;0RsZ3_{*=+zt`zJKYYG z+g9I>P=C3&9fgK-+>J4&Io*xJ%Bt@sI9f06Cb>sB?x*-yrwjqY$JO^UV$T=%vr-tG z4|8&4&JXj7EHw`cs#MN=qiSzCAD49WogbGC-u->OpIT(tY=hhJTv=wa6115k<0`hXa8@o*3}cfAw}9uyvb@ogiv z^9n^A%8zQD;v&*pu3yqIOQ5JRhf4gQ+K-AZ{aXAHg!zj9)`}vat7lxh*%v?pFzZJ{ z*^LHD6CGp+qEp%RNzbfdFGaFNk0_8r0_loncgz#zqGOqy2m}14>T?63&^TCu4yyWP-9&q@c`W-!ZX12W7tj zgz**^;L3uffTcGf$opS(I(je&@h%4%iah|u3(!kLKaAwNpw z%c^gDPqE=x=#8N4hFvIU-**tI)(9Yb9%_%%M_DH<^9tQ83hmrNd!&_*tP2js>7&5G zBSgvOk%9)|^g(g8#sJibu|O!Dp(uCb3@6vlLE2((Fo(AZr>>`%=as_6Eh1eA8 zHKw$nK8iU&B(PkXFb%B4KA;teoXj9`dq2vt&65H&D$zpNp@6pm7{Wu}aWE5uX+Y4h z2@XZRPoA=h%6A;es5YG;8N~D;DU3H8fhcri!L&HV7-DT^;E{-?&$)a#uZ+tCG%Kb9 zJ`u5QBOm(lmxNFP0d%&~kOB0N-N5X>pP>JS-b-N^YGl*6=k`>Wi3hwP{RlDxzhMB$ z(6u$ullMcVcFSkPydi9+iyYsR?K-Z!h@)ufY!#u3VAc2#5^ggzC5-_>2=8L%Hh-BY zCo3t-xK@gHRr!fhg=RofbE(K%?-cw?~y;2~4k`XbIh9 zSnnNgkZ2hA2cbn*I==aT-=dLKkGw6x;W_dxrQVg zPH-mRe5?q%UQScRn13ogA?b9swsvF57@%nYhZ|I&m^t}V>K^IdMW`arXQa>fC=P)D zym5&J7+@~Gi9fo1LW}k+Vmuqde4vVJxN=WqKR(H}{bpDJ2S6A+Wz!_MZs5X9lkG!) zEN~Ew`{n386;9)!>b27%=o88ecsE`h#VpyCgUQhdMlNqj$NGG~SN4u_GauU?3SusI#P@$f z3-JKd%6?8d!CK2pTL(=w-Kz$1QR`3ULJ9}e;o0Nn8(vp}J@|XJ*}%+=GLA7$HTz+` z9$wqVkjI!^PL8m}x7%czchs4G4s`F|>;TI?N8*0A&bFr5g09ngi@?iM=?ThKAKk%4hN=c9=lPhcgu7K0o&zitDF*oIRu) z7=3jj{mncD+60ud_jaK$>@?DnX z-DZD^*Ar^*o8j=yTgMdNM~;9u)2o~Jwj_Ux@g%nwTRomEk-C5Ho&E`L&AxlF7Vz&h z?UgtjMgHte@t>#-khlzZdHz5Wa5L2_{22H1uTe_C^+ka2UyN74bT*VWntv?RXyslQ z14>emP=0lNSpFx#6kYEe5X@sj|_6ISVRYT0!CwL3*fMldE<*tF9fjA$gbuEX=qqsDZK6thMP8 z+eM`XMKzX2nG8fZgQ8*d(Y!Lz4i?c&LDAGlQ7MJd413XyW6{Z=7&@64c8eIxpqNCa z7{kIC^Su~qP%JZjtf@@w#Bj`ei&*2rSh9iGWkhVkUMvZH+$)(leTz6*^tk8pxVWG= zg1tB@P`oyMJf2KExkbE2Q2e}2SYBbg`d+;IaNJi|g12IVuU&#aA^~2W5Hyw$a*_}R zPDH>GBNY>)?Gj@ViSgx$iDQY$CyA+GWKudTDN`{i+b$^=k<>mGFIS%A1xhdvWtXxK zmr!Dm{TV0k#q##Mpi)GnT1Di$@kq_nNNvn0U5Xg7@2o0b3GXT5^p&En8&e{dQ?lq& zd6ZKBzNCo$46Cw8#o0@h1EqzBrka+gy3nUhyiH3FN|PQ)TPREGv`g!Ur4K5m58I`W zBGSjp(z99!g{~nn)T(2lKyEUrc2R zd}U&yNJHehZXQWv*+C-hUAz`j3Mnte(keClRB9aQ>vTrtau(<|LGGGa z*!#8Yl9a(~y=-T!jFYSkd2(D5ghlF+NglzLACj4+vR2>W>})0S)tky z7w?^x>_8si0Lc`ol$ogb^Sxp&qM}l{vKlL|v@*M#4W9O^+?$dqijAh#kfgv6(%wPX zok`Z~5S(X7-l+`fk0cy*AREW>8&oDA7J*C}63&Z|Ek;r=ceqq4SHaIhYSwFhX3(!z zny<4}PX8)BoFLfFtgWTYPR*>rAgF~l6rPFH9bwiUQj7uA z2b5K2Cv_Bb^>hXGV*T~933Y(odd#SLa=Hc@^9Ft820vf}xg)_}hx!DpMmAXEgHnB0 zWrOx@gQ7znBRev%=~pd`orLXoDvwI80Cx3jqxxoLYMLqnaqLo|C^BlQZ|Xcv*yD|t zBDE|Vja0WrJq*VEO@^Np(1h;++ar9N^2RmyA_(PgklQAb^JZsYizv@G)hvR;X1?PR z!wt(%JIoLrDuCXk)3QgiXpyO@`8Q{_7ANTz5%U(aPm;iRN#YU7Y)>a`qvp6T-iM10 zzFQ3pro_20vljM3b1>stLcO^{f3NI5sp(4HBXYD=&J-ice+-! z{T^vUK_=Kmt&n(ACD^JIDPcD;caj__KnjSvJvaDDt4w-5&CMSi){VNb8oFw+d+pb| z$t%B&OvH?jC{C7kx>xa?{^mPB=bL#V+30M#w(GS^X;S%3vM&lbJnt=2=~xo&2Pe2> zTlGCe^*Tt)mFc4T-(bMGy=$!@R5$2>P%x?#P>36>4?r!T(!5|x`GH-t`O+2Iq5>*# z(-ees8+CWQm8eBk!F=w)`a>3T(k~^8acnezDh-ZV;zO_uPI(P6PxSwqh-sZvonh?g z{5?qO3xS36jS{!(bv3{$hI|E4LjT)V-M~`D5QBI{Y&cku8w7@9yw*VbIM+&LEQSoY z7!}AKw#6ZkwN;nLct_0bBO2W%F4q0|yfZG%9mqX=WH{!NFr;~;77@>92pL5#DriFi z?sUB@<`Z1=UB(HXj;k8L8x2#OA+s*GIE*iG8}Ejq#=Q&1$&S^S;`zh?6QKD|zQSd_V5O?gVN86qQzA zY&HX?X{L-b>3)-fOeFZ=7%tI#uD)}5f=)ql5Ud=&Sm>Cd%Af&t1MVe~2qT*mw8e)B z9WMyu+ZTk;#qcq7Pq8|W>{K;fch#(9j_hn|^4x$!pxtQZGw~Xb1hYj(@xd6cg)yf= z{G1tW@sHAfTUMeVLmZgO(@Vl8%UtP;aIrBM?n+(5f}Q3(mh>cO-tDs$3Tnd=&~@=a zXIS)dMohf?pX$7ROoxIA#59~w^9DU>4#g_o&V6fU!E5!W$_l#3yi36frt~ywAR6lp zUxb>D&0lKG%PO4BHE=W>riA%M8}ndlzE~gPVTMXQ=Zy*lr$R74Ky*CBV=cDC^Ej6a zXsBbpV!j#tZ@OIO zKA)u7cnZ(fE!*a~>WW+22T~wrM*e4Z9+Xu-k_~avtr`rpIrNeeioNN&0~*rhZlXLA z!y=CzM&nih)Ko0VL~_ssg}|su*Qhnc2(8Bu<;S;vl0j+{V`C#o<_$PY12y{wkh6=~ zO;XRAvlC*x@XloOE2qUAlZl$@E_x3i_=*n;53ud=m0-K&X@Ba~lH_`5E2scu{*6xn zuZXE<2RG{ArshDTW-nj-L$#-e8l#yLXTL5U099cGTxy1MWJZVs2vTYLO$2xx?4fw_ zjCjBltOw?sp<`D>8TVhGDZK)otP~J7z42 z@G+FmRettkiLnC(oaK8KTlX+N&!^*ui(_4vnSTmrpw^DuT9w~n-6-a$0Di1%&eONs z-TycZi#@yzCR@5f*VR=aIO;|%p++4{KY9d2`yNH5qxs0Wyj7)-Pn6HwozBsX?AOCC zh3_33IIe*=jz1I}0*{XIIUod1M;82$Vknvj16m0jJ^7}7Rzj6iVt2#(a?Sc$z<*yW zdw;cOe|7&xDz?TmHbvTP0r__fknbowh;)2XzxK=h^xFTLwnp*b==ir0B<4YJNw*J$ z2l#G|Pe0z0t@~zn*p?J}s4I7<8MghmO*9V`N@4koerH`Dy#W&Zbb>R~~$+1!>W_;^j<$@-SQrc%FdcPpWbE@<- z#u&!OymFcsyDWxb351>uaA}9;TIOY)NGM!_#o>CSD4@sI2^*{id7!ZR{<@QhdYbX-Q8)Lu6LQwNOA^BL<+G-qs@2psDi2Dft6c5tb4#DVHdEW? z-kdpK_`LQAyjs&=l0f16w__RQf z2AEC*-VY!_16cB3Td?|q%jUHfOV0UXBUW*VVt zjRLl*@>zP9hAqxpJ%7KFUKw|ITy76f>T!*9d%b7&Fkp!y4a0R6LsjKODuaDCZbI8q-Sj^P0z&B^7)(CKK&d!(i`SOBjQQOw%P>8059L9TEO0zoNIFW2uU zbXw!D#=(R368`C7bd0WoQ>5>&#~&Dg3V(mCV|@MGJLq2-#s)cpeZKj=FcI&fvLik0)Bf1_`|=9F?p&=@W%YnE`yE_aI*eF} z@{=M%oE&d4eUeq963bhykK<1-zop~I)7SO^BssD-bQGM$wJL%60D1%!3|@pI@k?>6 z|55_0KZH@w3~3h1m~3F7u*@wIM8^ow7$hMyjgY}d*LndUXjPN%l-~YuNS2@kB7*7O znCe_iFLC`rV1_LTpH7BTnt@S4D0aKU6n4<%d`jAw2hI1kkL-GeABR)AVVYCT`X9s_ zAN9=(4jvULZPN##tV4b7jG9@0$8f@Cz`ELjs%9r4v7gPx0&Se*x#3iJKD=w@v-0}m z7K_%cTg{%svnF0i{9m>|oLk2!h>&AhE|TOlKb4A06I$W~8$ubhX?U>cjA=<}%JYNQ z<+$jBDcuP__z0!yTEFTzcJxs6f6KRSZa-#a zkW@9_7R~(21%l0F-)twP%`97$=6UK^m6y#-+E;3S6A?xx-{Grry?eYE%^%W0>xZ zmS=xAiI4Psh|>x1+q3(UclEU2`o;fO)H4zpciEd4@K@vD~3&l;r&tYVkqMLAz*+Nz%B5lR-323mDR1UV>PN7B&A5KP{LTaqW!`e4$J`0(kCANVl`vIhj32tl4bg83vlrkThHHPvyVCNen~o>HW4 zH6=-dVh6hmkECIU1zEQu$4g8@xEcTc_E7o=QA$G0wU6cVCi&>Ef`r)D+50q?O(Sc! zx3T_941|~Diud-j@!@h-^d#+y3W5s>aUoWWOcA0o0}Y9apaZ54iAri%wuyPD)-d@u z%37%l$vM6VR^4`Gy_SWPI#out!(pZOD+{S#L#(+x+Eq-Sw7gnX$v6X%Z&WQ-=F>*y zYJCoDibanm6-{3UPH9JU?fmxpWwo7>e~I^@&0P;G^W-^`HsCuJYY*@`TWi@Vh> z=3Ix^is61$^IBQVeI6?Ny`J&T|7kJr-w>rZP(&k$bSa-|<5-%cLnBO3hZ*EyC&whB z8HvtPKr(EnAW%6I<+4=t3hk6%lu|1(b*VUo`cz4`Ln~E~r-U=qUe(&WKW%2IRA{*3 z#UWEW_i3rDapUw|sEAIXDQCI7yn|NCS#1&5a>ct)wrVJ)Zl&IGrC;`$ZgYoj?OsFG z2Q){6+h^5=)a7bhc{{!N4!xEZk2nVpN8>{geVoLU+AqV7ru`U5{qCpbx&S7^4?t0a zfrU>Q;qp!vBw3vUf-4Q(hE7&YqVEkPRvOb{GR?NW>r8pBRA+n8*@=s;*G3A4mNGdz zR7I{6H0m|inN&K8!i?5dJj=h8RM;#U{Wd5N%yMs-iEDqAvx+Kf_+S%Y6ZH_eLnge{+>A> zknwV~TUh~Vpi2G$LW-iUebJ(4er*f&wiOLNtcaSSe|YTH2SlRcZKhBV4?u9<3>||u z&G0_*brS)wFcAt(0YE4L&U{c9*`_%udvh0MJV;gtNRK2uM}5O&2FBNMS|xp6tJ$xS z1(MUF4XU*bMVWyaJTEMnpFO%70FfNr7&SyxjKcvNu1U?tlh-W>x&V!Ym}hq3U~#QL@+9+&yI%Rwj~gz2h>Dz<8z^>Yi}bQSLG^IlxB&yOuBuo2y8B1xeB7 zi-Y40Sm|u3Az~0TR@Fc(-FgrR!2S6!0WF<=n%&s+GI-7mLC` z5{J%XdHi2?o#L6ruXzAA8tB$Mj@J#gI62bvoWU9@=JVI!7Mw!P=IeMV1GUQKy zf9?yMN&+|G6(2u0Bko)z!LHF3!8;06omG4)fFTJ$`w>TXP6imP7&yb;`ykr8&(jO! z?Mq50&gBN@jfv#L@%~LpR#f2u>J!S!Nx!4OE5Y!p8$>l2Ub7}TO@s}St3wm(LumIe zI!Gs^6CZMej}TH}=~Ax~B+t_Ou3qr|+=FTVAa20$+wy(@H$IEEG>38@iE$w#YQdu= z0hw3N(q#X^ITB3OpMX0g5q%>Cxd0O|N@L>?GV)7&Hk4uBtm1WIh7BQ9+gyp0qM){&NtbT(fK`q z`W~?d@Fh0j$_MPi1ODhG;hGWMk4-1BY^@@n1JY0>K{hKI=(VG(NLIGMwhJko6P~c2SgS@T6RCqv};#5 z05=$dyTFYbEF8zmpSjwGD3(^RwkqQLR%*3GxmnO5VhQE}0u1G{QQt$3xktQl$O94a zn8*nJ7q=_`Jj;?p>Wj|XeG7#nL&c=3ME3E-II1jX4jG`*n^C1C0sAD0>=BdVY?1aP zF>@-3TcTo>(GY3|&j*qej+P|3@lr>{)5viti*bJ+rPq~8#^Xw23`1EVN+I7$a#Z>9 zmzWD4#=m4JT_{gT8cxVEP840_l}1mLRSQ<|(-nnG^fXMo^edl#pRg{Ts1B*Cqn@l! zF01twX(Co>*H#I2RQW|eX&W`!+||}@rQ+eH)bSwD`G@vf@~a-JvDT$YN0cdRcGWbI zDbU?yzf;68hkU;=%P2MJxYZO)S#=;pwPbQ~!o7crzj~6Ge!}VPOf=oR)vLK;QRGs# z@&XR$G9&FG2jeV<(5lt+=+abN&~$0R^m=jHRyMsa%FM26Yw*Ez)q~m=!OVfqjMDnl zo{r*o-=f3hnNywOBlnp;oVv{^=F2Yit7N9@V&>S?B z_`b_Do)yfReW;FmSz`E;t#o3ho4uN#j{+&O>J|<-g-d zv<6@1oO-23Ue{cnQv;5l5}rUChAtPxWRCgIyY@ScpB(c9e7A5b3@p7ndic z;h<2Hr@~bu<7B0lm!+idtT9%y$=S_OUIXs4grJYjsg;m56CQJ0P_-vlm#J zqnMnhVUO$_XyRO#Q@Ax+>?PQ*1=Kk`8o5apiFg-hWfr69wIhAB>rod4)U>lu>x6UW zMVy62NZ7^1=_UPyr2J;yENj;~X$KK5y*gZ!v96S*DVGz_QsA7taMy_pTC(rd$uQRG zm{_to*MTwVC~@Y!`}<0ZQ(Kc}S(!^gtFR7+vgRPs+CSTJ-e6{vz!&uOFd_K z>C284G)jGOcKyLWdMzUQf<~*(m-U`oykAr3Z2k&)qvP2oD zEe>?O{x%bb-G4!;*#udng0+jJXRhZ^d-f3G-PPe?JWTW+o*R&DI_ptmeQWGsu zYxnp%EWpkd&wnhmie`A2EsyK>cop_}Xm|K+_78n)1j8&3#rB0u_q~kvMMf+=efGtU z_C2!pCD5&0I`^fRt;W~)<9Ru6AJycqEZ)mnJy=;0AX{WTwUkP=RBUDyX!X?eblCl^ zRA>0rYggZrTK9l0UpTFIln+;mt=LSgb&&@&xd-Qdhp(r%Rne_uL=Kl2t>5KZ>(pBB zI~}U}A1bCEs+1m@_8e-=SPS9W{LntKX{pr_wAu5vd1GQ@QhH?KvSf~TXmNDZk$e=1 zW&7B9Wcp}rg??nva%3lAW9)Bhqiz#VhbD{-AV9*&1LIM{%0q=8z-nJZ)LuW%@5k009_m zK)byW4&chXdO@XH188suqe-<#b0bPf5v8;PWnp$Hv=rFg9Y9~gO87Y-0TgTr%2Y@-1V1riJ&kH}yBXJ^h&_&>I|nFod+{T-k&ef(_Eu7dSGy;nE~Zi2%WgerVSQ*IZiI20_&7R1Q<(hV z32`KdIF7wK#XEODBB$gLH}D0Ue(Me&>)t}?Siy#`5@AkV$xjO+#!Anf{f~yqx%sdG z{DU8{2e~6r0pD#L{wsUvD4k*sEuM%-#Mh~UJk;$E7**eOd-}-h4e61a-0`BEIx+bA zw_ITPkO~gwB_7}k4{$1BT4+OdP~He=<0XB|0|>t!ak<%w|A2yjO>PNhN^gvVqS5H5 zYDoo4$znnA0kmbVByW*vO7@b$UnT#dNc>YF0o2Qi;b3B7M6%?+-84OJKo_94bg~29 zo1(e`pr44|-h%RuOMZ%n0YYj2AuzuNA#Yp)?c9RD-ZRcRW9La?-~hlE1GE&KbL)3pq%3}Lns2^46ZRF`Gb*g*BU%P zECie^1WvK_!V}w`>3PhQPCe>Ob^4xqjRJ?TUpxpBe} z4LEAMG*F#F!cPXU8>FeyuPI4;b!PVf(+Y+p@j6oy6fKr(k@@=?NSiMM^eH_1kSG0S z9MPWWdwn9EFDd!6;Zm4bOlRcvd$Waaleol%zMU>r>a!?Ji`eh4Hrg_Hsu@{cY;=5C zZJz!ubhE4FhyB{6%i?MuFM|E!RTuRBIH*Xa&NRE@@nT)ga_8!=$LH%Gy-9gnCO=>9 z&UEuWTqC>JpKgxt)$+C^{{G3|N*%5H7hrk^6ov-Q-ReVwJb$um1!0P;CBp{P{ zn4un!TMD40CTy+|4@J8Pk-~@lv;sf?@r;V9r2I)3nu{o8m?gtG}dzf7=4X` zkjbLC4x&M&=%mO@eKj@Oj|usK3KVwrf#}p`a+OG_HB;_BS@Pmvw6USnl<>k6345k` z%WV;xT7a=gX(@^9DQkHlp|NXG8MR7x`_3ZJ}BWZ)x`fjd+`8a z6?2x$L}hWd`#L7|#1dP#-hz{wAcUMe^tMLV*bB{V863egB5N6M-fWE?3UL6?N3+j? z>BZ#wv)-ZH02QFwo9_0wL}4{8o3$!#D|?APk8}7HSsI=A{p_#1pZ2i7O8=2Kc-;q* zBYF~fhWDv(UM6#r}F*^Di zCQZV#^t-R*A!v9*pMY@VK6D!?fWfXAW|q;Vj6v&V0`nJu6pF%vltg_-)Yn6HFcEhl z`eA4d6c@3v2X2!I%-^MBHAwdXtfg&U)_&<_-@?Y1k!GaC_u_Xlm(F~SKPF)G#?PQ7 zstND@Uhx*;J8tp<;_l(V`sgL9^J*2eD?oat0=;FY0-ciqT5>c4fV;0g{$Uvq*OH4< z=lMa&J%D~DUV)3rZ+VLK1|lSe3;__l-@~FE2nznTONVV>j=@<5f{H|iFb(ZUX}my4 z66bvp{B+V5FYy$O^H8D94|phZaK0yQfaHNiz@L}58fURzfHzwdYVT#;nLa^BeH8Bu zDddl(-+9}1ZOb;UO1`^m$XqTwvQF962*|p2MLMdd#WO&P(i21syV<*}RFCfz(EAeJ5!*7Na4QAt@B-4TESO(4Dj6q^ zM)~j*z)+-=b!b1QQ^_INQ2Lag>F!d#L?3dD8%!FhFJ^La5)0B;4hY>eB?sKwabwG9 z2p1ET{kMh5U@y#ttF!&*>#Mg_l}?^5woA(T>pLci(Kz(}uUpQg4zqN%cl;Nu(~1Wt zJ+idOWIqY3_MJ-A?60rG7VJ8O9uqqHqwe&4kYX z6&>?baq>hvX-~6elYR%s&TN6wmA6{SWJ=X>V&1ibn@-e^U54q6ez?SPx!LrgHNoOi zxchxI@&aZoU8Wdl_n41f;Vj)o`EC_`w+gz+?po(XML*Mz2o9|g7Q%*GqC+znA1jDa zq=o|z`ZC^s1Acd@ZxwqYDXkEn`henNJX2Vg4w9~Rc1Fm;&ma*AITs%_tFoq2J-RMp zYWyU#w%a083y|)IHTL^do4}@$PU>+Qn&KzT;l0&T)b}3%hI10=QTH)o|CuVh`+}Qq zL!w3c5T(4&CdD&pX?(D&*Ky^>6{LcG=;pOiW>-?mfH)$F|F}kv^Y>a?^p| zkbV*J_8hbdoM%zUNFi}!;xO2nRe6{7?eHjNhAPdSLSJ{yT7!g10}b_8AkS_ehOyls z&6p7cYQ_kbS%X8w;0fNj^B7kHeK>Mc-0UAR(lAMPfc{m`rZZFZV z{1p-H8{>pjPeUV|jhQGW5OVhSP=2nl7!>$$+3AakSPyPqg=)Eu_K;gt;$_lJ{Arnl z+)65P0%g=j90L7@$0*MY;=$xajfP0iN?UnU^`;#HClV*Sx=!=+OyaqzT&Aog+%m7( z)dBTC>0H8^vR}#A@~*!z_e%X{&3d^f8Kt=x^0)CDhSmutcE^BKr)!vy*eG7-;5z-sZ-U*$z5Q_HSf};cxF~_?YTVjZf=#|wtv~Y0`&O+9`L-T7LoMHb$+=nvnE^n zxq^Prlh;18{M*<&nfQMbk0tX8+rbRGQ2|SR8+!!$vYd~Lj)ivw)e6bKpN9Sg7RbFo@q2dgNPqZ(>3$RZ z0MpPBx`Yr4q7q4%zm=mSX~`oprNg~?PwMak;z>suR6xcxN-h&c61hVht3a9hgNzGG zbu~%_nxOF9p^V+3w%DOr&m|u*H@Y#8J1BTq{_ziBaZg|Y{AK=+jy{Im;udqyLb#Bg z5S5{2gjQjXQNbc5CYITSp2f3}#h)G)RtSrwXH6|+{Y+1mTgX;R&)!nV-b2qZvd5$z z&aqO+xlPY?RLCWR$=o=`g{0?3FXG1APcNqDp=ID@F5-=}VBsu6@<}l8i&(x^XAsaU z5-?>Dv?&sFVG!~x67pvd4l5FlWq6ZX^d^@PYc_MlH3KVzq5X^`m0-E5>(E z#qW@e8t5e&cubn4C7QHMTFfO{Tuj=6CE5~9ItnE^>P))-No1x>dNw6`E=>BKCHnqM z24N)zu}tq%OWx-)8J3n9)-oBjlo<6e8IP10&oG&+l$dNInM{vLOs|+eJe7PvGMS;5 zn&B~y=uYGTYdc+PE;=dY0PyGuwrg+Ql;4 zrx?C}Td@B8jWOhX_bH!u%L|XQV zmgO^Z*=H^mH^DMD2^M#SGIw#z{8_$+m3@t6@k%Z8%4P8` zE%UBr@o6dZ>0$95Df69S@mneL+h*}UD)YZ$33w_CK(fHm%i(yiK+^I+T38Tsc@P&Y zSg<@;0v4iB9-EYAKKE zfkls$N6)}wR?1_xVX;T$u~)FTr}8)?EFQfg9*;GFv?76)HIca@k&87+up&u)jg$i-G9SXm^&R;*B2tj<=VS6O1p zR%%mO>cUp$Sy|@KRvuPa9?MpdT3M0HR#{qES<6<{Qd!l*Ry|T#J;PSBQdzUjR(n)g zd&O4wRJn|X3i$uPfB%Q{``?T7QwK8sFVYWI6t2KlVIQaGU|*DEQ)zFT=IL-+njfZ| zQAjP#_8;j-t8k`JTKYevpI=R-W>x)vq@Qu4P4bCU`}TjNpUtE9d@TqQ`#;jp#o9@J zi13?J+TM{^ma*$E(Xa+L+)Z(R4|2vutgTyb683=zvtRSyx{`qmE<6I9=h z-hDRa9D$}$H;&R4INeRGM_zD_bBuP?OcGRZ+)wu|_;O7NKjT!-Jl4R?f0@aKq)( zrt^Sb{HFVHOet~;{YTC7jwKiSdC{lVGof9C59`;akR9i??-6flh5Lg=4POdZm22BG zqf|B>4;^KDex4Y5`g4xwld1nYv&b~9K1Ace6FvXtb}G`=WQ!CjZGO%@y!=nI@w)0E zd(CuR#`3{)C!OlrH+k&3*7s!U{_meh4u!biH#Pw(>`%K?@7wE-=mWmKoQw+hJS%3s z_WpIV+9ok|C`tS8uY`ByKjiWLwPeH}?A;RN+ddHG4IHeR4LNz3xXai*!CgK`-QBg=jff#?O&)Vz;Xb9!!;1dh=qch0Waju55%>DqeNDgNF`^$ zY($7MBNC6KMDk(y<<@Ck?zyjhK&s|g2Pl!CKq;Bs2>`+j73II{Hlci=dLy6aH8T2G z3`Ju$$dylXTNPV)@O{^(yW(sVy1+tZD1-=hhKlwku#kFgE?mLA5P5MVgsVI!c{axe zCIMp+rUV7@Lvtw9bWl(~FUVCSLI2_ODVtYn27dll6!OPT7ox0ci7thP@?N^oz%`zf z(E$h|Z~!12AVuha3VyT`1&_!@tZjalKC5JGQz-~KBNjSFgmfV}6jFx{s75Dn1dLHG z|HqPYqSUaR*G48)bFrcELJ?XShLAEDk2-mA2jwjh-FDi9S|QeB9J{#%z*1i^%=uiE z>i2>(n?q@8N~Kzb!y1@=g_*8dTJ$44IFcEw5Oo}=0NkBhB$aE9C`8&B?RclQd3w6# z)hH{o2JC%?^};=a)ml z<|r~Z@WM6`$QAQM=Pt>|!ZGZvY2_~+*(nn)KyFldf`YC~D;)Yf!XdUP`&ji@ zC`xT=-=0sdaRLAuf@7+=21#FZl(Vc6CIg_~3UN#zFhD9< zF@ZQZ(qE;o{xA0KvMJ6z-q-xyXrsa1wQ&g{kl?Nf?ry;Y2@<>;_YmA&8n@u??ydtxy)RVw$_*}m)C$$are$K>ty z`Us+B?``;`H-@cJGRdHYOBkQr?k2vS%w#_NsSw&Bs)Gxl@sc2FxcMMTuvLb5NW(Qn zOp=*if4=d(N7y7eV6UM=1?9a;3rYVf{TfV6QWBnJo>TH^s!FZg_2LsoelgwK`+!u5 zr%gwq`Si0JY5X=e{Yx*3rR zulbQ%hhA`I@utFHnDewguIJNPQBxqX;ujY7ypVCj_zx5GoxfhQgQtjXuYR-`ABnLO z)R6)Wk4yJ!7lpY%{hL7LBIw+u|Mig{Accvt;)jt&5Rw*z+UFKEk3tX;@b$Mv-!l^w zO_Pz5fUXoskF5tTgc1J(H{UG{L8OK!gUg~F459BsWKZD5;JVL-A@UW~WER7_*A>&! z3%53sJ-!t3&vD1@Js0rYfr`e*br>B;<|Bd9!+GS z4k5Tsf&BI)(FN1Ff8cuGN}~^lNakY(HDeZ+hQ*?U+rmTQQ6f=x?4{jM5hMVnZ7*iP zg$XR(l2F)^)XUNg0>e#(;A2E+Lu`0NggoIiS*z4}qqIf0oFyM<3P!2RMm@?Yd~)E< zwUCJFTVH3gmPI;iO`Rd|#L$-hB#@bsfw7#OeT>SpIgxuTQOh6^KM9doIhQD8m}GyGcn4t; zejK;7S&KM`35qgHuQAISvdd#JE0!}W-wD&6u&72czs6$MY-7^qkW}~K)XiWrL}_O?99$w%zHXuPK(i+hH+HzkJ;7E?eu zQ_$KAKT#G~6jK-$TSOaUlp#~h8f#n><42A({x$wj4vZ-$X(0}fG-bxD6UH0|);vna zg7WkX(T^oqEJYb_%S0jNCk)kC8I@QG^~%YOJ}k9ZtSyvrO&k&(C+uzI3_W8RU2E)p zQ6H(FW)p~JcxYwwMrK>@WefLb7h>i3Fy)|IgZjOKXn=CEPqelE`* zamZDR${ou{I%UdjFV6+`a{pn>!;;C9w#xeh%fl$lyOYhe!pei382T@o=Kn6;jrhn-en#F}&JT;f=kQsGhlf>QjhqVCknbD^R} zx$+ZXWou@ofKX*oJ8KyySv%F^FkPmT3U0qvxnf^=39tGgT8#O#GP}R3m!mokRQ=qt zItx~Pq*NVSP%X4moerwO9jlIEtP!xRNrBZY7S!nX)$r`pw5ZfPaMVVDYPl?HKf-EH zBCBTXvz-cSr$BWYbD{%Abr>5Q?x)4SqAAe)>hK@xaHwMmV+x3kDe!RWDPC4#sg_I| zi6ib=QJf-3RViBD=P+|6{E22|{6@m6ieTXSM$Q*QBT(rt^R$u2qoL8Vaj2kC^H_v~ zi&`v(T$+nU)|iCnC4;;%xw3Jb2sMSGYQ5w}6*hGfosTGeWtomDt11`C>ke_sho(MX zR%5PcbsP#)oM!vVN-N{$meFQ@RZ+LB=64%OPFYRbg3VIy&917XAGlQfoC<K7FH%=BoeLQRD8^l$_P(BG8ggT}gA=HZRb2 zrPA(1*j_P_RJ2iF-`JMJ)lm7egV!NF#gDwysR2%Hs)bYDu@UzSr=yIk%{O!e)d<_8Y>B@V-BR*%p|`^b139W_~YvvS^{a^#JNP6Fh~ ztY2KBQ$eXxEE?Hg|l(25@Kqyei))l)m9+6*JAg zA)H=e&fX&&vPBYLndI$SviI#9KNR9-PLYJ6usLMC}iXDwt^pZXpK&86M% zSO_RaUg!LZ6wvRN>I{Ej??yuoq?B;0iuHDVE40pTrx6o30YS;H-{+1Du}${6We;IB zX((xlBzFxdc`2JZ(%|@Sc z6{&N!QDxYWoB!yLKLJKMq}X%h>jv3umD^JdaCkl>0y>EfL$_;s{OXU&3a@6Xkfi@4Va_PZr(lrOtdYRD^QXC+G;nkwIzyMb z$}@BnDRO=nBJH@IZna@kSf~oz4Ag6eA2&%*4O{;m3W9>x4<>IrGnKykvF1a>W*1TF zgC4!3ir)koZEsKZiusOtd|`Md?y^MJjD?7~3kC2NGJI&V=vY0|+yaj72fN_`o8&;8 z#!6I9Y}$8f!2nV!wkXJYX?4XHoUgOCG*w^-27maZvdKb)Nx?vx%age?NMs#f;T31tBX0RA$ z0@EP<&k4qJAd_*!vpJ2^;$&HPMSD{%%ch=lG^ih?z+s&M(I{BxgjipaLI!gMRe6kSHSbxBOV*QW$n4JLuncFsp|b{(f0f-zDN*AL|VJS2}8N z2+~>6o3$R`RUP~9pK0xLcVs5#LsAIVhQ9BiX<{n$f*zL_!H)v%0-bJor^I9rQN1C; z+gRy?g^^3CTg|6JH}*Gf!uEX7MF0hwuSa+RORGO*E;vGP67K4_FO$HqmR{^S&w*op zqRQpexNO(N1g;na?3u${{*{hU=%aLmP9LjD@MJg~`)U9#4EC9QN6$M>q_Xy(kG~1T zurG9-;(Da`!Uz9s+J7W-NYZmi3%5tr?9COP*5-92Hu-PNG4qC4p?a_s(HZBu@z&Mx zAv+A=KLuPk#l3S%NpwP~cd}0Z-i{B@cS0EdjE@KtaDLT}-Tf{xcNX_hG=qqTOOVV7 zyKr8+SgB7w-~&4fa|d3oC(W*dYUe+^)PI)xMe8r4?x5OT|Ce$6dLE;C+}8P3+USQ2 z$c+?o@FFKb(v*MUyw0;`a^%TWJIyHRMc6g^XdJhMurtiA^lGDQDo%sQ?1NX&>s*~0;=iNq*e9?# zB-=UcO7wT&E9VR=i{qaKjFJ@N6MYII3X~vzm*y9g2g&)pltB;VVEV%%Zfx>&WJwKP zmt0)mXroGFYt=!tG_dWZuw+3$n=3)xO3_(#GO^wIV7X60N@{UTf)#Gno^GW7Oh|I6_B2~dG>JX(oR3e8=) zXi^@0Tno)Th4}xJeoBd~>badF1pg`hD76ojW1qQH#74T8s>0CdyZc7NEoT69F0bBW z5R+yR;TCRaBjJfu$rF8C8^ZdbUUb>F_-c%(OnBP1u57DqT5tYC`q{RU@v4^M_gUaB z)Sb^2s|pB*LF^`b1#Gxq;b|;cg0WHMW9>y`2BomUo%c4kAm+$6{sS)r2CdOA`*~u? zG=&_a>(dPL9u={vb-u%JcmDANT#i1vjHu zd@u3i{i`SbQBr8+Hg$dJU>*LBOS^PyhF|wZk*zm?AGjN~Z_FnUc}5MEjCi+ND@jd- z^A&@JEmNAb4mWmInp(M1v-k3GMo=WgpRF{ojmQMI!a{NCMZ)uOpid)`2MEF_-+Dk4 zIcohGTZr1c(9`~y9G2L0cRa!@(=7y5t%4!crP*5WxBj~73VVL7Gy&9OY zUKaLoSau)mQ(y)K0&0BZ>P{2qUM9@&O;<-$CPrGO==tzmY$#BE>~vfKGz8mM0_`aI zH6cXUQs}(2wnBP_;@Td1#&6Z}CS&odD&x67_rhW1u;gQ{rz@eO@$?w&J17Ef7qA%N zb0z%6aA+?C%qUFIj~Z(xvMdhx8wdlqU|mM2o(UmPf#4ls5 zmBm>ttgdE?16TkQ6yWgJ=&s-$fFv9e4x_jrXD06rXwvh0et665{}MxVKi)&0e<7=; z&cY)25^V4)#nifuk^83`-Yk1{*CP*&=HIpL4M+4wf`NI@YFP5ol7USL_5Ft?S{RiQ zTxVvI;E0xXSE%BS!cIv?i(ZgaH%S1ya-uX%VPm3k!H(J{(Wm+ZQ{2kJ>Lcp<1Lt9Q zY;`MJ7iBO?B!g={5HEOp95R#DW;XdRr~D61DWmQV5-LTC1JgP+!~!?UR1@o%|OsiTl~~G{i*lj#-in z&O&33?0R)671I+`;L~ryAAaB=*zLF60@4iH8M)e}o9K#$H1o4=?=HB9|f3atLCT zD^NU4>o*CQec5%dTesWNn|d7|j;l%5n2pZkpy}k!`ySkkQOM)!%sD1uVW5HBfx>FJ?B`RGI@L_49;gRS}xg}RMQQYN?B;WO3INoU9RKFhz@)O#sk z`FSQ~Gd(>LtrvaeDe*Dq`>)lPJLQr-(@%X*J|FRY%Xm$_^E4Z=&+Y_JY52ZM${(jW zmX=P^a1_)jD0DxTRd0PA#hX+}iuYQM&{s3Iu%>8Z|5#BOuK7u&vG@ztiE^W?R>~tZ z)vHIf^*MCm zj-eI0wiCMb_v)pty23`RECyZU+le6(y2y|NFd#Cr3+_*)`i|vL4rw_6#xJMT`Sdq4@4)JZF7cZlR{ zTVC(A3EjlYv>`D&!2#O|TZQ+TFn_yeEo)Q!c2`*kVs8jXGN!$UpOVFOypj05Hq$lv zJ|A7YQj&aqHp1+CK55r6AVb;XW#>^`jq4DsWi+4W+E8*=?x5z~KAPRk4i^_crH!G= zEoJkpcoXaB*MWjjKj%b<;CFV8@3vku5UQs?lZd&J?rRk&qyN-S4XCw*5{Nz zO23VsNeQ;kkJ9f!WutVs)T?>S*~R>w@x~X4+LpH*u5M`^9qr-hPgiF1>Jg-UPl5n6 z>@gQtUt{vEQ@iJUCxDjX%ElMh)EiPqCYb+&4MrG0ngYInmh(RwI||`9XpS<$Zj?jM zqk1FBD7Jq@c>kH0T!xbH7e*Jc&OK-C1wRo!cTZ*S*wL?$1@SY5b?DN_#`J=j^|s&T zP8hD$!=t#Rq8MYJ$nCZI`^==&JaR7=hM?61Upr_-=o6bArK8*Vra&8u1*s<#1^wKG zt{t_bINyvFA4Zb486X}g%q01tAEp=2Da3*aewz8MU%OhGFBGzgC%v?D{czJo9ys3K zEv1ek@Tm*eEYI+{|GsJLH^W{KbMP^+cSP6yRb~51Y53W623Fnhdqj7q&p-aBPhx#h zqjJ-Vzx+A7!1q~N2^_fcVm){1dC+JK?C(AbxR|T-(YzW>M~Giv=-ckf=z+x^RKni)u}U>d03|<*%?(ANKa$-d67wq?nBip>v^N4w^CS|5 zBOQekj>1)ki)F)x?F>d!0?-Wr375dfdB@FmQsxhK!!hkhaQ@ zvAaC}$tT$DCzf$}>UO#C(VVReg~;2SR6~4+Pc(DdHSQN}%`ms2&>=TItE|F0uZ51p!tWU9Oc0}8K zq=9h6np-j9tSife%hMxr1q-_B-l?di{KFyAsdHp|ZJ7S?AIl7MvHZF5a`K6T%Hm1m z{=3TIv$hrVUzmeZ1+y7zV--zlI%ym~(MG2_6sU$1 z6aox|u6JZACQR=g3bp)qH zMGEDB^dbPxJnvDvC^n^_IjOBWEud1|Uf#zbRy656rA$QAFF-S>nLT=z6TVtJ5|uqx zo-N`C*2D(1n5M4DvUfTl;ooa@9~M&Vp$rzZdAoIB2Z>ginHpSeFY z^9G#rOUm;>j`Pg4g6Bqv`H~E+e?qnJ1Lk)pv>2Xgu2sx)p+oupR`7g>2&DAzqAyU$ zYIibeE1E2vI4uY@z4nV)(5uoW4bT={s(gv3EWslnxilxXq+LOxQz+OYE5A5zG$B1S zFN0Sh7q+MrRwZw%Q;D|7ow%sBv^Y?>sFK6})J0VhPe|jhrj|IT_7wl?CLK-Mr#dNI z`qvr;TO5YZxQu8ujKerg4k}f3muUBOF&1?HJS>@A%jl6dTF7fyvo0f~^(bido;c|Z z#Om?dwmIaeIC(BO1}xi}%G+KGItMJe9Oykx`d?lzi*o6|SJOuq*Uuwfaks7X{>$(4 z{h4o=eq_VSKSug=h^ZC7rP@H#F0X*b08_bO7abQ;gCJeHkS!r-j^?BEYqnU`m0ykg z`z$g*DAu$tYDqHwuTI?G*9lFl663-jOO`*e&W3ggCh=&0k~c(n7=F|-d}eKUQn@w| zyXKR#mNqn(Bi@-!TbD&DQQ)bS$MdxCK)iT~twdb0=)f@Eay=Zy2#7ISs$5U5UM=eq zF7s@t3{b7cTTIL`3ZONv`^!~-ux`y`+(^p#dCI6+cfN^MqHT(=_FAmtnzwyw^>f$; zk*D#;fsIj|%{p|GuJ0Rg!A(N-&3mfNekT*ggN?VQn*&o(W8%*zSk=aJI48GiMtF>- zmgYy%#iw~*A?BA%X5x(J4g?qFUoLN%EKLcnEWKFMRansFTi1QD>C)4JZu;!+M*MFv>1zx+K1>N=teS>?^sm6p5)MKD+lv#7VT_M2^#q@fVEY*n88=?4 zAaTtz(q#>jctNtjXB1`zgcy93ubxq#3s7~NkPllZ?C;PFSlTV^q~TdLb6D|ETP2HI zvHi7VGe+#H`dQtmSbdM)RjS-gXxsJ6w2GOsLfy1_;j&A|w!*hv&Ff0{luSqnfA*Gi zZvn@eN_&qca8HY4_=Howubc%^Nor>YWuF#X=lGMvXsuS4JNg>AU@8wtCp zFgxKCJ34E-v93eni9^|3yXW2ezTXa)st+}6_udA6bz!S_&$aQm`GTtVhJp7;E9XeN z`bY=idF1_S+b{Rv!}L+A#SuD|{nDSK5u7)_4vq}ej}1+aja-h61CCANj!mzRf)%1* zY`sxr%hApDNxk-zy{eK)5=bZ759&d?eihw=0K70$+m>n3uYxtGom z2?u8=SI$GJyECqE<+=c_w^PCZ*m6*6NDt9{gw z$ErXAS}YtrIrP8bNFrR<5y<%-UF5!m9nr*~$X&sO7A4g`{c zNN8qbSd@d*0o&V%yZ^2fpD-pR@nt5-Fv~6 z=M1$`0jN->7A)+lOKQF!Fp(c@zdyg}LXUlJ5|-QBYE@kA64Dm_Emg&Oh{!r(AsXKC=xcIMnDfH!~}@m z0K{q6@^3C4DJ0GxYO4F6gA`$NpWcxD0};)&x^I`Uqecu%NH20;@j(UOfSn z`MiGU<-|;g6dM1gUw@^41Tw(9azwm)XGAUF9quAYwo7XP)McW=>zyp0<{eg*(Z16t88tH7sq@vz?baNrM&;!ppP-{_%k zlCvT(>r=OLSG5MN837||BOY#({X&Xfn7z#_@3^j9col8`&_eG6*QbMp&{ARnilfu{ z&XE)uMB&iCdC39mAN|kq{qQfxRvm6PN$3FRhiH5Mz7g zCEIj19^>iR$rbx-zDxuWk4kdcT(S62FZ5U@wwIsc@$@%kK8g$}$f%770Ywds1`!a0 zZB9uzfpUU!P8S@KqK#J4o$+d}InHI62Y)yvMKFpSojAtLSI{S!$OdbMW`?3VoM9y( zeirv)p4Toy>FIkirIx41un(m1cB@3YwjuibLwFh0<#q~R;V~AFj*4bgjV-2`I1i0$GbY_<~$qh`&I!=X$FcA@EXG) z>M%Llcb#r`XlZgFL*(Oh&${P8G4-78trQ^PkIE=}K0~`XO(G(JUQN zGte1~9MOCAG9inPMaeV#?(dG$p(-}T`NgnbA#?)#^&=pxFbf$XF8(?hA{A~J z0f`ivJ1V+ca-Sl7)CmRf5%rD&NC^8`S|JnK;F}PFF%(UZg`r6f^#m+NO44fa*UM`A zuq(gj3{Z6xRQ9p?aW@X4R65spPdg@NmbU54!b`9{94n^gZ>m~$qBrzD?`3wFwgvP0 z@pj~td^>9YKAy$cdbRHNL-u;NOn<>aj>bQNA9x2ke~kMri#7HN()&D} z{&TwdboLk{Kyc;*nfT{UNlYK1`7_Qfp+#kJ+GmYwF%Hj`wqO0-SvJJkXj-xSg4S$2 zCLjeZR2O0V77Y?(oJDo9MuSCjb(?CG(#bInk?81HqN4zVJl=rElTaxXZ0_D(6g&|E zktPN_DJc+!kfYGrs2%UkAjRA1yS%&*3Ex2mr!*E7RRzT6R>*|<^HYi~aRRcMB9D^q zTvYhIXs-+9`p_!5$YE&dS!R&s?2I^JV#h`o#PiKia5lGp6pvUyQxn%?EJi=6b;xHJ+g zeb) zIF6m-j-+CoSMX|9W_X7S&|V3S$l%pyZa z2~}cqgW<7&X|RIF0Q>o13LSe)Nf8woqM_J}3hrVRh7ns_koV->F*|Yp<98J4%n1@D z)O+|OAk! zuPhErk*CD`(e>qcT_<`^h+Ye~UzXT+y^;7HIRa=%eLVd020*!It$}*)^BwPw!!jhXccsc_NT${cq77ZYHl{7CkbaL3E5p?YABB^J-7D~p%qwe&!>%llU zUl^zeU{*8ET3NX#fd^&tM)L_;&JLd9-44|;MO12p0u=a%@|7?`69V+7tDzhTAZdMW z4My+7_O&TKxf`woL^Dt4vF;B?te^WKbK)51J>K78kIze0U(UxV#=g>m zq3ARRu>IAB^d)Bqz5g!Bf{!j^v@VUo)Abyp)z7quI^zjkfbg5=*x}A0u06vp)#OU^ zQq%ccQ`|#w>%|soHKn+>+{eP~w^LTRJPAi<_DozqT2{j%y(9zdBqV=`zGAB_#S%NX zZYCeQL@Zh5yw6Ec^tMTVKg&~c=j0$nw_gs5U06)v0&^OzyOA>3jH6=qZbaulTHVoxedXK}JapE8<&jvbmLruZF;{#-ir-0%w=VM$LZ zN{axS$NHGd(BuVtjri%3)8V~D>=Fa)B_0dZU|lRWvyFsp;ui&*78c*OrZL8I zF;%d@hjbL!j5+89G}!3Pq?WW~xM;p$qWLdGS`7aP7;Z>CPNFOUJxc_m9LSLo#j8My zpFvK90qbzbV~&wEH<|E-Dw|p1tO-4P`~tg58f*COYHZ=3bS4hANj9$$+EOdK{6em9 zUG8w=jp|+Q#2B7?0`Bd?oXf(8vqHYqSG*WR{1|&Rctx(C3k6j01bK@PT_iH|#!l-4j8`iFg&gN@jlXYWD>Zv+&`tXtT8n&uE2ZdS^}>nQfh@1Jdvcb-S6w^ z+3Js@>#7v%+Oa-Ow1vgmN@lX^;TIcWD;x91{u=y$kbaNyuh9JeF8vB^yIKA(>38_P zleJ&zzocIc*uwSylzw(*sfqUgN{%uUq{f_oODdKRB&j;wl)j%S{&dY+eOLAZKBf@e{odhr#{ zl3w+a8PBp^^|C9^idXeYAkS)e^=drNT59!LF3);t^?D7@#$zk6n`d*ldUKkGXKT57 zYnx~LuzLHP=gUp?7X;5&jGC|bygOtyJ9NCeY&E;QynDhmdqhf708&Z*@7qH}DoLc0 zL@G(7l0+&=q>@A`Nu-iQDoLc0L@G(7l0+&=q>@A`Nu-iQDoLc0L@G(7l0+&=q>@A` zNu-iQDoLc0L@G(7l0+&=q>@A`Nu-iQDoLc0L@G(7l0+&=q>@A`Nu-iQDoLc0L@G(7 zl0+&=q>@A`Nu-iQDoLc0L@G(7lKfw@hlo^?NF|9>k_`tF=}(=uC)*m2X7XiY=+xUk zpDe(&E6t|bo4&2oSx@AucQk+BXhkZ?Q)EjL*^)%IB#|viWJ?m+l0>#7ku6DNOA^_V zM7AW6ElFfc64{bOwj_})Nn}eB*^)%IB#|viWJ?m+l0>#7ku6DNOA^_VM7AW6ElFfc z64{bOwj_})Nn}eB*^)%IB#|viWJ?m|)d%RS3p8X)64{bOwj_})Nn}eB*^)%IB#|vi zWJ?m+l0>#7ku6DNOA^_VM7AW^-?5dw<7Iy@T=rgq-9w?w;}yH7UYVyEyO&*=mn*xs zSDAMp`-kwd5Ap0isbxO7?7pRCzBTNA&1HVw?Eb@L{?qIM%Vh!E?16`6f#>W&H)TNx zb|?lMiVuO2!C`ceU^aL#FC;`59wGq=Re*=Sf`sY8!^|MzcJOdlNQ4(WA`lXZRFX&~ z`9DcXM%>)qTLi?!45%EPezy#abqP<5$SA69@7+KCcJ||E*YHGAVWnqGnhi8Qv9Pjh zXu>BxqkVA94i>+G_3ULe|yw?}fFk#;$?!x#f>}<-cz3j?aEr1;vidF6CD@ z9h{t%)VD5ee0dZ6acp++%id8+N%g0KijKkYZ$B z<>dR1;MBbS@tMJixwe7P#kK9z?-$ccYkgzWwQaqgvFX!`YcAnQt^Fg5>)WuDyzb%2 zpTB;uY<`_tTH8H5`4E@k9G2MJJDl_HFP#fY%7r&}Z0#PD)VINs^JB70wssD74o*VS z3O2s(kIpPEZ+;yZpZR|AGaXx42sfF{)tKFlM=ANO1f{Lld z)$8B)7eBAJ_YMOSa~wlIMQ4>3)wMMB3>|$tuWIRT9~k?xcX)F4BdNIZbNAr<>Sk(b zO;l!aczR)4X-#Z)S$Ia#$jo9~ZW%N=x2m~&Vs82J>ZYc(r)P93y{vY4YQCYfKRT-< zrMRlNt_Ar2%MTa_(Yk_x2m)r6Y^D0bp%{v%j+>+PMI#>>WTR=6 z8;Zx0AlelsV+|z}Y5dmX*~*QjQ&}SKPdCRJ%VzSVLa=F7KEvmVl#)12$3K@ZlxY;H zb5vVuwmLpsoo-FE)PCuK zqT@@8QQGJr+l$L6xzBX? z0_hNl(Pgy3WFcA0=n(G<&1mh<7NlKD!-AQYvG!_vM12$r*zuZiZm~r)M@ov!4fSzE z{?@d=M@J;?31hqmnbEFqM`WmeCPd;EGteq2fqsodM4PanQs0fzDQG2P7qbL0tVyc9 z(@1*Q*?$mQQ_wh7OfFWlJ@YsoQ2BY0SizFdaTPLdQ1LGHw!DN#IcnnJ_+4818LJ*f zF9e087r>P2l_tuEqVwm2aNT-QiJ$~_FNibeiw~t3X3N3QgS1|gV*Xm0NkwG~6!Zcq zbQ)a{HicZynMavas}IN9K=kY##NeJtwbnFX0088@0Ej3B6s#eoNwo@K3eSS%$FvzR z)pcaZ*JtI#Js9XT7BRWF zaLdM7Q4>~eU_))j8Nc$$?2Z%g%7@V9>y(IJ^hx>8hNMS-?Tu2o2&T?nz&u)MMUiq1 z3TQEbgKsgV7$A6PL}>C@mS7r+eoT_3HCVEUCi|<)XyT<^9KYYK$y;uqmw!k=s8Db; zXK;+}IE0y|k3pK@XJM>=Ld)rM?mtWQ)c+Wp1recPMXR7l%ekSj*5!k^HTsFtp#;2s zl#^C$?-5ByR2%IoZ6RWIuam!+7N%OW#g3^0lPV`&R8(hWdUsk}N;( z`H7u$i{ijd)Rphy+3|%`yF{YilM=4KIjRfn3nyzrWgUAbcTg(vLbcBo`ctQRE$cod zsWas>Nsjs(_sgx*&#*0X_Ryx*#hR9z>LS$7tbV_6u8*Io)h}GbAd$jQck3s{Ei_b+ zw#?l^lWHRO{2naF2&PZyCxL6AbD6+0e|=6CN4J`Kqwqcxy}ViAQ~6|JB$fQwv_bcm zM&}e~KTU&HKpK$)cP;DC+GhCxw2LQj)A(y*1hy6}qO6OWr^oue%a`*L zZxzH%MHr90cNfYXC!SIJ;klKVris*@bUVQ=@D)I1jO+(GFVOi3evc8z!(}K>XJKc$ z`Dk0W-fz*~MLf$9XHty%IFJt!pfJ^B){RUmkGl?yh2cgq$x>1@TnEp3lyGDAs#;g5 zgVK_#<=TEnJ#W!L9f>J^B3mCh->{V z)XWpQFY7@I}lck5h}T3?Wy63o9>Av9l#+% zV4eoy<@aJw4+Y%3h}Z~l4=q%bETXI|WOssCQNmA9A~&R=%$ho08t)M7-r=uDJrzF? zcx$|W{v1Q}0@d^@#)pgdn3q-{0&C7;t7r%T1DjO<945#Vxn~u_J? zfks{0an!H6`CdT$Mf{``tyD@OYBy0RAe$&A8=0L5U_VSFBzmc;T^v2dw*sgIk(jXOLq!(KZml(Yj8vj5$ z38x(vVY*J|c`%^;olbiPVfstKgDOh(}xxdiwVz%oA{3Ai32U+ z9V2PR(<=%Fazk3m6GrM2F6J>BdSzP1HAYqkF0OJKc2Qc6F$5zI7T41#8a@tMfi}ix zC!8-GXr5Ejik35qM{&w3(@0{`N@p<2b8xD1&?w%~D7S^sW(cWM(!_--8Dyjw`6%c* zBxoxOnch+Bx24z^rrM3kS)L@AiwZfcQCs_@x>2URy9?-SNtIYg?YvBV-k{IjrG{u2>xH%(xEhEDrDUIW4 zo-%c=VPFAB5d`m-FYvrJL5lXkPL znX?0BvZaHweG0QP-ed=#WHSt8Q-gEDnR2|Wa(*gh@gQV#s6ul1cXK+%a_-r3KcM7_ zTIIS2=dQ`-1{dbO-Oc4h$(t(A@nFuo9nOVW*#c~b0^h;{o81Dcv4RPXLXc9SGfE*xaG_;k zp`b(I%1I%6NI`jj;a`p-E7>9$tRj!#BGdjNEr%k>qN0o4B668xYV2Zq_G03S;*+sr z*l{sEc8RN1aSwAzwRH)5bje0kae+(;<9LbQUI{T%DQ9`fAN$hikW#;*Qo`|4W0_JO z>{9dN(h}J+P0q40`!WNRvKQrLG*M+4{bi!qaD)mo9N!8q`65gFxQuHY-VzMQMJXp^ zDt{$Y-hBu+w<=dFEXV9GC)_PpMyWt!s)&d#m$$AM38`oROzBrA1PNC zL|1EDRg3gjmzGwSb5>hm)$GdFXzW&da@0fw*Zk?LxoU%-`f{GX$hkCvTxHV#&dj+m z@;ie+3>-uWFhQeBE|71&Z_<=I)k#K ziq?;XJgbntgPC#SEwf)XyI(c+%c{CHL<4Wu8_%SMEzZV{%LZY;MgfvWuB<#E)pU`E zMyZ!FFFIQ^*Ilt=~qQ?q^B+Ce+|2(Y~f^rlt~b zbJI@KbLr+R%jR`hvuQ!|)4t}ko#tgwiy>nRpL9!-Wy?IQMYo`ZtFPtbPRlf?RdY^M z+PF1*gG0Zf2~ycgrz{%r(3?_bWO%I0~0)X#!cBT zi~GJ&^=!0Oe`}k0Sva>*GcwVzfau6wc_>_qsa@(&$$aRN@?#x(NweofGKJH99Mibl z(aF@&HMQQ=pVa*mC+pj{?)O^V^6uSdFDY&-$^LSsK6FssJM~Om_SjqYx>EL52=wMx z_L80SK2d2}dM}En)*Im1=N8;6)z>@flyUXY$FtE*bk;?(**6C2hy2N8GHGKK>tma2 z=b#zLZtI`j=x6!U{~4$6Pvt;vL7!w_-?D1E7e%)+3{VHPZ*bc)g3S)l(bALL^NnV+S&a{`qk($HIMZ^0?!y1@93q^x& zCKS$p1U)-Ht8!DB;&%FU4j_V@ll`(Oy-kP%I!V8Wt6wy$uVMJ=CO`;!p>h3gKfTn( z(8!dGM_&?;8ounmbQ&<#bdP=KzN+_HVHFBojDiTp?)BXgCm~cvq#0tP{sm(JsuOwc zqXvYUAbw4`H=5%S!La896_ev-vEkqBZ8yjPbk>Ph=i&PM$rQ^8!GZ}rcQ0X90;e?X zb)ERoh{++`*wu8;x8%TT3HQ7+@#3aXwwV2ifAc$TaWld&9af)n_UUrmvD-gWDQOVp zrsf}N#NV=?foLgFOJSKQPrEvaZe~`Jr zgkVmud{?Z{-)5|>BqnhJmac^n69PioC9pfJ{n?^29&yHtdz9vm7%@C0a_;1Jw`TLOVVaDqdl!QF$qOK=Sk+}+(F1d;&F z5VbqdG?OcGa7QZPZESC*IKLw6MFCGBGolu{}0-gY>4uJ8VVS#CD zg~M#-jbs>>br`V@Xt!mdcNOucedHb|%8ML`LspW=_%4=;jYj0M83HSgNqSnmfGcQ~ zTWcwvVf9U3c&4xgNZld}cO_?R6(1MK8yaOAB$+!SMfe7@H@v&?l&%4|lzelPrDI*W9 zJ9li?cS@+2F+rONriTc;eXsMREb*DxbK#uxwrCT=5}LhB?nAVx(3nrCXwHYA*u!|S z<4MVbF5`XS(*z&YqoMalm{*8!Msz1Qrnow|ne_z2=s3{qgfZX%rTny6^@JpDzXLWO zksqy}i;@(0YSVM7dOGa#Fx;xzPGpD~VU9_Mx3vrb+?>#8HlxvbAu05jrn%M;u(JT{ zGjrNw7zfM2PdU++77a`Gp_XEq;gnO*#G=Th(i{*(~mVwYD3F6y|yrQ|haQ~ZCd zj$Zp3w0+^01Z}M}0H+>nHin+u|+*c^KgiOTph%B@g2n_jn@< zjnfTL^w2_bLBDQ>4mfnq(LG+82v$(RB=>5?FbnGGma=1zl2osYs7&0Z@ zi%$UJC;mOj=+A<=@V-Gji!|qy|K|Odi@;hy*gZuh*gbCTqPB%C<)Q;V2N_ND%XkB2=s~N3sEHD)FlKC zMFrpK1z{3%nNIo#1Yvw&Fvo@G`Ujvw(rF#P5nq`PM$<@yQtQ{L1tf649n94KXDRisTvW^~#o|)9%!{yv{&GsQ124Im4>g3X! zR0U(M;_Ke=z(E+#YS;j58D2?rGOnRl0KQC317cQzEqbdnT_t~kQIRJPhYHFDUKI?6 z^aC;t3g8mh=rKAuV?Gd3TSFfp8ARXkT%HEhJtc?9Gie?fOg+>?j|s}n8;t%Kq(Tpi zKr6+jN9zRzLG#JGBYCW6srzZUS z%e!ZDbs9uC#Qwa5gndIYE}~iz+i=PtoPZ&=K6M^!!k$h*PMr`Sl!KO_bfKVc6=Rbnr9p&JDiaQY zW0m2|Nx@nKjePb`(OfH_H-%d>KoL2rk)C_VLIYx40fL*|&wUsitd4+$1keIRj(FAudqprmIO_1XyDIIV#x*T^Uc_ zDQa{4s^^x`qjh5XX;q($bmc=BLzy-`*+<+An@BH`5)3+=>%1^?S#^)F;7wG2Tr9^x z1WAB_^RnZVbcXl1g9ed;fX8!JZYR?E5vQpY7Hi?@*Gy$M({x{ys+LOSF=!_?f>=LW zwu3$m$IyoKIogWM5Y7niq9HJLEiG?G@i5cZ3t7UMMry?M!P%@En zzxzJ=Kv=3I9#*xh&&Wz3Ash5^$ezpdG8^^LO$uQtiT|-@6+{6Rf9p8_k&jKXL&U~1 z0-L@co#7tWcRhHNUl1>s=W{iMUc}O0`Vr`BeYL$4TX|#=u8tfo@^SBHbbIb!OQ&;!D)S!^nGII36Mi}4+iORon>|07H56H#g&R_0IZdJA(wmTUm=4J^Kb&29Y|o)eN|`tmvuAoM-*h6%l4^0q zPApy?>J5WK>XLltt)90@j5!LX&R@SLdr7q{5l0&JRls3QJ!84yHoTGCi2I$z{j%Zo zd_`pAnFCGY%I4U7L+4&4*qLf|9+udWhkou{n_x7-r`x*feC}e$zP2Ej@-3~l%Cg>j zZR~wYo6GgN`w^+hm1tJG;oq(dN9paPVFU^y$n&yFvI0Z={sw53RB`V-wsLb z$Ki7hds8t^lG8H4>Q)kD_G%u9KSACm0K15kt+1e~*B%tBV*WzJW%-sctyd0QXXTt} zIR{G{{v!Di_Vtw|t3+#)4ry^?L%S8sed)(ruuJN|D{H=#rI&iybpbO`dj$2KCDx%X znR~BnL>HFEE#-b@{c5)nzgwE{OODLQYqFO7mzi^*y5^H~*vbisPKL2iyU4o5d+^UDbdH~02Ev5QaT8S8h0?w!@|KKS0PY&^-GH-f~S0?B*^ z9|S#mNjfiu`ZBig!#w)Ga5;tRu5OdraP>a#bdGU1O2xbL7?KtLxE8;<%PQ|V{HF6` za&zV&y}ReAmAFfyUFN>f_dg>J*)G|4?K>~;JSRhtPPzDNhw@MEQ*oWHMNHl^YGGcp zdF!rax-^cO-@WD=kv8S-YbP0&&C^}tx5<%WE!M2w%PKLqt98a_AD%=8EY93o7S^_1 z@dZcEI^8=ll+SAhy*JR+F1w4HE`#LTJMq<)2Uypyt{r_`o{%0R31Zh79X@*kbmybG zO+Pa*e48Ym7N^3H>o-%dM}s$hUh{O`zYeo}POQHCT!?JEt^Y1og-wV3vj${z^t_i2 zAV4sF7r*gV-6E zp_#qJak1RNeh(MA_j^K<)BzRdrSe#bn1s`)cYPaACSP8?8kc7q`->Sf3S zD*KUPFGm!zwYSf|0*aOyE2TEw_^hFq_n9c^D1iYYD3}}#f3sJnwHTYYPY9>ATM7O% zH5x`;%EcrtJS+V^K^mh}S};>eXthr=v1NsbL;6|2j1NpkOGMUHCe)%oE23YX`dejv zztU(!O<%vtu1x7y8HJO6b>achnSKrafj7JLYMBCBmIFFym0m6bdWo{UZ)Bx2WRNJ* z)@`y=BYg(^?I!)z#=&f6nOvqf1O7i`4f*BNndI>72Q60PY-Ad&o<&z6B1%glTCcIL zoxUu>zg)3J)+S?z64U1hGxlT)&m_x#kL-DkSBEoR^_LaEqPbXt;wY@_8Lh8-!@^Uw(u?fB z6$MU`I~=EespT&#cwIjFydn`+iKA4mfyi@Z*0z_f22p9Iv*;-1xnmMHnq?emHf09? za7_3iYor`2Oe2*>kB`aT#z7wxn*~lU;>b_rtV>J90rqTvSV@oe%M=g3f_?iJcK}%a zAW8;QFOC}ONOVzx(FO>SWE?_04zLA;%W~6Pm8MT?r*8OXh@~V0Mg>Qeys`S(^2ZR9 z%Bx$WXw$@A4=S6lgtuS4JmsoTyC!Y-8M|0g(h?o{6h6`&T6@G$mS<|NQ)?>xVtoBeMbTGF z8JAZDcgh8Iu7pBcO`uHaaX|5`Q8PoIbKzeTDn>PB`T*c~~!C9rr zz$?>^8of1n-CuK2L^=~n^B7Dz&kg1+qBE=?h2;yiZL@gn3W?r_RNCxuJ2dL#Ud{_) zE)ed_H*qd}(5`U_5wn;R`(&l%s$K0o_DtiG?oyeq2aT#*$a7C5I_>8*EuXO=??#>g zD*<0)*&uX1OeVe8MvE;ni&8%qf;-|u9V+x279$($Rg?7gA{Nnm7Qdh`@y#qoGgrlY zs*aUiN}Q{UV_tGB)N_BKukN#yJT{+JsPh!5??1NW+qgvHqnBP;k}cbu6{44izRYPM zmQTW8_^4A^+R%YIokXLP1D?r|gX}@9W*-HCZOh?CjSBHML??M6ds=mN#pO{$B zT5Z3v(YVuUphNetiu#XFiz6YcLvuKzBs>#V^J9BPqku8;oWqzyX=Q3}V0N!{M%Hj{ zKzn{nWWm>PDP+x|aV_Jk@zb(#+zuM3eGdVvqSyFmy^2_A5L-evz zC$sSFpTg>U+}U3P8<9~Pbu(`ryfQ{x z(*)DakWDOb+x(Bs_zqLNBbuwU~ifB*`GNgb!p~}S=Y^&RX3l$nlra==Z}~V zCTvr#Zxh4JSscyTNLzW5U-6MzTpn*5ys$V_u_%6H%AdS0Ah#vh$@bE5Lx^@q7|%lN zvl@QUj(OjXIJiTSr31ciDjjOUDYuKIv-{iL5+}wI?engfwWY}Ij!&kg_o^k`;I8ug zvf6r!VwJf%a)+G7@{OF9R;Q)5_}<`|r3sVORmPr6*vk0}_BG;*c{(RL z0`_l7Pnvb=T5t86i{9BZzVnklu~|83r`>9y?dsH7>FPA-!?WpjeVqBfZ3Oe z+cyaseTV6^hrS0Fp5|MfhSZ;y-M>d>oxTsjKEqf&{kKWfgu?*plQ!zV$*Z5?gX8%xmJd&IPF~uV7uFx{ zn_fb4oTjEOu_P|v4}p#(1iaNf%rq4`p1E1 z@N3SezeEV;#TkSt-hqD%{VucvALuOh(wDz~*`QPb8m;#v>s-Yw)x~Eiys59wcvz7L znd%xOP(%hn?rVAO69&Df0u%!vA)R3a6o0TNYZ24<{xcE}bj^QRrLq9^tb<_0Y98*& zVK|81r%&iUqss?P3m%fz2k616q9MZzSR+q&VXWCAml5LdN5mm<&~QXL25>Zib^OKG zUoFi+V+>R`7Ckh!hUR~Lfw>U&xG8i+iBH^YbN{;;zDM^^0eqec`@D%6z*drO_SyK5VH@KMeN5=L)_1k}JNSh2QV<<1xR8Kbx!GeE<$8)BGMOD&>YLurNB}`V051o9G}Y3MV*{)MY0FJlgUCWVgiYZFyc{KiQg zJuzBxP!g87Mc@T0DW-AP8+`UPi@`X}M!~>w*G8Vv@w-MKw%`!!8xO{BY+s{47LfLEDR!%!qQmGnDZJpwEgy!cIN#1X`^lc#1XUk&<^EmVbG*V;KqHW?MU8C&ET7 zBO`^=(*vcGK?{;{w+%xDTkKv+lR0iahbDkFg(nk0GVJBqT;@O2E9y|bO*S*+H)>?M z#I#fPrF zUe&i&x4fmH7yC^eYKFA#C%~~XBPf2As90K<3f>GX!gImC`bMbsz$CxL_slkHa+$3% z;Z@lv;g6U14=+qEP{bPE!(Q0Ce*Ffj4Z~5n41misX6B+{pV-}VcVL$GKnY6j@i04)*vdu#HY{l+h^o_kf}8BK z@Xi~S81B`mky9oW`lYJ>KU&cv_n6N&M}_6tn#Z1Uoua4ojkGV% zs>e-Uo;$BO9-OoubhagS+?%|-?4x=zzxrMd^GO=ze2etD9+H20bvX0J&(~$%LZap8 z3%9P0t>rhr#eN4yz7_xLm6g*uvD0uZfI#7XM%w4$ zo#7CoEQl-@CZUl2P5vDaKBAppkf?GsitdyT{O^Ehm0i<0e@ zAz*SUCUazm)^FxJ_j+{(i6|CCRzb=*{dvdhEx{^^jT& zi+pUt$3!M{(V+lQFIeEs0sWH(1Pe_@B{rF!k!5jPS0hD#)zbBAg7$kpiDiN~uzx|W zue~B_jb>mAaZwJs|q z3teEi#A@Y=`9)i7ADF%t$?}UEprrEuPWY@2gCf?8(>wNuVsjJE@u_5c!CU7&-3}av zO1me+t=X!kLLOW=x;a+;;<#YaoYKL$@1^77>8zZ_3Rs4B!-TNBrb^Nn!(5w?`;Yn)oDAQjvA@vnZhA z5e8AC3QvLb_@ynKV!@EVa{YXDLDfplq;zPkwqlSxjCY45ga&M&?&lex_8nTD-S3j2 zdjj~HyKQnf!#v2IDz_OUTQ*%srZ-g|-9edqgs5=!qdCo#wG~sb7xx-IO*pylr|pa* z(-#`H5vAer$5_?hSS3nbEv&nXd0&RD1{JL2;1eFIVbIT_UY+M*Y}+a%xHJ4*M--sK zkJP$0ryCqoT94}O$m&AVIZ! z2om=ZH&@*=nkiR%`!hC@I6 z`3_9khwM?S)N^fJNp_^tRsW9v`De@nYHH$?Z6llWCYol*nEa@9_!q8>ed#(p6*IkscC>q4a)>sYz<4cg&3AWwyC>r> zGL2>zJ;$%Y_^NSjg*oRY`0YN$rg89`UacYEq4+4K)ydZXygv;yv&9`3xY3YEFM%ri+s+9f)aZ6Raj>9yQvG24u{riQf)gJ@eJuA>Ja ze*#)GLbu#4Uq<6ZI<>qFPH}xk%^YHs1d{Q$?0Ef;=y2pGh9_SJAR_O2$s9?SJn>u1 z!bir!m_J8Iwtt#`Y=(CeuPmP(E0HO5Y*8J|C_a~>tTJb$GOwH?Mc>1sX~Yd5Nqvrc@hwscR&Zo#5Q&yANVqNJ z^%Zy7g6VU#upFaYwgqz;6H90QOIkG6X+{~HS?QtzCB3g7E1oHpp(z`LC=C`Ejuxm; znyAK5sZLv}o$qG9ex^>ltFAMpMp{@eVCg;kOp_%-Q+4W%;GT+Hp;qX)hR)uAF|!sg zvrZG1HXnwr+n%CrpwNp=LqhQ3bQ%F^SQj)ygQd@d&cOu*u4VanGd5 z@-5!p+x0?eEbAz=eLYHRRYvQGC1$fCC5z=R=7W}c27{L3MfI44R;0KV)-1d4S!`5g zEn)jM>G3w2*0x2vb}>cXiADCuc<<8p-!-vR^cVdt*q2%^dJo2RD6_WWn{i`Tu7njO1RMuUz~8qJ+g^yK+^#s<1tssy!3fzID~UBkaJf>fkf%FtqA026mKO zb(9S|E~+}Nf}J!~opi!Z2dhrUVQ2GIXX~)@{i^eG*u`zt1rl}%uD-W|;|H_OP{+1VPQv?3Mive}7!SLgSgw;U4@M3l;!U2Hc4;n!GPpL9IVZU}T zv$0Y!v$3;yhihZz;9w@k3*#5y7Z3or{=ERaMHfN+PX`^*`#%o)e;oAxIOzXz(07+R zKXTN%Iv?+U|2)~4=<0fU0>EsW{%EAOn*k7(lFdLI!NbiUs2tl?FtLv9RtULu$yO+} z+u>FieJI;D;#soob~sy6$#w)+)8Td`?;zVw6#u;KPPFiT$xh6x+rynNa4`FBtPH8$ zZkz&3>2AET;L&b^x*YpnqLz-`UXq@5>0Yvt+tFT%X(;=Cs%5g>ewuAj>3;hArvEnw zorhp4JIs#~JU;vyE5~tEkf>vSRG4aAc2tzUMJ0ycx=Q-m;tg?!5J|sQmofX&G5}+vOnVMf=Uj%6W&yeECJ^&+U_olm~G8 zMHkwKKQQ@Q(hA-rj1P&Iy-m~T z6=RsAv~c(}k87V*w_p_JOTYL$f%|p|l#bi5Y}?#Hx1!Q_cDwp(_;GUF^&qPWImxnB zdAISfbQZhePxd)y6PLj8_x3fzc|Uz7c=kS~^ZB2{^?;bz zZOP)QzsD8L=YLOXzQgWM8%~r&`-|v;z0TV2&hIa}F?iZfn|U(ZB-^laAFfA*E*^eP z%JV$l%<6u4{IzIP{dl|Te(`vdPxkiw3Z41s@y}s#HS+Ii^M&}`R-^>%4_ew2^6~e< zzs2yuhOX;jD}Muiy3mC}dFc;PrvHV+=>CA|WaWcx3=k{yU>RHno?4iqw*Bf(qc}4r z$H{}pD@g6zIR&lsF7+QXOU4tZdp_E&V``*wlgPz}6h|%q62d+E1Czl>nu5IA_bq*& z_a;MLxvt}<2uU*-L?WPE8(3zyQXno3PZd|j#@xdmh}>1=kWxPWAErKfdksCKezQkP z>$b69v7WlbaMB6#O8#liD4%y<(UKJ8=)K}%cI&&ehVcB^`%w+NNd4KC$0TxB!x2MhLJD-F z^TPezt^DbU{Zqh#-2u3+fXNb)SmD)%z=YTOPvbw-2#n2N0d+n^nIK|Tz8><|&tRGn z2qP9z3=|ZP{}9iy*8i7yz9{pDz4!}@@ggn&LG2{Lf2#uH_i`bha-}}WHGYgBh%qs< z2Bz6#3A=xwp@@Lm)zzWI-6tSP8hec|-!ua$Z{nY$FI?Uzyv}r!Eq;X#$67B83=r;@cYZ*Qe$mu=RREwHspw7%h#hsWGR^ z1c$muW#hN#PbU_1imR0rWT8X8WNIIBHK=##OD`BXBwf3;0Ej>by4k--Dt&n_qOfso zZ`r+)d_4=#6610kBqy+pN{7>rAqFXhfFG(*=!ARNjh%dhIKOZ03nk>CU1+m%#L@vh zS^Q81=q7V8gOe$Q&Y#R0gKyhC>32W-=YG)i7$s6Qn&?ekw{HYz6u zE9vf)q`$WKM&Amr{GRW|YpMzBP#->C7OzM_R!HCZV7>z7~Mu} z!Vr2NIM$n7DUu2&bOT41w`;@*?za>_^hqt3i)0EpA_MJmXsDv^iqz^p#h-bYZK0qY z-L*COI{N<6+ypJ&!t2y8Juq9gZWQkX4rIstPkyA`=-iB5<8tYKiC&OyJwZn{)S#ba z>(aZU1Gu8;`=xngap%3`q9!!~ z_Gs+6`S~$OlKhL0C;MCa4<5Q8>RunF;JSV~_$i3l zLAjX}y8r#;4?oQ38iUbbI$7)%DDktAI6=A_&$B5vGwwHYp)S%L>JsH)U<}%L-yMAX zXO_VPz91;ZY?$9dis2HgQvrQnSEG(zq0#7`(I#1-alL0pZ_poSfBsr`emKTw43FhzFU;D&KzS(Q4i-Tc1V8YI zWrbdo05?e=cYne58~-fmd--uuN(I`{@ zO+(Y0tq5Bi&Re}DwQep6*13i0B}b*nGmQ>;jth%~LF`6^KmSSPyo1n9w$PTe@IN6q zL4RmbOKH(P88KTq@k_s0>CxfZF%n?LVjRKlJ?tKBKWw|h$XaQ!(`ZTb85uk|S<`5l z!fBabGqUS*@^~U?IX!8)DFi6&IG>ByP#xK|+c1f+b4t9XePKr{z|JU%$tllHE3Ho} zOTqa1h(nFSp6E553MQk*Fo!OtEptPX(NfYwLK2E+0xx?q-|#yV&t%)Q zJ@I2}YNCGH{Y+{aQJO+&n&RvC*?-bLD&EdgV$9Z-%8oYARtU_V!pttp&z9THR!7M}Fy=^0<*W^7 zhlJ;tn&&9@<^*r&NTB4tX3Pzc%6(;?dr_M6H85ASH&UVKzqtl(8tI9#kD zRZJgIgp^Y($zv>O#Vn!!TC!kQBG6y*3$yg@sAMs)M3uetF}(Dtv=lT_ih5j%j#Y-i zQHH5lx?ou*uVH`(Sg z&%QGDo@3_WbcP@H3E%DA2afY5(u<~!^XIU>svQ?siByJ^RhCaz$az-sb5seAR3@WT zY5y(WA1Tt?#!=LT?`Ol_226ww|Jn(c8vhx)#U0?#uH!j<&j< zH^@5ZyLg^RO0Jjn{7SDdsp`iS-Gx`k*vhHJe%QSpBk~dV;+Sv5EFUj>YNDNn~jH!e*I4R%0Be5u_vZ4w$qoTBVN%GE{$|3T- z9X90$Y!VkGs!uBs&i51^Z|Z$knoF5j+*gD>Pbj=knnS%?()qK3epE#Mpa_XrZpPi>N%Y&tesW_d%NVNIboMe4nC_DXJXTTP`QMQLP1`F&Zn zVQu3}idsYZubhp|C-iMpWUZ0z9h}r%FH`%lDSEIQ>m!*4IOD%()aACduT8ak-M8l; zIXk{lb;uL9uD-0dF00-1l37{l*yXI-xUZaFAs@z;+*|3a^X%kG?~JPLG)`bWcWh*N=1`*mQeXc3pCQy>26aH0&|U>pnf{ zq<-jZFRNdb?b3_vVVde;IqkuF-HUMU!84+vT$N>|?#ua8P0!Vd!PO&P-YZky_xY;V zx~Eq-lUkgbSbCI1w!M!5r)O!Ux8z43#c98fbH6#LzpSlQ{eeVtv{9FfT#KtsXS5%) zeZVtrK)Jj>n7DsPa`0u|pe5&^|I~oe!vL*P-f>Hjm|>C#QHRBO;nnc{O4QPOCW&uX9lsJiiU=W9*p`9YP}kN_Zd z2vjrlDC88y#Y28T!s9b62>PMH@Iw#u-KbU#G^r+oq5fkbG|*lRH}*oMBZX0P&}jcqv_85!2ySe6H8O@Xw#P*_u{!v= zef+Ith?0Qk)xua|#n5%dSn?eV{_Fb>E{Y>+qQ_CNmmpYKMJK~q+dx38e9?P2S$ zpe@DTf4RQ1dXIN2O?eQE={pCYhHuwdctC*_`WZI8+@>N3fjLhYG)&ON%KJc08V^Rq5ssC@!7TFRc{ zAa{x34}~m3c(8<^)Br{xF9cm3Bn*e>LD3d7NkNswHex>{9J0VF-V4l7Wk@)-!z{!( z=m$EFXzGj|&Kxy3^3&#&o-s7U)Zk`1(z;{DF>ckm{AA8#iEF~;ER?+^M3B{G zCu-5XZz0KD_dnD#z=MdLMUO+z|9`0GyhVA271e+#J+m-yXc$xnbO>4K(C3h)kBc7=%|~c=`d?`&^45+|4`2<8Ef{ED=M{Xt29v;d{Hzi>pi%Utu5|@4U6BJn zOEwADNbx$o#vfsmVk19Up*ZxuZh0FrJv&N08_2j--0{^{a;TorLRW_`4{ zoy%*;V#gNc>%A+`E*P0TXF0z9)uT%|$cRd%qt}a3G^Pq9`_sD!GwRbKo1ZZxBQJE{50v z78u;wdphXIV^b>w{UQNz}JNbTM|5~?l1OS|Wesuch_cspz6Fx5p zLW5QvtvYtENQcpDF=M+i7rMf5$4P;8MI5QsxC$d z7t!x7;<~dRd0dfNt~j=%uZ5rz^#7%vr8bC+{5t$ps|oxDEvtid?qGV~&$hXP+)bca z;%+e>Zj`cP@4_@Wm{&J_bP}LpoXl80PunFq)8aIz6<-i0NO@FWGQf}Z9)K<&IuFA! zyq}#f#x0m=9lZJd&pSiIT2;p8@3%P)xXguE^^y_m(f8|Y4m&%Ku4KGl)A zV{otHi$MYBXWiZS1-1Y@Reeh;6qiOkm|SD48zAI1=}*Zu&WRc!BEGU z%=M3AQO)Lk6;8-Z91OKw$AN<2%9;FRa+ueWBg7oq6-KXtZWh%>7@86%Tb@*Xi z#CdyM?~UcCE&4qCzV;(4%S+vVG5#Hk6T`GUR(RwuE_g8a{qxWVYyci=NnR50$I=TF z8p7s}!pfxp=jmAC=;!SVTl_KEf!(ke$cXV#VMq+H&8^A1zpjS?Fa_5VYdqv zyde|>6Z{8hFBdRIzK!GpCfv*wLnz4q!#6u>(o1tTKGUj_oIoY==Vc@OD#QPS_)>Y2 zmNF>npKnH;79t^({07J=5d8Da zyoi1J7mP0qmFx3Z*bMse&4@n2=V)b><3lOaX@It`nN%9TaQdce810)}r;N6#B-)Axu_ZLnsZArDcgCsR<*jsR}NY^>gZ zCr#s`p5-2LEm7a*EU0N4h)@Zz(zS_cJqk{96SXgGEBO0Eo~SHHBm2vG>Of_rRmpUK z(U8_+7QwM=F0GHkP#CQuiR2m$n*kmm$R@17paZra*eiXqh8&-Jki4hwjp{7z3}##Z zlK*!;6UR1YYxI5n_z-b)1E7rh+p1gQi@wvOyo86@guCx79#mE)O*boOTtDxnHBRo} z^N+vtu!Sx?NZo=1a}^K_!sOei5!70D7|Sn&Z9@PfPb+_FDLu)b@aM!?u2S{Y(Yn9E z@%YYZ#PSH|?}Ut#-BlP5)eLBF44{SJw|geu_Y>t$pC23f*M~9(!fQ&+1iWAQm;ClDk?FIhSOTvMo--0AdBBrtUBgiyUPH?~2Dlvm5BBaV zs;+KP*Yw0E?(XjH8r&g3aCdhP?hXNhTY%se+}+*X-5nALGIPkk);?$LQ?061t7>&s zjQepjF8k=u_s*0df_=vsv6SSv#Q@k4NaF{eDi^W2mD(v#tL%*SHBJ5`b89%8&B_32 znC&M2C~U{n`6J8Mg~a9P&1pLim#JCGm{KExaBgySq&cXfUMnhoZpLq=HKF)RJ)4lw z0)}3DIw-upuyDajnO=0Es*$-eo8DH>rhI(T-M_Yh@z^nQt?`_zwDZ7DHvnH(5Y3~$ zfwL+pOm6moO2cT_?Q$yveC(a{%rK8Goq8#;S zRTI;N8*}nD{#IW~YUj_6tBS+St%mc|uC#_L|Cv1lQ#8%)HHoXhk#a*1ytGavBC3$z z^hVGo+})VJC_*R7jg*~vI*A4yrO^nCH{#OzJ2;)3McOwpzwwYUy4N^~R>3jCF z7diPmWtqHOqz#cF+Qx?pn37?y3`Qn7~)vOqH@`M)R=fBYPxFzB4p@Gl1~ z=Xaa>F9$tt;a;2kTholQX=UPG{NE0mcfz46IqBxjK}(HH`a`?sLLnXs^~p|!O8#}w z$H;Z*Ghf173n({^#6GUh{&mnh=avc{t8?F=e_GQMTC1e4&KH9gOO!jT-?k$c_LYB@ zn+e)zFSQOf4!Tvjb)2ECrM=yCbgvFY+%|f1&_j}qZ)0w64ti~cRsUDrUkBaB{VxY? zw`Sw8_U53u4cZ9po!=bv4Z%ap!e0k%!?tk|_U54922ZBe{yOL!-fRcIHwS%D@z4eJ z=AgqpwxFcm95mBLF!TCf2W^c{3POXB{wyw^Zv9xnwM5RRs@zo^-2n$$VHp%3gbO&_b?kf7Xws9_ofD1zifb1-Imv z80NEuetOF3)v6bJEl$P$9HrAcGnnFALZ^4HP9mYFLDCo0;`Q@~~&Fwlm{N?Q;^xBZr<}L7ByE41~ z=Sk*{+sI9yBZ)4{sv%H5uPt!VFXkFX7!tht8?o>Cf!@gKivXG(f9~?3zao^zpauKTQvi&zCH>uM;rFXU?*XyEoTOZ-G_uegCTo;5mS3Q4T zARuJ0I&EhRVhWTt3k9=}caso#Rw|6Z(etxTxHJ;{V{QbT zBO;1C`oh=0*m+5=2fbg!9lcFkI1cPJrSr7M2uBBnN|B{ds|uOW7+0=Ng#_j zbo=<)TUlJ$`Re-w<=f2X#DpNld(L__p8JI7dGf{j#Su6@sP;>`_Gh#A6L|N_6!bHh z^vm}5%QLh}hj1y}_kWCGFozgWrjVf6>sKV`KkVz{qVFfN9{AMXEaNQ^pfdndE}^+! zqJ@yHlf|YtPi)XXa0`$ONoTH9f=zLRMQMlKR{FB@h!_Td%OipNE(~{Q8FvH#l*Gfm zL8OZ1jLPGvA1oaDrmW5glCJDhOLUSOz+4B0xC~24)B@n1FmT_H#0DcSBqHuaI59aN zcn+G*Q}wAg5*WH78RkSEUb&9e&fEK_g>L z3_O-X)=C6eCPKM11T#pR$w?{O$l$0(NCZ;(X=95eiiN(-A9Z8ciQ<0*OAf(FR^d(d zmrV`~D7g46bD=Vl%+VaOU*l%m>#R&^MMs=z+Z)=Q2AEFs%clytP6GhaLx!<+cCr0M zM$~m=ix^4^AQ?*p#6qgm1G{k}ydqM)#zLhF0Gbq4F{Dy_qh<5dZZa7F%k(%jbx`muhIZ@(f7L#2ryWKjGO0)C@TBvDMv_J5EUn+VnH?px`Vj>_A0%^Q!&!>uLY z@0lQ2Rj5B#*jleRY401nC+CGM0H74?W)!TU>**_5ELP`n&&6Mafg{wP-QFs#%Aya1p6DO`z zm3gwG`%~BA5n1C@ou(1>umSd>z@|X_mOT7E-G%`lrDkE}*F+^BI8dJe zYn_)vm{U}fl|A5BX^@Z~U{}OcyJAxlfm{<R2ux6H#c?q8wC@UCfU8@`Tw4(6 zU(ofx{UqcIWiH&h-`*u-5TjSJA1507aJ-OI(qvUggswSvG!>wN9eSCcbWF*;Uh=Cqv0v>(q`9Vu5UH&(#Vb(9%&Xa&}4LL2G@ z8-FOMHmd0ahpZX9to
    u+B(%hqA3SZ#hC=t$=6E^KT!lkMeX>I>EEGF$2u(=Aq8 zAE0a>d|e(AobRmU87b5rylpNHz5s_7Tc==YoG*BxwLE~pJW>#tF6og*4_>ugCAZryh*JSa5Z`L6s5 zHK@xq82xI{SGVDL|7WMs03@0ou8%-Szuw98kDR zuULe6xvRZqJdAI`1Zl*4xXUov%~I6B7G}ih$H&Db$}4F?7i{9=vIqTrk8g7Cw0$r1 z%!CDG;tjvwylTS1v@a;T56*AOtZz!6R3WTMImcLC-R#QoU=7afQ>Iy6o7q&*0b11o)TG(-?*p`$gU(a4 zX8J=Vc=JlR!)d-lc{}q*y+hxH9Sg-RODs+6OAZ@%K0EVfJrK9OB%h-_gRPLdv%0>M zzN*77ZdVYm`=+W3w4&#tt_PC=p8AmyNPo;bN9%JVhgT!7Kasj`oJruI#nQo%s-Wc* z`EgJYd_dfms`;^jvn5IJaRk>MiN2+%qGeb1v1x-vw4a$O$TFTwA*RYQ(Y-0wTq2oB zI)!L0?y@;1hdV7yJ9Sbkz0)*H@+2WzH&dM>qfz^tpKP8aN3J^Wck}VDn^wbQrz~?P z>h`B$64sI4r|y}jv$58N6Q_c0*6SPAXlJKh`lm@%)}3mnHB@F_iLC0?_kSSOREOa< zZ+>VRWNGoUY_vbCt>S7cvTQfE?jX`_)wk;YWfQk;L!NEk%Vhft%@&&fJWbzL!}dHg z`#dx5y#CT^fT?MyYJ1dAXW~#BG=-!+L$un^X{(2I(l2DE4Sf-TsXxo5y)3D{vUs|v zf5H5Ve{xZM)m(eiU3U)aAQ|&=XE4%+>T-|h(q8iN086XP7nTQCFTbt;TXwHi3lCh^st^}{HqD>?^r6BX{RbTCBpe?I9pRa;VLe9R z9dux?uAY!?igd0Eiki?;o8dk>A{XIz2Sn!F)VIMLxp4 zT1GIqL43IRF6QKgc`L03a-xKBd}e||dPx!xjgZL&>g39W{ilg`jG`uvK#g|>k`z$+ zW2BhI9eR^PlC@M^|E$W%(4I6>QVG6Lm+J>&AU|~lw1v)siQtmU5J0nIQ7*z@C=!_F z%J##R_klq%HG}vVvLO#F5C@31-plS0NQ4R%y6x@&^8g^}(O$YQ(Hh3Kla2!+B$Co5 zk}CtFD+uv>PziTXLp*;f5xYrAxC5nV*T2pJggvdgV6#!&<%{o(VO-4@-Aj9*qTWC> z&KrnMW+Vu$Nq-D&eheIbj77%upmv^?!AM64umlGnzsiIFWgUB?verk!r5})A-J>iY zyqRbkB-+(pH|7X3y@--;UeZ|iU8LA9 zkvISpB_CW|!1c#SoZkSN-+=8$VSf+LKh$6d0Pw8NQ@N+CtH5kzk4122rOt0)*PVfy zK|*H0c_qX}Pmx#P3joKbYU`%HGCflSco#!)KR(vs1FZZOnR5FZg#Rb&hW>*a>4ydx zFM#xOgM+uWpI0gEXdn=(*8&Jki2o`Tv4|Y7{a?s=X z+aI5&x({wneb03&Vbd?4_kDs4e2dc|(vKmQkI+AWC51NoB@Khtn|{vR<)q13(W50YKx_=U$VF z1E`b=*-B20fPs*RWHJAC(1{FIv)_BZ(rMJ%(y|qfrLkGWnet5Ui19$LQJAt;he}~X z;8OUovnY=6Lc{#ZJGrNw4}tiuQVEAvv{0dqxrzYVj+e|4gGQx1f8spXj37er1Hu|x zl~g((31!LtbU4gN`@_X?*+_eIz)srnZh+p#4?6M3y=&IpXU2n5Svu>r!r2m0|YK91VyMok`Vyk{dh+E z>NCcgWW8QVrW<|hBUucFA`ZENNk7XpJO~6v5+;I^gsCr154k-`53!HZ3kQjynib1) zI=m+=G)t2j`U%AOJ(+PQRf!NfGA|y8i7+3G4EKAwPZ(2|3mO-qMM+Zn3~D;ZLrXHW zFq=Xxy;w%aYoA)068f4@9Dxr=`pu&;?ae{+wW8&G38RP>@t{c(gSKY_-*kjN01J5A zCfe?Xf>q{=FN8HJD=lEZSSb_z(My-50a(r(z$!bqRziV>Wrc(h^D#t0K;B@*N5Y9o z=tI_P4wMpAfQ~m2Re~ltsK{W0GS=rQp?cqjczuYE%C3LOcrg=zcutE3}n1p zOV*gY&!QhX`LEIThy-q=kPQTGTXjkWZgc-kf~fB%_(ARW3u{sxKfg;6@BLbVkMm90 z@czj0xR?1y>-P~dQ)l#fd6)AON9&)?zMDD!KYG9Rrk-x)5gz#=rsVz0-5BjAaetXn062mn(9i;Km-nV#Xt0@~0Wq1X`>@Ek0Cp@iGHVPq`~g@gUiY#% z4+2G^j~23@C+D~VAoGAnRD+I0iCND+MkvNSeR!KJ;ioPty(fRYMfDx=7fg<#j&f5q(*qdK=X7Iv=|Zvsr6YM=pa0$GH0RHby-X8 z^zuL+lGMlENCvABW$hg_5Jek-bgd7pyb&6@3oP%UaAM22InsXmhh!>F7-xkHbymss zdnyiovtd6fXWD4UZeIRm#abb^I60>y?o_moRf_dhtfjPyCXx{B*HThny`>rPPn9D` zEJ@(-WDJSHa|40Lq%<^2n)Djr!D#_GEB!Y5-%C+qkoM&gB+ivSJfp@#3m4=v(gGCm z0+Q%L3Yjn&0mgU%=}bTJ8yf7)olj+Ro-jU$RO+zeYpd$rs+9H+P#KCntD4e%O`i-o z;3#idP+4tgW$3Y02P8uWmw+{Lh+P=yu*WZDaWx~e#>z*wWRz1;KtV*tnEASYs(iHi z;rp{nsYk8}f--^v6sb0B3^A=4D&S56ZOjay;*TFy!S-98upj5a2TYMYwjC~%NJ-mh zC+aU3;G0~?>fi;ywPQ%v7G5L~*={_PrqKl$_bK-B5pav|cd>yGW24#P!ISz20oO8s z05sG*$N(CR*h^vc0EOR;%LD9dm%^<&J1_2@qsXWZfZ;Kt;(U+B)6hz9Qu3)PXQdxL zh{FEY@VdpIhH5aL^AvKlZ7}MBZZMwf6bu3Y^pg94-y*ub2s=9`4h15&zHHprasy?` zRxpT2kuS+-#{gkIGB%ty9Uc4Km@$2v*~=+r%sO72zJEwxzFrx;+vE=&_ONIeFd;T; zt^!(k#1#~~>_b|i6)MaNPyyMLCgbZbRpT}2NwNYU8#Wn3aXS$~?DfiM$K3!~YKWc4 zWE+O_S8$RAXta+7308Jz7E*0{0e7e4l47`= zHr_K0Pr#H00yJXc=dllkB8aWF!HWEztMfVO4G;l#hI7w5)DIC&cZ8SUV%mle)O%Wn zbY1Wo+NR+hJUd8p;(g&aN>!UUipChPBfQr4p#5ciAA-%hocWijh|k5=5ss4SJtiT7 zKn&gv)vN@M_l>CyEd~I}Tj+%L(#Dt1;wnh?Oy33%%mZ7-ljF{Q1QQ;<9U?b;<;uk+xW&_tRK|eQ_ ze{Q_K60XwrUzh6NKn<@^8mv#~-8oHxB@#z(7-Cc331@b3RK(dcxLXgK0%(xhKWjme^9k)7u#B=rdo$HZ{*w5^OqX-J1W5l#em zgvIlKOhk0{pD-^MpLn-3N)4qQ^RQ?r_QKDRVhzB`(#5 zn9Wmc-&D5Gn|YR?mn38m5~uW2SdN)6GbIJ3&(Et)ESM@>N0QMxXMq`gm-E3K6gTF5 zS|=}39Fw9sqW>+}Lm|1;a+>AnjZd5`MMq-m9d7r}doZ_Qo!AI!A zvtk)K*c|VT;%9G^^-8&>lSqod%hyB^ByfQ|eq&e*ImDuSjax3!|?Rs*gma z^^4N@aL-s}$OwASgo{cXgGy1BN>aP%w-S}Mq`843mAUodC(k0YAS(0KB;yow?L>3S zGIRCXBKe3S(^e{L$#7dCN?ZK{tI0#tLn`z2L*vCFdn`l;=;CVx3kUEcWiksjykdJg zYA2#2mkdf5(IS^yQ@7g#*Ze~_NsDPy3#%t{kgbJ8lm%Uag;>U0gUP~6rP#yW!aMHJ zTieu!i^{9Y;?rueHyoAUsf2IQp%3WL|FYNw`q(h2nCllc5*f`H3XLIMNq~9;kHr76 zmV6wtnH~P$YRP<-dIkSD=uVoL!IBaI%k$xq*iD+aHwQg=Ondon2OW0%CH}92wn~^S zd3Vs|9h>x>hvl7@^j*KoyFm2a&=uWC3_VyCJwyz>R298U41HV`eL@WVk`?`m3;m-MU|^njB9Tt)lSCs!OHc?|DQW(vj23@snxLGSm27Q z;eN2dH&w%Tu^>#n%jow)^m`%tuloPL{k#{Vi9dF>|Gqn(D>sjDDBV?=t#bM!(DGcNzUIqu*up zyNrI9(eE<)T}Hpl=yw_YE~DRN^t+6Hm(lMs`dvo9%jkC*{Vt>5W%Rp@ewWejGWuOc zzsu-%8T~G!-(~c>jDDBV?=t#bM*mZbewWejGWuOczZat4W%U2+LiGPpculk zd#M_t@E54_2b->NnP3ZNxSkZQvwRCj9}(QoP$Mxa z&q#ACr4+fs$hZ_Vh3tG8ifI_=rIZw8A5ltRY!_bWorf#~-v0``2@r=&MooZ`z{#|MMfSNjP=U{V)we|Ume{kH((>P75 zFh7NUMNa~7+jPE`HW8vg`m_{2zN+P{Dru4t^(c9nE{^p~d7d--#NH`I@wRf!5vW(TrCHCov zzmv_Eqqyb#MCkr+`Dm480KpWkZEgy|)2avWwnS%y2 zBq4&j6^0V$#)ItY)J|;M|K_7Pe$_xlo}2ndYYr5tHKufso7=UqudA4S=O_`;fiQ%q z%jax#$-dOVg!|Fr+*Iq{VXL0L#&M)bS;37%i{y;5;K7VMEvioLKM zP|>+nnP^vmr3bhJn2ADM3k0uwgngzVlB2e}uVk--@EPV{&bV8^n@jxLptehZk1)d3 z)QFI1ke;wcKmwdzm~E)lz@$e#YQ>wVt%Y6qaE+F|4VGy>1WYi90N^!UP_z^sGdV#I zi3o{vdyG$f^CdUK>jLYn=L-fgIhei-Nd!xsgcFv> zmXCst`cwJzzS(kZ)N`jR9L42(C%*#t1V0MYmuXC#sy96u6q-+!&V04jSbJJ*p5(kT zRImb0JP9-`HdKczoEtx6=+x*>{m`0SfyNMqR&eY^N626E6v@l%h7@ktak~f-Cj}D6 z_hOVNLDB2(q-?HZ^FSraY0b{2K+V|EX{?OqM`%lobgFgE)tx8X;_GWR14KZC0rtf@ z20av>O)!a}!9!!+NX1L74ZJ^WkaP`Z>L0#Y)n945y$HOjj~Kj-7=~WfYLFNe2FffT zY({rQ!&85d#ug<25E%Z~W@gx)kXG)~e(?t|zWA=$xg0#~t5_i+`l3|oecBr*oNdam z{J!Y#a87IuKXT$(<9GB-X&}Vv_2W|#T@L`lrLx|%hF@BfX&w|4=1e#rgvGQ0VmGXa zw?O+Xo~qjhF-k*F=f|^NOAgVQ38JvpPN!4OL7HyPm-UT1qQ}5$ zFnv3o*YQzUlqhb7N1)F=;_fZw6| zrqAw}R}%dA0^J0@&@W=wV% zzNtlAWL}~{*`k8vQ37)^g!bKr!3v8t9W>L2 zHaC`xjspTTelcm8$M^%uM;>W^;t);@6AnFc2&FMTSX!0SNZ&n@{TZf(;^hN7u_zpN zdW~R&St0n{O!&-0hAg9qSW1FgN{CKNhMBH0rpXCgY6)>dMu@A7olb(APKb|7MrlRM z7)d}I2_mG2C1aMM<+LJT{Y=RIo0OZDR#1k3*NTw;g!BU}tpqKBh!&yP3aQiyjRGuz zj0~aN2wj(=oLYe$ao`ICYw@xv-A|_ zw`TN6@SaEF!fi?mYO32xs-KmpR|`R))d$bdBtE}WBhu55IMPOX(x6n+pqGC8ki_5c-aJ4Z6V|*dc@HLRBak`Z7OWpub8rF5T{@8 zqo{GC9Ee-#NoAAB@n|UVsAy%Asmsy{PvaS7sp+3WS<4(a>8RPGa+$ptc{4}_PjmUL z89#WDij5|6pE^mwQA?ENiDab8lu3Pz5>uA-_ym`$W=$;@MXAL{sxz9T;l*!|L8UjE zuOQ24a%y7)Cu!A6XYoX0clzC?jLyM}%c-ouEsD-%l;rbhjE5JUcT|G!DwY2#1t>U* zB=pJBjE^xKFFnw@Fp`cjdNe(@l`0{MBAJgQRkrvG9%DKlNp>sAw~WlMa4g^HiV9_O zi$^K*q7qB3zf_h{mRpznSe2ns)3_uX(eu>E6v2qYO<#6u+HduV(5z^9-<=| zDI*`#=IMc>nmA>flBJwEC0N!{5r&l(URXu6>ZI_ju;AL-? z<(|QnUwLI;z~$Z1$=q1~_-UQ@;6-_O>b-CM{r6M$b1TJb1~HUQHW)t*j5jeneh%z& z8ggb1YFiFOIR)Zb1v)lR*jh=jTw23D?N?6JB@5$O(~>J1!0YS zB2A+vO^ansf!OKq$xpL3AL#D3u87USbI(5Kb4r6y&z zlnu8@owZG*w>8(aj?%RsJGG4lwkwFV^TD^@TD4D|v_rSG)zWo1gJ3#H@!RQ;XC)Dzwhwlk4JZ2m)D-cw@%Tw9*mWowULg(f4!i`zgp{x zsOfSd?dE~){_(jBQ?27Jy6U$a@t?Ks5u0u|_#S)FZkd~IID(#=wjNsV4h#Zf9NRRs z7z_g4-kOu1Ret4P&pm0py}wO*Sr9U47&_N=`pCw6BaM3G_j?QS`k32$xnjDSqxK+S+WK>&26BxCL_)iLlX^bM_nX=F zi{SUe`t*ralv=*DSqlu>jt>M_4=S7u6z2`-&)By?I&>!4f$}w=uE4>Nd6?m;9m@J; z4R`7dUr=K!(7zC1c#UIXP%~qN+iit}pwOTM5dcEg{jZ#dai|sadxkw3a1sa_i`(ms zv!o4JmB5sg#KM&(!u0wKn&*uAnGL;AFfb*>qLK|{Ctx-1`wV&jhO%#eg+Hp z>|is_k2$y={y!oL0UQ+tDOR=@6BCz@0j zpf~(eWdah$UlLn$J9Qeda`X`)iC7Q!*EssuEX=1RkoHUJWG(?SP9-y*9`m0EOt^`D z(pN%Cy{VU%Dl|b9jEUJrfe8r0d0<{(hr}GY9eNC|`hq#6KL8l06uWNzzo(+7v#@vx zn`HFHkt=%*cBUGR^uT+<2B@cV)+eoS^yUhKiG1e*YUTr%qTCE;7S&Ngx3%x{qYVWY z6Hym=on|$SCa)tP_%Nj5#oW| z!r-v+Ff4{pj@?*ci0D6j(Ib2@-AW8Sq>V6@;%w~3>^dgJHo|(E!@)?FwUy`WdgcfI zsYT~iD#gCVqJ^<*Ko@9pdgyh&n3>Cw>{tNK#pU?dWpQ5=Vo4WV7UMgg6~Ba)5^BT0 z!RYDre+8r6ls6cRwuN4XSQC~8lpCM8Gtp zg0Sy!vwNQpaAfqo5)Fj7*}p8d4~OiIGj*qdH(`lx z5Rf%TV1|dR@W(NEhsRkwd(S7cC*!mvV0&@I%b!Hg&9S-pgtXQlQh zwmqk?Gf`{*q@tVSu!=hSS|U2daa!qq{u4%OS7L1NH zTDRH(-he~)6COXuwPJ3yIgMW$9;X?6wu{WsPzbhL4Z?))Z`wu(U z6<)VxM6I~r#x+)>ehe=O5j))_IzH7pg3ma%00E}V%;-nabjeDPsZJ0z;DMCPmdumd ze~#f9bKBz%Ixo@5HJq(6U8<1g!;t~(QY+l4F8oU_!ia!shA|jS09eC}GRNyr?shefQMO#PEjvY!Ck$a4$JNdx474|1~%uRc2fCDG2 zqx7eI5)92hdwfq1c*u_*@;rR70e+yPCqVb&TkAUl+q?S5ay+#GIP_E+H=Lv8n$pWH zJ?fqQm#53PmxHaJ0;FCA4@^ba&tyo?;U9Ncc*3Cr7k@Z-@AytbI6)#vzyU-cx`l(F z5Q)V9X+}dq2-xB%?}|rZ{?m*m9|#BI@`L1c6dnQ~!VO#Q?vL~&P{@el0(%a|0jPlb z0@yjjBog8R`8<_@(PT(~=`4lSS3__pcpMJH?QM~nARb~g8pCZsP`sX)`#qlexn}L( zW^_4 zvJQ#sO}xlFMv?6PAk&1q-r&d=OA%C9D3RdN0zjI!hVYU?1Qv1l7 zA=VbtXPnnpC0YO+rloprHGXLbY(v{@V~*al`z20|2Mn?P%VXe3jXzA+Qf@|^70;Zm zE{k)($m|Zf?KKPZejm&o%<>fpE|K-NV5)vV4+&guE-XCSFgZ{VNL_#efF)JE0%vSI z9u6b`svraKh{P>BpM=jNqLI;0!6U*QyGcT5ps#n~SrFJzN#Xcr4Iz-Yj&r{sZ{8u) zhqIMb=fQt9t(Bq1)xMRXEiR}PxDybi89f)J0LFDi*wRP^Hw%>10Cu-O)&|qTZ`TI1 z!5h|XTdIJJ!h)@N24d1Na+SvD{>YC_-Sh26=d$pjK@3dxo;%2kV!q{~!-r{tl{pd7 zdRhRIB!6?!o+aRA&5(KDQ2>}2N@^NrjB4rzp=wq1H5Ksra3heyadC%$ucWLO^cZJII{tqo#&iN;sCX*wo(8U!gDi9RNS)^tfE&CJKy^L$ zjSdX`&xo@3OZK^j%k+l-i0G_i5>0nPm$n1z~oM#OZBDo;qD zAg+K<2PW>jhM#z})Kay~@wN*y!}w0yP~zfGZ-y%%l(XpL9uG5MqwYzu>3%NQ0N8v> zV2FXYdErVDEFR%;aS#EBaFBEn$>G{ETGm}QYAZ6juU^3FNQKV}b4iFj{FR zZ6RQTige$a(SULi@#D8<^t3<$k1+RA-6}{LyH}^jmPDU!eF@H!3=_Ot-ZF{+9;};+ z8y8a1`N;rqD*gd2YC2qIbPG9DItP?oO)k6)A^X^kDFquAAbzIzsCz3ObS)0#DG??Z zpN9F+jTi;pKM$MK9Ryu13@c|SitZwbLg7jQ3()MNmj%Gnp67wl0Yp$17n?}=D#Oux zldFh&>A(M$533{}o&=w+tCe826m!`YBbctRa1+YesYT$|(EY zeu34Q@5SS)a>lGpFm$C9UHlpEj(baT<2Bq4H(L|FK9)@4Ju_Sn@)%XYnqw^BFlUIca0MC70NLY?x z7bZri(H}dRQVN3HDqbHZ*^JLdFki6=Ypo4YL+R!qlN9B|^ zR)3_JYPir)C0*F2dv3l&zwxumz5DI7E;hBDagE7&!dt(%HnsZ1?aJE>-#}=Vo9wKC zS$`+fK>k+a+vCrx`NK>D0L)`L1lM&pT$Uk_ak(2Qg*pV+Ht$ujSq80<#e+qD8}81% z5BbtD?2O*n#4oLrN}Vd|ceydzckCWUEYj#H`aMv07|x(+-c4+tsR`j1NA(ZT&i}0$ z9fN^$wA`V1>6GG0aA3!{GOF?KW;A`vh#s^{+CR;|^i}G@~=> z({+>@U2=X3=<+?RO!-6KCp^5+2_UadhrczWH3ZBgxL4nr(e*j-gjTW|Z_Q{whVQH$ zR*G-U=;G}AVhO>wX0&!s2A5lz+FLUko^`%5%&p?B8Qs{PvDoyt8C^-CdbRpbGa6#S z=3mX|UvUdr|1_hg^dlyeYMBcXL5@!uS@f5k>D;gYqQTk^fV(|sg#D}bzyE+pft z4c#-)|GmWQvCVCm5nizy+#Q|{%QqW*x<~YU6vz*99KZ*e;eA4hZR&F5Di2*!2eP;S1lfcf-v$wY~+TkN*av zp>@Bf*XF?1ccT_GH${VgJdS|VL_}u5nE$61y-41JEB^tU;EOg%B%Ejj3M&n2K@TxU zb7LPM5d|`IyC;y2Y9FGPGNh{hdnnIwgvd33Ts4j897I8B+RNa>jSu#bXjT((!t#Fk`F`TB{eNXNMXg*rt8fUON*48}7}gIM z14W_|DOM6KDg)@z18Njy8U>7SwwyXi6G`07JOq0JzdzxYS;_O3$tjGZGuS1NvEgPFa|6-%=wYO_TED z3A;xg%w3N+&mJ>y8VhT?LOh@J){LGV(}^DHg`VnOl|2+G+3L7k|iCAPAtMr;vS zGBmh(sQ6&?L6)6>;{;;Z#PI1M1lB}=Fxt|nL@>rMkbR{1S?ZECPwaDqcuP?lT?yAZ zl?*IE_IFW`aHhgZ(nr{2<-l~6&p>J8^5lZHBmtQTQQ0aT*<<_&N2fIPT2TNEF)K%e z7F>X~7bR|QAz+#^s3cXt7u%OqMjd{*pgyi{y{RY!C;c-pBa$+-WRw#P%Q%uWS2=|_ zqd-#>kMMRVkwdm#K&r8x!L?qt7Z%W`ReF;ro6bf&=ooXKK#EtE#nX}%zn%rs=4`-_ zU)~<4BOkxC`r_*Y9L$pI=OqRK66F5~6N8bW%w~P-;*je-mw&F~=qngQe@bk&9Tv-% z!S({;jLHP%j&s*!dCZgYCrnHfOsux|9=f(o6VQmj0Yo!KTlO=8lqe+muw`HY5^iLmkJ`U2&3tyCrnPEyU zP)HS4iKwYM$*V#K&-W+J2UX0=#FooJ4asB9G99R1-OhhdXjHLlRv=WHf>>x1U06_2 z=M zr>r+~Tm1A@{W)Jfrfv~+V$nuo#Nk!N$*tZ_PtoybwSA?8+l88YtfI5Tk~y1(Rggxx z%Mx10lBb}?3}{T_=joDAg@&&}um4-}ZlgD#q53nXW+*0dn1re_=5mj?rV8h>Yqq9b z<#L1@S~wK4(*5$63$};_&4u0NS@4yw5-SwwD+z>)F}}q~p(|;KwaI2$=58yWI<)NR zS8O)4{+w#bkFR7DY79NEC?ja+*)4x(Y|MYHjh4{Xq|`2K;40EnD_3qM)jg?UB0$DuHzrOw$Zj$ z$646fAkg#L+<__Ihso5BsoD#*-leP?J+Rtkr#qFjuIH_5X0|@!yWHQlUQ?+%k(@k5 zDKMkJ2bzW2*c@FiV%KZe*_b12oTqG_L}XqmlvuT6Tnp7%qMR=Y)r;=ikbBukx!8z; z-xOxh&m`PLv(?+!DBl0sw8zMF+#q%$(RQGxeP*Wb*{h%7D|i|zcICS??6!IS+H%v; zeF4RF%_;U1@zV{Zfrf+uiJH)_1<@xc%?IBt#n`R8b%U{st(VG$Ka8Bulv-fWhS4O3 zeeByha)uL4vtVYcFq?5;7;GJE>TzmE|)OrFA1E>ouJAcPx9Rj!ChB5 z&@K<8@ui({q0jEuXk+2*-KN%EIi20-iQP}@yM~p<0cXbd^d{6?yUaz#go>T)gF@Vk zyR0B?o=qcONp8MILrx?Ou0=tC%RQDVjt|gAf__@UIqG6WhT>dCBKmuLRHmBsdoCuX zcz*kmlI=1=wDQn`3PfTOM4XC?0!l>7(n1C*Rr~EIX56+W9~ZY(J3Bap%+wAI)fJ7j zp$#<}C)BtOG{fL^e~IWF9w=^_)zuv+-W|v>nTzuuiV__fRyCLk)tiNxS`e8DO$u6F z^4k)T*`;V$PU_pIFl!ba7Tz9;Kv)hmQrNql9}NP*T(w#Q5Bw1^l~jjiHJC$h|_ItjVdPZiS1 z(#Oqpx6EF&$Q;!9CM5fv${JGgRMPg;($6{%^HkOMxUj0J#D2A`(R#Yq8tTH@PyMuV z@kezEe=Sy1X%TO|B6}s)St8e&qUl+q{z(&)UaNV_k44RfUp37sXVMKei?3&Pb7!ge z=lp$V0s`lu3g@u&woR93dI+{AHs=$*=jCzdXC3FIdgq?mw!g;DGdFEPt{3Olujk*H z>}rTEBoXZlb?tKO?7sQhW=fu9hbzNnB^R5*Fk1B zfy;AFb8}AXeJv>9<_>fegV!#1@IOE(#STnM z1Qi1@qRn#!7r9E*zZ7D*_?W@wH8{$SOBBF}cpEYY2QJk~F2iSjLsWk#RrX!#-QQTv4JCsb4W81$lDX(`Ccy+z1%M^OEcKk8K%PBemdo0Wr@7e81b}W zxvWAyj7NvYK8#2EfK84FUC7ZJ#(aX0eun@28UH=`t>(GxD`h7!3iVyWptCWLLTuN5 z&e(QV$g z@7ub2s@6QvPEWW#${$(8oJh=qejlImFF^lSVX1dTA5kj~(Dq9M*-eS~<_xZXht+WC z*vNB#M)AxO`r&=MQV`6qz3g5n&$j|P9u7tyUWQ`y#iY_8)*i#wTYsh1-N0qk2G}$x z#HL3Qz=JFi<2?QhH*&7hjOW;n2)qfM12>jU* z4hVuyeJ2B7OCxUBAOP%L#96@3J7hYZVNYJqpObfj=wJW^6PuEk3Frq@!TiogXLN%I ze3s|cO3;F#XmVkXum5W^x{+b{VKZ6-rvQ^KJ|rECr(_Q=#L}t2ucSZ1FI7vG30F~5 zy0lj=Qc8=gjyPkM7QtEvTf^%^Wl6wfV1HyVuf~ul7WCS}G1Yp!$&rQKnPDIz+-$!NCM7)%o$`0s zXuu+Roywha=h_DuisicRI=}e-X(Wk0^Cf-;6(uJDLQarD3^;}oZ5R8kl zs~K!i+r>B_8d8q}0$Zf*C8|qCXeBG=?qz2X6=c}TKf=~gl(EENltBky?F>jsUc$7{ zD`TWFWVn-|+V4QWFln+LA{FIQPWBmV5}RG6Q1Y0yZgI*koY;tQPYMqWJs}<<>&82X ziPa}HLp8h$>mwEYH4{qV14gq2)UX9?0UHb>ow7rGwCau|{=M3mH9?)D0#IdELfy@A z=Xax9$u)TyBVM^kqk zA30eAh#l4A=2TzDN>E#U<;Y2pf88j<2|Bb3S9cB4_DKxOW*TyvB`~iZ_x}C7HbGlc zk3=vz6~u3J28{+R#n_LfQa=McQsL|yl+{L~L&GB)v{0Z4bbI3tkUf6y4p2S86->}G z`~5>!+Rlzgwgm&m0d%ZIH!b+9{ubGLEJ`i9&wTs)WG}@jFn=V?kNs!g4|M?n>DTLA zkS$-uoZEvMZ;j@Y29hz~_}q!WdxiIT_Ts1AW@w$?`wpu+&$@r)9-I$xJO<9Om_H!9 z&ZcCa1-zYmVRri?!027T-g;J=#7%=AjpS`yj2Uw4@MWFkUEK#f|NDt1nrFY2rp*4d z?>wq_hO8QR%>L(Y`TadsJxudH4>Y9Mdx*vhr<2VuBR}e`ly(au)|o)z@nOVDLUVLW zi39L|$#{}#D_GG?x%ZaXh$*VVVz6MFY@vm~*hTfY_ykUbGGo1wL-%oFIp@1%WB)0L6t?obaRt#di@1 z4T?5GPN0wpdaVcuoJVM9TM~t)KsX%}qGSyjtjE)bxu+Xbo5W|GxwWdTm{e7?3P4!Y zGGZbg1!;I+f|_|DL995vkIaC99k)FQHlrLW#m++pH$GnG4j&-tl}ba22gx(5r>Z$v z0bAuN;^XeI>BWq)7l``w(C2#ZaEhzJ4oY8WpZk4(G0R{A9`Noj(vz zV?U%%cU}-}>X3#U9i-GpM~fB|k(iKIA%%yHA-th)pX(A6(2vTEHm9ym+9}LGyo6_# zsg6*0p%2Lt>lzat5Y@;-5~L~XlqIiV&8pJB=EP1Zt3FyC@x%7uyfbEbMxeYDdy(SF z7)kgL*vn^zYtZt3JCGF$iN}j^t-vpY$ZEmp22t|Su=wEDl963`v5dtGCDqDU;m;A( z0sxmwwY^njdU~PLbryTnz&=9&5H^j`89NaqBK$OOWSV$u8UPnXHYzf zj&-jd7NAF7m;$)Tcg^DVVvj0sA4}Rk-;hUmlTjM}IlZRa!-c&Sr8K=7Pwh?){civ3 zR*G31qyBcYF1b(D=8+R??_ske9Mx?H&L{#rdXr=W4Kg^cZTm>>;I7DA5*AWyF>E#F z?(xcBR!$h8<2!2bprC>&3d>=D9bg4%0$faKS9LtGd@|*8OChwrw5Y@9QeF4}^&|cE zXL$UwVa9vLK?HQl$Ut87u?>t5rB&1lyJQ(?G4kN@?P_p5~` zgK8@51=r0Le7`J%%E>uv@V-|yHKwS=*<#p6p83qE6G{_gZh%;uEt+F^6~xKsc2fjO z$Sl7A=DrKNYXY@zF^;6(84e=@TVvocj#PDPTfKO#@gpvKh71OivpsFH7(EHfiw6QL zv8{#Q*W)eTQLKzyU%YhCLgikE&0F=(JvDBMn>N%HiBce|YscksA=B`nP zg!VW7n{}+#${j)q zVAzpt#XT3kU>+#sTZs)A>?0q?s zwk_xjm*DkZ3n7@j(~q|yc?5Dxd&GAN-KSnXMvTwh3f)qoVtyp!7rzhk^^|=|2@~IU z&}7hy$$AqXpMEQF(a8|-rFlKS4`b_sj|H)|T6=favniA0^=h*q(whkMj_sHld&Gs{ zYm?^1PgFY5uk%?H$$q8hSPpM{gI1(R$m*9+N6!Y+!obnqoGX-8(FQL6-`3G1K+ho`vG(uSBbI(bSJof5QrS zxEY=zL9wTFXy0e`%9s!<&^+`z8jQv*DaO15KDi&zkd0Nc&DG7z-??`&xu})sVg-wR z=)G0FJMwgsQ0$P2$$4}!x$)6RX#M0bsI&~B^!F43G?_@#E*hSxyv)VC8(cIbG!5yZ z+WM4koHwdTD(Zc)DT)dS>ggsnIpRye(j(jT`LUf==be-099_8i5YP+WqPEE~2a0K_ zkhH@tbTiTNOU~-c=K0l}bfdUixCZn1{BOR!R&St1UWQy(zosQu;jv??f=@5j}-SMBFc`&4S zxeG<^3`9&B%i^tk(~A`76%=Yi6l>AMR6dDyWI;QuIIm~cMnAJG74Zj7v7Q#O-C42I z53*x_Rx~A1JT1Nr+537~tQi!p6*;1WS7HD#J+F*<&Rz1J$fiTESM&;Hhsa1TbeWkMfsf}Z9sa2yb=xwP&CbQLOsT2E@V=A+=skQ48v+D)3{nmla zovp{$(meImqOWoZ!GP+Jr2DU z?0j6yw2}|+3Rql%4t*>kzB226nJk9mEUqnO)`NC=p@+VSWdU=CsCS3Xl`Mg^>4A8x znkYw?r1oat$~>;iUJ;iEUz7&XADLYzgqpI3*_Ma7vWCAY4-aHT{N0Q;EGLdFkH}?> zEG>_$eb|g<4c3T>8ZM8XW{p`Yk1@my9sd|}${Kh5uo+!moy;1K$CmK0869|ZPg(JI zGn(BYR+24Qp(0s>Ek&;)#gr}8wj$M)E$vN3S|D3`SVej)TSjU{MlM@sX+>r&TUJX& zRu5bDa7FesTh3BN&K6tlK}GH#`v0?x=KjClj2@}S`N)gAT#viWi#OmT1psunXaM!Y zd@kLeN6Ic1b~fr3b`DlfxONsUE*28J+ya6Ef`S0&-+f&(bWzms>z{Y#0a5=}(iQLj zt)&00r2nm?|E;9|-z#Z$qW^y==^p+6Q%Sp)JSgd0(tlObFDo9DG|lz@os#BxP|_Cv zyOMsy^>eZ6zbol7`X8GgpZs?v9f^YwTwpwd|5eh$Z9QO>89Bm9GeG1)NoSsgO#j%y z%u^6b&{ea!MuB1f@sI{x9=?5IY=Lk-=qDv-v_Oh}RmFXk-j8~Grug(Po<@;l@UTVv z>MJ0K8!ckAtg*vwDg+lO4j!N6)7*4R8a_6!RYK#b=X?HwDZ*mg6J2j zf#^Rt1{h1@@o!~SQn|y@1|L0X`ZNjX0}m%H0JN0?3eo~h$&o7nrqB$?$K?g>jsHu@ zhnSc5Z%w~yiba2UgM!<3OmHBh=BQfw!IVNkM9hg=#qm(?l9%1HW)<=M zD-=>lG3a|_pS1N^Ee06vJqS`GtwaILs|W!CRLCfG9;22?J)5TU=Y2Tf#+6~>y@rHu zH5O1Oy_M%nv8g5BCY@D@qUZ849C2Z|!-h-C{em6N@~mAum78PJ&5eY*rwi%gM0Hz0 zvB)U=#deBL&=GAVAj0nV=wi!T@T$3iXu^3YOYlNvs0vsCb@}XQ$6xniqMl1X)?g1p z`Eb&UWqPJc5xxCcjKBRCQ^va@lpPuXo+|)Rg6uGb(7Bm|X<%t~nEao-Q+^Jz1ujQ& z{4&`K6CO}p=hXpl0Q%l4FegSuSF{^iFq-t}IsJw7M&@??SCSF+`STY((P%zQa9Vm1 zIKKW2K+I}^r6#46+WHV|3x7N2k-~*EDcCUU=C4cmV%_9?s&e?BO8U5sRq1TJ{i!eB z`+t;lUF=5(;~#kg1cx_D84{YNmv6|wk{=HrT#f?!{}V_p0G~Srxv_x$2CHO&iQC zvWtb$=hBtmt8R`WwRTqcM!FCZ@>t0NTcKIDjXZfAb`A3_p*=d5HS|0mpquHlT z-tA{G)B#n+b%rbbZ;*=|kh(eZV*6|Eq3t2`M4IA9GBbT`I6pC_NCW7zsE6Ao*6)bPlC3>l-f3;?E);Zi!v?39Hb!1}C!di54zM(GTArUD$})} z@~X#>s&*Y|ix&FBzV)Qzi|p-Fik(G_xsMaL7}8zm`=S2uu3Zy!H^c>q)_4T}X3g;C zq!R_1bzihRdQ*e)$6M@O;>RkGse^uCSElCYUYd8b<+?5_W{+V%<67Pyzk6vH<8ezE z@lN;8GS!|PejX;~prYT8GLQ0?zL@9!4?cQM@!jH$(elWvj-huQBn+T*b_x-P-kaBf z!VnLD#}fuCErT)pK&o!IYtmrDx{wuJW4C?d8FZfc#Q>o<3{*bs;^huBq=epzn7$+4 zD`~zgKZD?QUKr9o-z|N(M?E7)d{DH_KyGFSp{Cp0Sy5h&ROZi7?%#yX#62S_g#<27|3J^d+6v{;A{0NqUx`B3H zoeJ~3HIF!L;i*e^^VQ<+&6nViP)mDzUl8Hg-bCH3e5&A@2*zE$*6 zQ1o0u^oDdaEo0oGOx&zR+&VmtsXs1*@)jP?&>x>kpD<|= zzY0pAmq|!3Oc=LFSb-;q7soC1CyebTEQ1nhWfD^g6Gto(m*9ys{m8^5`lO-V#6?gN zwM^4-N|xr^p2qSz zZFDycj*{M#kmhfY9`;2l$RNp!j4OhSBIIp)JXyxC`E-f)^ck6qIzH#j_KfU^40(r) zkDoGXW;2QnGFwW6^S^Kwj**wHX4X2`msiApZpW+me zlZj1*jw3UP#g~JNT!?3lh0pQn6LJ
      &w}F3~$$iOK@;@dqU>B;3Iwi_N6iL91*i zC@;pLnn|lEMyK7u_`;D^7n|;7B%^^Ct&vKxbO)CSIju!yu{yiA4STL#W|qU6pVM)! ziwcXCqtYvtJWqBOcQFkwM`rIxTE9E3x7hjb#&h6~xkxidwgAVH;PKoDa^`SD+L$$l zxJa4=cG{#$h7?1Qs1D{d!<^8L#Ej$8oa4~E$bur3vI5`el5wW2W16bS*AVh-lRSTTRDt zb*@UySVYZ`V@>N=jV4OXHK=y}OAWqktv-D%S5PgLUG2-lTDOr}9qc-x%9?1lI#R1T zoZz~sPqk`_brY3!7g+W3{dH&3^?PL1NXK%NC{~P#w~vf!v8pm3N0mX>YltQ|aXF~T z#2pEYSSct(sVM45?z8BeUNVT+w7+SjHfroYM`m*0H~NH?vRCDE-e>UoHHqAd^GDV9 zWi(0NH`O&YRbMn%Nxv7hc%K7*zfthstnarx3z-WlRDeOC-T!fv!W+T!YDc< zl{)e#nr6r4@+L@ACrE0XDC@EaZTHHn9@#gqXG>Idlu|ghp44|b6?dPc7fqD)-TQs0 zVrhsXY!Vk9dek_Q#WLncIKk2JF{^e8d6Luar?F@hw|qi1yWY4tkvUM+oo&=3xn8?l zmAh)BabVqZn$>jF+5P6CTb{2w@3QCTedc*oM_W~QhicbFR6Yo&>`N8-HHR!Z4(VkT z@gw7AtZLnF;yqrSA7t-)-xBqa;`9>Yz=)m6F*kZmp7bUpd|DEj zbAQcb;q2dK?@M7EAZqWIIPVuz%jE0o5&ZSRCTid*sGmxDP{d;JSwX*07bO?xpv>N2 zI($&FV31rbP1QJFE4$esT1sG2QQCi~x^pOe<0)|A9PzYJ~q_r2hvCsQU%K`{IGR{3r}XdJJSfc6-B}VeCG;N0e(k zg6TK%HhRPass-ZJlCskpQ+$_XJl10$^Sw9#q@~$5Il{*`?nf~G`*^@~W5PuG4JQ-C z{^ohNK&-MpA)=HTa5DQ-a@WXeA)@HS_zN(~qeZ!4~jNriCXGq~2e2=l(-a)5fg+A9{K_n^-vp z-~HR1YR)2Y!A#?b2}(j3-O)@#^+(&E#U`-@_~JFISUcHN8v|i-wB-si*TF^fc^$*VCRZ_#f04 zFnD-&sEyv!g?SX))=)e=#gcGcS$d!NS^iVAESnOeg z>E1-osIPzfNbNs#8uIDIX(YM@rs51}jVSFCUWJYgP; zG9EAs1lumkgXRi=jh`2ei@W@#)9;vgyq^tOn+e<*vvGHp8}NdRX-EEm$hg8B)~!L9v0!S^qNxFG>C-m>6d zK=1OgJ_PkN#LXU(x#@F;ZvNZ&ZP85FhzsHJ_Seph4|zS;TV}|D8}1_EUjRsIM+#1j zLitNdYX=q#;$&r9Dc&VV5aH5?9OYYpLrG9Y^jFRbdI>Rgah}edp|X(^ne>E^y*QW* zd*ZS+nDOFJBUd5-siRMDq?M0DA;d~s6p_RNi4h9HmZwE4*QHPZ&K4?lLbZeZ`QPgLQeA;7(5u$4$Bc&Djx<%1tXA5?1X3L{h_!t3fcPZ@_kWM&%!7T zF0AununegY86MMR4492bhZW}HHNchDSFIevqce}PP049aASg$SX{7VoJ-*LA9N;#m zb#oi)ef}ciJL#Bs=7>%l!o~p7(eRySkIEMQ!r08%O2(8SD(w zD$j303H?^gq*ji6=^2Rp{rk_M!!rPrv0e%l-SX8l5aw4kIze)kVBso52795!wxW7? zuw}eD6G8w7CX28ZDF)% zv-FR7o+2L6nmlOg;Qytm#l$>@!UR@e!MI}f2+1w#JFYf>zh0Y}a^AX0U3fA3TwV0A z7)daVW@0%1j1Du1;XR*CV|~w-u`d@)L~Ky0U=5`Ww{Qbxg^OcOCmmEsuE96Jj_x?w zq@hW3^1fFB1TLcE3nIjt;nbEGeS#RK{Y=Y0t|h1)B!}REK_k&%AyB-^-dYLim7{sB zXYxV@N3pss26h>$ywelK5^g%cp1pnSGb`-mMQM)2BicwuTw1{(0Wm}ob^v8k82Jot zFGkv5O&zAQo4jUs!xU`*D3;L8KWJ(zqx23z(!wX?GFHqXAdvz(LPD8>0!$q40y=`| z#Wb_HXF`)^@rumtyy)W05OXm+dJ&5>>Xy{}(8rGH#-5mwKl3B7=K4Olyh4r=g)?y! zS`Z~&;O1MGpvtu?IL+HD;ikpBUo?72ge?qnZ#U7U^;x7EWr$~V@ybs`5sCO*oMzkU zk|p;>+_jxf?5#`L3#xLw7d0)bY+W2dSF|Md`yGyOH;D&Ljd4+cX)e#}6CSqkS5q6( zBT|A5rF~sLmNnn2J4uTx2{bMi@_wz=%yY|^vGVk}lBdu;npN^b(-5)VMRs|My}gm} zi9gY3k{0*5bU#YhGzz$dpStk_tRthl;oKX&sHy|#*oAa-VLRrC$K=mvcW4Sf=9dtm zxb3HaJir#{PlQXLKD!dlAH+g-Z=uMu()!bCV-{ zgyygz*ZG8!Khc$or7a$*`Y1r(Fo9)yrO`i`he`efd7OCc?*2=M-}DhXqrm^csEL=` zxdWY}vKok6@Cs|@O=29Kig#5TTbhGwPMsJjjqEnidEQpkB-UM89GQzwhy^61wtgLB zayOtd(NM7AtNue2lt%mD1VxWGXxwR7;m);B}lm3laJ z6OCoFmUJ4`r78FwDr^hSqmm)<%=R0a)D8-7n*|=4J4lQ2GbITOd&6BbQ5^iJMp+|> zeK;Fk-d>|8L(7#qxnPU33?3cc75oeFYRunGzyzh6#RBHLG>|LKG1ndJ&*T4DT--~Q8JwlU^?3Hm2nZNCrm4-mJinf9fH>csN2kWXdvw?jwO)y;#{XWdsd zM4}WMlPGCzNqpRvNq)vIfB^H^5}~)IgKS@ z`6S3AH<4wEU6|HAaDVF8O=@=C@v`Tx;Cq0wt=Vs}s1Lt&?E|Oo&44E^-RP+laH#Pr z`jfW4H@@|543mZ+&9)%y7B?++98(-SQca5MvurU+ORk{w!6-6!eRY4!(c<(WnEQFu zAA-+Ftoih8p=;h)o9qdq?>-Jt)tJFFA{eB%$Z&&jIR1$1Q%`WWiV%q z->*5RHh0-@d#_HI{il)+9vOLo*O*e5O(Rez%4hQ*N?L4rb=q3;N6yv5e)L}@%^Z^@ zv1BVvvNqF+`nr&)+g?G~kSqMU?x6zBLB(ozHf{KIsi4Gx3Pa{t4u)6xUnMPkIA5ah zkCIj*$Xu-ZtE9VCUw&NsM@fIyb27R4tE8{9e5jl)N!C|JTu&4uPN_u_s!sMp&K}q}G3vFFJDCw)3jaT0v zlr)A&*FDvPlHS<4rvBMS)Z-TR!)O)vK}j=lulZ?id?FcXi($`okM-X8JiGdHL|)P( zF`RRkN%28R*PbW+Rnp<2qej%8nadjo%VlUu05(}w=SxI z&8cPn2W2t0a~`HY^2}Ner8#_O(vXrX#XPm2)IZ!s7i~4x+68>I!Mz`yGrewo+5C;9 z%5USwbRjnm-EXD7W|4IFF$|2x{r0=x!3*-A{Vb9`$8Hn*!rOPDEfU1}L3#E<2#hch zIa!Fb(W2S*ugg*i^!(>RQK!mK+*Op@KY@XF-jvrAywlQpvjeAprqFP|fNrZkfZmHP zH=&~1BiMM0jyNdb<{@GBXduR3EPv7EB=qw1(B8T78*#+X`Ra?JUP$#*NOS_d7+A`! zD&ef>DfmM$>4(SJ&!EZDK@8pGE5TvqD27UX#g5=Rcpn*>OdLTs>sd%xIc$HW50f8- z3>G4zC5eyI&-zqow(8--kp+94H3a% zq-c*xWxHl&^u-1Q-Vc2K)P-psw?sRDLD@*!H6Zo1<*6D(GI@Z%Sdf))P<~QEp76bx z^`O#gF2&bRl#&NkUvsLyXHy@P%e?Qp2gXw_mIdcN18vBCF3XGpiYN!xnpWyp}E ztUOuNkm36wPR}8ug&~v6MgxC7jY~@NXf}&WZmCOoydpV4wP6m1VNSq~Mg_*CVY(pfVlC`ax2l@-NHplu8+tn`#qC5<%Yxj|VJdkLe=AUwXzprUMGEX9NjYz88>xTUaECduD> zXvP`e!GCB}RDMQ@4|gDo@x@Ais{-d`wsur04kERsM?}75j-Dm0Lu+ZkQO!V|(0QuD z$thbd3a-#rO?j=-G?*FTM&JIlq)4UYgJ{-!_maA=6X4IPs@Ri^zi^&ej0S`A%MFzm z+^JTi2-`#Gk%|fQ7VHF@vlC_$lM`w}dK?q4pkO2x@aH^###(i5G#*!UD*AaolnqK9 zogcF?F_o--{6b^Ba;l0?dOkyTR!wbP2h5DEu~r|$8bnB4O}`g1bzrO^MyR>ss}VX= z4D1wt`Ko>r{h+c{03S8M$Vokek}&&{akc3Wlpm)#K2F?!G$T(pxBNJJSq%4?7@jQ8 z#)9RLf$gvXd;CO)#N1TEhCg3xSH6BE9?<%;r#VJSccqMIA`?0~lCWF(ft_2=CQ!9xIm4m=2q(PCDmMTDRB`{OT zQKQYhICtGRuRQsDREvY(u-Csjl8tR%d67Z#f*Qb%!;bYj7!0)S=Ty+&9+;|B}vcTPtSf)!A70a z1y|Q@Nbg(a(xYxYjeWfZ?B!QEvF<~Y5AT!Se0%OCzf9q|{3Yn6j`+)|>SZ6B>bJ-k zy+HY4|EVXi#g|Vmmz{}LwmI~-R94`d9l_t~{C+Ej+wdW5^l_6`?hEy?J6E(#Rw8YZ zqSXoFyK7=MB@(anRU8Lnyd;ylIa4JJ8egow*&oU%S=D<#ndYUDhF+GrznVMLlr?1V zV_`MmYPC?%&=_qkUvRmgM6c9EIH5+ryhOfCy(?YU@M-f}Vv?ckx?#XKL$9K>*Y}36 zsn#JJMz%QXRVlGeQ@kxM{H?fpZ6?dri=yo@x}7e(UFd2Zx<r?kep7TcPRK{kw z8zbTyJ>5b*4@bkCl|fzOF}IEIP-C~O4cu5$s5UE*FiYt)lit`anc7Z1*%rsy@%GxhrrORS-I;x2ZmVi8;JmYN zZjCK}Purg7;~7-+~4MM!&VhfJBNgmrAi-v$5%! zv*=kSmpo-(n&+S%X4F_kX|d!EGoZz=;ufXFl5W}b5FGFb*=TAU1c=)z2OikwPMPH%ghd^UP1sg++J>zk z4By+@86W68Ivn7zJ32lH6+i4Xvdbm6^9!&WaydkB**KQkm?6XVd`{Qj4zKyP*qIF5 zSuNQ$@7u*(9lqnXb)mKoQMU_GXb3HB4AQU<=U#-hSR?QZBdAxyBt>H0h{s(U#kPn? z4;#cUaV45QO_nrB!c$1e6-Xr(PuJj0a}~_A)z4VcP2d*Eo)*h>rN}F_i^Q;ZlC&>y z)hpDqDoT~I=5{Pmu!|a&$PW{%&?B!Trmiv-t8OvPDV5Hm)~_*bEPdnXeQ;cM<@i#Ulfnt7i<%R`^^<~=6Us+l5!BAszn!SMooqC| zwkz!P*Yb@>HV&MMj=2(#3vrG17)@eq4J`>z)EZ4`JV8!R3xDhpomUV=9cxXKJZ&vnA5_v%ckvd@u^E=tjlVrOFD2Ymj(u0z&bv0N#Jr!De|Ks%R)Znj@UXni*`hHm}f2Q~SI#B-N&G(;p z@|UUK?~r2G3L9%-Ut%|39UYAR8g?C&e+5z$pV>MFyoW%VXDBzXt`}dShV!7ee#3aI z3A}Q^=CQzPHO3jy!HavE^z9Yyq46*7rAI7h*^=k!*KWV$&#*|&^_b4F-klL)&XCab zk#3)nX`bhWxlIk8AG)67ww{;%KG$13M^|)be2H{_MC0K>@C{<;#+>IsZnnnU+Cn`d z&VDmPOLNY)?Ox-#`n*lrB!dy29uig`iqC{lhoNck25GIr4fTV zFL>J(#@eN%w^s?D5|RQO^*-_zhWH`%0)SoWrdE{xo78sqI&(V%nz?*cesLNSSuz?Vou=U0mW`v#8U^`EXeBJD#3T2e85Tz zVQ#5~Nd)eU)@rpT&1ky?MsESwZ5fSE&>sps9N_WmXFpY6!1eE_?eBa)DAcEAfkr!aX?AU=u2?n%iY7t4PEZT{|(9(ga-`f-4PY)w!lE1Z-m!~DM7?LH~&zU}52Advn? zHG7Bz(evlN*V}F^jiUA`LaWywVGbo(eG7*m0ouUX!;3K<**Pp=UU_QGU~0JmYdk!1 zhU8Z+%kNjS0{}uQ2K&$XvTq@o-%2?5j(3)5d88z3plTnXx;FSG9Q&ttpz2NbZ#V=_ zsu2o+$v`Lq0Fd9;ONv3l?+gY8d*KC?&#Udv>4*O+X=9OkhS7L>MZ;*N3&!ze3QW28 z^;+74To?v;uN@!(muVJ~D4Gi>)AI(}0z*6JZRoa1z3xzd2KE9Yz#Kh#T1Xo6#Hem2!B zLU9PjojK&T?f}uhs8zl7Fa-oIC?gT}wyIOv62g0;GiCA!D2u79$!z7xN~7I;t%+Bo zOQ$~lw1MDR0wOd+c~mKoS1(BrPV!8P)dwoNz|dkeU0;=sWEaOP;A^UkXckDMh+B8 zPR2$8c!Gd3djB?PL}8F(tlYNLKb+cp@sKf@FoU=^1UDzm6gXis*h{mB6g|*ZPONy) z)Hs(i(EtJp#mHaOnf(_{eNC2pkm=GRs+Da=oKjdoNSDbfPqYM0Abk{})h8wKvp)W@ z1da~;p>dxt{*jIGr3FBzGFq-=Tj)4bSfwI*s99k1+9q}E+;$_rw$!n>w)-xVw(f%% zqpF-Y=Yyus=a;bvgg$8MoGCFkxbz^Nb+z;;I|rv?P3>__RmN(;5b@4_uNDM~#fOF| z>konA;A|#P)u3_LbzgOB7nV)T|u2V-clB3mOd?m60a#|^bZiDy-y6{WHIyb6`i z{rQH!Q5n0D@CnMP_;&HGI|Cp86;cnD0I##>N9gQ~6NhS zkorm|OW;pyo&aWH?UO;}WNknrAd-iMKtyyP;bZ|np&OH+qxX0{cee+fe|nC8@Q^`(2t?RTqZ-t-_8UfA&c(jRP}CN%bX_)Cj?)JF=v z_tLyU{gpd@%=Xe))NaAl)oPf}^q=93D+belCBmw*>L)nn4B_=* zYsz<@6ndu}zTy#O^2?Hx%27d}G9kwG(q1mwU_?r?sgw;=uFXz}p=9!cXFXeAlj~Cj zJYE{9L;5ABI7|q|h5W%$uPjj16=ecGEE!}&M-in4Q*aR=TjxC%Zu&8#c0YlSQ=6N^iR6V)!RLtI4tB7sBnuFn?5ni+6u&z^P!=ObR6odK%fNX zL{??Rks5EY*XL2ZT8YRUfyi;AH$v9WQ4Nk|vaxlyC5y#V_IJ$KiWWWG7pn%aPBbH` z#G4)tjZX4qV%|Z9VS|EzXO5jjaOE=m>`E!4+xgE{R$^EQ9lfLZ>5^~Ma%8j}Epngi z)TsSQd?oju%I+!;@SGR2x3E-aFhq_kLIIHO3U|Kx%?bR?z*2j4@fT{#8jHtM(&@LL z7S#9^iA&v1lQ@Y}DHXFjGd*T#bIQZ6)#j1W14xB|QJ3Qvs9NxHZs$rgJ!sVKeGg-u zl9Th%ggM3Mu!cF(#21p2QrPtgRH)2AkUQ7{#hkRORv6$oV;OQ4C%RjEIjpn96LwDl z`}0Qs14`+!*kgYxbefSuJmy(j@e|vb{)IA}S>A9jHLFDoSo0&OJD}uGMSuwmUA*8g zWkR*Dsi32GKs0LAa+-=HsV#u9U@|_6pI?-9(4o+Q%a;jx1Y~de3Xy`NNtmC~2Ey*9 z)>5478Yls-D#H&ZNDtZmrw0zlp0sv>+%y>*dq$}FJ*e%kVz?*`ouA81zt(%7lOui% z9KE&hw{?qrQgix+tK7nW_9}lQV0V%WjSr-y*6{9kS}#s1Z-eAC&S0_aHO_`u_Vwil zRN7;dm+cFWEUr>t=0GC5I%vC61=XFp9UKqEfXh0aGQ*hz(7DPdOjaHbv;ngc%0ZJd;Kou74zJlkT->m(H#s2up`kH!$ZQPCm zyk|2})Col&sVv@n5T7qFe%nN{M*kwNt>HH2D#ghJ9dz?#(<;z6UPPs}>bsxTJHO9b zE|L`~kz@dWGuxrD9VS#eQ&+v+Z%bC>J0Y^WtM#`x)w$AH1v;NB9?h3Qo}P0Kq-STd zttYL-?;p6^w=x1|b^)mQKi=YX&${Q`cRVxY{U~_Sh+(Z1c|}uizhiVs9j$I2I7<@-A~{D+Z5v&smzYPEg2{exMgQQ^ z`*N$YCxO0&MShK*GitF_;AM6mu;REn>hvw`Q%TCLG&SaF9;!NxqSSK$N2fmp=S*U^ zNezE)0rPU#Tpp|*NGd%GqlL=JLFMvX*mm*5hTF7W0zvsLMCS68=D@;4_d|j~u0XnY zLaJJ|vui?Xbkj?R*3W`Ak;(!qVOPa`s>t8`UValuG>;A4!NOC=CJ(u2p!MuF2aGLf z>FNHsP`;d0-=rm|#~LEEq*L1;VI?2jA)MZ2oc=UZP<({D{S$Ymo-RaA4j(~xM+YVl zqg$1>Kn*Kw;vJmjP3Ay>5#z^f^9_>V$&s2GA~T_d3cqN`-=vTm=7RBPfi^ly_8m&( zCz%xsV8;UObQkT8?iuLQt%GH$bdgwL3~kF}aZ9-kpTf;-lYs2Pdy`x?Q|K-!-Y3>r z&v<(Iy{WCsscke3er`1Ul}{56#&-!gJp6Q$?DS*VpLm(o`KYa|+$?0s2l+9ip4eK7 zvl~2(-BVB5d!1jbOs~vMJ^FM`T_W|9#9V>gMG-sFio=&d7Gljw&B(>QC$&-dr1pQX zcUM7eFnYi56Et|BxVuZC#flVncPSKicPk~hyIXO0cXx;4F2%h?E9s$q-nI66_c?pc zo_#J4ce%@CCX<=`lke|SAYV$Y96W$}AfZB9sEcnJ*FmK!609mwh$=#(-WIKnwXUYW zFK$!F=Tr!V(11M)wYUaUzGG@97fPD!J7*T^_>b!DD(Q3;>P|`M4M7W)C-$Z5X!NnL z-rp5Mf6^FG4(bg_7^2h43g#P79^^998iz;eC+{0J4Veg13&HM|^ zBqS`{%rxH=*+kM>b_H7&nKjfFsrZ_i^&O~>(W=ausjU`SukKqNm`UUm={?ZeBP+`y z(7Bw^IzBB$k(e>=7Q1kn zs|FuR<(XT?A3By5dkBKPv5Gy727QW(yvxjd5Dq_d6|0>cLKn=#9?UP0N+$N{?6K%S za>4ue5&I3z_}k?f(bBKsmjvRD1eECp+#Lp0Q3dsxhtwSeLp6@{`>?{2|Fe=ViRhw_ zj4!zv{98$H(nlYZL|<403&O`h>0=Q}|5VcPk)isEakPIcX)eq9iIRkWD(R+@_v(Ku zX`|z~=SsSdwxW-fxu2_|Uyyk~qGCXSc~GNbP@j3otYXNHdDyLD*q3=ExMC!lc{I6V zG@E&>sA8;&dAzA&yo-5asA6J@d2+F0a+7)LpknHRdHSwm8p=F_P&tFnGK*XJTuJ|b zuB3(k_bchc8uZJT822?8zh8n8Yrz=on0U1}aB$Dzw7GxG=*;}q-eFQ4Ny|&P*;(+%MaTWckINoJ z4DWNK1Hstq`BtW$um4M4dY(%0r^jvtTh`a@;(znf?)K1!?IbcD@1x=B|Kg=rGsu2* z7(WZ!sQ4r ztk4HYQ8-I1lO2vK1uc|nqZnF%12>d-p|8KhpwWf)KOTWiZ$v^d!cw!zFU&)6n0I}n zJvg)3Bf}|Cd%jsMcaX^_yD*CxVOQf1(T@#>eTVGg{R$9=P+teBXKLa$(+{w6I7XdY z8l&!mhWD;#1uZ6G2(NhtIlj*Z@dZAG)5GEio^i3`!Ug#3=HlX53K5YN`BaynQQEIF zQ3+}zlcb)RLRO}LYs$YPgK)&uKx8cdEMX4-k)Iq0g8XSlW#6I0J?&Hiv=CNCWp%#B z`WAe_kMR_eqNoaCah8^+ zIX^s%zk84nIc19(KtjkL5^Df=QRc@cdcqo?j$H^;vJ}QWsS1wY&jp(ni!r55g*(mh z<9CKjAgcJgrwNhMdEg-<`}?~K07_*{%T&$BltNY=vv?=-uQowa<{TL5m#g#um2FlW z)BzxAVOcvdIk=(iG#@V460l6TRJM6jrro%$@q1bBjhku7w+eHB#!E16OF2BEBcvUl z9Ndops6|k=0pRN{rR%sRXic6j`CBEq51qolB$t9+#|a1+>Cr<2k66Ge=>%kQ0iJYA z8-UFl+)S$`o6O2^^PNI}0`Nd>EK8^f1IqdUt43vg=h;_gFI~s|WJbb5VYGEZ08u7q zWnCeY>rUB>`)p%-awn5n22t~&f@uk$1tR4b3tQ4=T?#kbs|JjnzsD8py6`Hqv1Gzs zi|4jJNJ91k)&#g;0}3e5As7g|0i*?La3Hr7e}c2^R1uHvF&u#N@6$?vq-oDvfWLqx zc`SK{EJ$>_2P}A1HG@7da3N9~u6@ReXROsR{)-_*`@paS6(1nxp^2%_Jm*2M142L& ziQ94g5-^g~ZFqedow2xA{1YGPQU*p?%mId`CI`r@)Q6So2WIsqm@uNPhbEls=yoW0 z*6Zu(Q#og@aJ!pVdrZ}5-%lJ07Ee`My3}Wl?j4E{eV++cXgC3|NC{&QI=u;2N?M`X zm$WzUzf8OFVzfOzGguW!*T5*|`;et*oizIZ$;37~x4;#54KRT9o>nlMnMdr@M`bi|P3M_Z?kaE2rPb~O*Dm||;6X4~01w@b zM=Z16PJviva$pA**us6)=IrFBv>%P> zzhY&_7pOq>bZV@Pe)_ef_lcJlU0mS@Cr2ml19&WDKJacwcO}t3Xv{wG((Yg3b?M(0 zK?v44gV+l)PmyQaI)L`EuR2iB&@lOhPlx~y=mn*ZzuMaebky8QTZ4uC zz<%Ak{Ylil{s^mWYpwig-G5}Op+xU@yO4F_M83t(G8jLs8&5t=F9!pk)n@QQvu&Uz zcoq-fDDA;DjJv`|5ZBF;sus1uUU&$_nT+R0_rkB$dt8=U$gd37839dY3t(N>K z)T}omt~tx8cWI>8-t5AsYJLFYpH1s880YTNKyqWI zMWb+fFa?*;iIsDzl+#l?tPzZ>C}$wFU}7X6c({t2fEQr@)$bPWaI?JU4eAA#`Uf+cRz;o^TrRi zG7l2OjJC#4rZJBbyq@Mw`0U9%yF$5yl;H|pVO&`Ws^w+fU~pe(P1w_B-YNCmN@F}6 zr9HKb+~-Za4?Wn|qO45>i;FQ`^dr+cOrLj%7KA z(>kt_yX#PUB9nVt@wv7!ei)PZIF=6$D9a9#p@oD$IYrbFI#TLh;UUO*aaOqrCxtQJ zgOZSGqjbnKR;jYm#Z$r~)7~(CvXX02DPwt6rte?oQ&yJSSLTIN_6eqZ)v}=OO-vPI zSu-O;!zx*)OiGhiS?inf{xX{GlM->{lELtj@iB(sbjwMZ()PC0Su2|9bh0Jn%+JUS zD^_LDxyo^k%5=u6Ch00wn5u)s3ZO+5e1BD6YvnvrHOg^SqJLF3b@hID^^8$S{47=Bk5x7h{7s@ zI?8r)+rHYsqFPJdI>z?8PBUmJX?Z0xQ9Z}n8=8nZFROaru=;Gny8Pby*t=Sk-FkkC zh8*FBEyD&QNCQu9LuPM7N>M!?e4{*5VYrj*{MHrOVofTrY~rX=C!Qc!cIj>N0>W*?N7bKmQRS`|L`21+@C2WzQZg!Pz%`t1`$!pQbmGq2gX*h26&1+TfZFLB5tw(74K-s1y z+yn#p?oHHj+A`nXtO@{_prBiDtlL?oTRN^goUr@tQ8$-NPaQ>%p>>aPSkLltPfc!* z<9JVWTo*2X9SKwGMtKKzW?ip$FS%Sg!9*r8e=7-UCmnM)MMqyIZ{M7D9}#~KLj^uS z4vX{W3vL^1to7F3h+?o0A@4hEzISb}GVz5`u_QZQNHb%LuD897#FkyhRPJa{WKKVb z;8W+v=jR(lOc)e69W0w2Xw)4D?H$zE>%&0pKa?FBs2wzThi~@og(H81=DH-xdO!L2 z5MB9jvvr>@F)s9CNcQ?pb`{r4eVY|LgJX91N0?^cm;LhKo82+q?GYsj0z5ge>y0?2nZt=^IaZN_ zMej%duHF6l`eCB<5<;RYp_l_T{ zlAs??_{Xl}XCLckZ~8tWP0k1?Puo$=!OP9DcYMbB@BugV1JlMh?8X#4OT={^Bv^4zul46m&c0%KNy5U|ACN~&O zYDVM(m{UrRXZeY*#+9#Rb9I<4kOK!@>3s8#FqHqCF1*NPxTx+pbOm7lX_?a z3m@QDiR0Rd`_v|fU$N?5tsw9J$)a7ZSDAL!IWX7Mpt)h0QpP|7PC2l{92JIEAfZsYyZy>M+laSzfGJa6)?Q6ypS|NIKnT{eXXRpdg&m#k zJY)_=c<=Hns3L3E8D&2!Zs&n%KPalPUw{pHdkXg250hu_YWItE?;e%#0i*E#vemv* z*$|rg_CzF#0%u^?l=xi%bjdUzqlP_)?I;WN3GT-KzgYu@OGSa0H5{BRz zwLaL*0ghxQ3jQT1g&fHs$IKi3Jht}C6nfT0+Iv9y!X^yqGX4m6^8!ciG6`i?fc3bz z3zr%Us-^)tEH~Xv;UBSLb)e(y$z!I?;LqvfM$bfcf4JOX&VHDhHmdy_N0YBS#nDLJ zEwI&lr-GOm-OxX<^!&jY)m97z8v){$&DB?%SuWeUyBD;cp%sX(#6P98CmjwVm%~*?FzCf$Kym>tO@^0>6I2@LH_YK)iP$nBH9T?p` z!f1LFW-x*wNeSM445k*wABWA<{+8wUy8HCei?`PUe8F1oz|a;Aj>BbP`3HcIvv#QS zn_*``ymO>G*)jW8q zYq6!`1U~NAusKwhR%I&F?In$>ednYDCz2hHYM#(U;cwhF{VVK(Tg=W|4@nO%$-qh| z27nCxhpdN34PD3$jyfFBQ$5r_2@jCMjcnIqAnAB3)^Yzk<@-3sZvG)_Vetkj^n3P% zf0gF1TS>6R`FHCe|CVBJfWtE{{me^0^U}|}^fNF0%u7G>($Bo~GcWzjOF#3{&%E?A zFa69*Kl9Shy!10K{me^0^U}|}^fNF0%u7G>($Bo~GcWzjOF#3{&%E?AFa69*Kl9Sh zy!10K{me^0^U}}Z^!F;ZA5GOiy4ZdW{eKRppLyxk&6A5O@7RoQxA&h{HtIY3$7UB} zK9%0wJszE18hwl$omt4KY}`LSE39o|2% z|DP&pzRp}l&8JG5o9Ew^G@1AL-2PJ~jnel2Qc3e$??!ye`JXH4(j>Bn(EnaZD?C-w zweM2O~It}ysc6fo%!I$@oM`6^&wk3fkW zwVV?432|^=+A%z3mJ+p^XDBc1+E3U<9}oUY{H2COq|CrB`k{F5YYzJ;TbDhPZ7E4S z+S(WvFUpTLT4Dm5!7(f*J1DT0!}~k6vB4Gcl!u|b*(_L5?}(`}NAX9g^y?xuDyRwG zmQo74{cl#%pwUr<3$yr-*!x&J>ceu`9PhDGg@oyqAfD=eFbKItoV5&KgA3Wz_Y_6! z0r?}!xXx)4aQnDHM>uM2<1m0000L;c3Kbj(a|xaMX92JyA_Jzkxcz2S@naiG4(xSL zyPy)TWAr!f{dYy8si0Aew0NcqRKUM0>5~6dC5?T;8XP~Ei*fsf%$`e`Ok-XYZ$n0c z8`%%5V;l~Kx3^tM35?xw3Y6BfQvLMia}bwH0`G0q)z<|%w(7QWb+0SOio$)vfeWtuRaC){WW=_b*Gz9dgdT(CHP@+OEPS9)Q0v@)H6P0s0By zYJo~;@2tHR=%F`N5_{Gf9E8<)J$~e94w|Uwl(6ocLgcw$5(c! z^RfZlu2@O^)CvTydWC#u0usZwdoE$(Z=T)IGwq*cO+>~H+PxV;Qg;k+U}o9x|weN zjH2j2Drs+}PEz&m?~8vcX*_GRjOf{i+S{tXmGs)u+EXQMf%f8QP48co^!igJz48BC zN#7K8_57=nmikvE?JeHalvqh>*8RV#q!Ip9(v|X_dI{SziL}aBdNLo(BessOn`NOt zy?`t>koGg25l>5{Ij)a*dl$PRV;FNmU_<~SK1diFVLOP;ueU`J-Qq7DgC6+B56w@2 z8{M1`(xIXFHfBV3ckg9~EUIKThiK+I+e#`ER1*h0g0UJ`Zj8V}DqCKFLb}R(|5=HPJUJMuoz1N1b2BuRL1)@krr0_UZO9kmm;E~AVu(ZgzZjPM@C;*3=IhW zf}Ru!@^IXNqs>MZzvug~7+`F$dnx2AAST_I<)%)sC;EfQis{=xKKGp`&*qJy&e`|Un2-S2> zJ4Da&K%J1toYY9ijux(}UemwTpKWHJ$bB0-U!`$7%o6%b+IscAd%Rwv)|1}Jw@Sos zTiAzz-OItxXT2G`)NC893I6=lN*jErM+EfWY7N3ezSZdhmt9^N`BhN*Z$kX&+5fiE zGkyW?kbFsS^&x9*$VcH6y&)RSX&k*v5xpHr|9AwS#od791YeO_cb9E~N+0vwI#3FG)482kP(N&liwUjP(HL>X8@8N6!fPq$<2>fkyZVhXzUW8(oE zJhjq7ZgMSNU|aweEg1E{fLY4m!pI;U(Vs&kxJV>)*)SMNyQAr5;6&dXtg7Wv=?-=` zaOU}UD-Cc#yfy-YjTwiGqUpipv_=pfcP^vQg1qod(LiBk2Ozn_w7nXmUYmB0}Lu*B74G7da0JrRn|SOwSG>-f=~IjgRPBc74o? zf&tq74`gXF*gT=cOlc%61eEN&4BXnpufj+;ktlfy7~b*{^Ldg8SSr&oun02{ zi&~P1BdJLeut-ZQz!KQNBZ(mLvMM7HzcLYdx00k!@K(DtMw5ZnuvA^`F3BP-*(y!I zlp)rbfYmlk)4Vm=MLWfnAO-6&amGKTtv1Q+F~x5*$)_~V>ybGijL4TDHM}(y*Cmxw zJ9TO|wJ9z&QadeqQ zETi1tBDo*(a>qwl=*^4`JE#92FCdT z{`s1H`B=O8I{EqSFa=@Jb$r zs)^+H4qRrU2hRx9-0)El4Fe^jaehnH3h zY!HWOd?(zX|ZYy<5}0+YJla zVNcuES410sM0R9Y_GeI)Ghydvl=S|n+P7-x@opHG_3g4wY9;D4hU#|USa-TQbqL3G zI1RLJ6E*CVb*_eW4#Twv6Lp|3-G&M7w4WB_HJU-`pn|q8^_*X z?Y&gQI3zxOH+-MS`N=3d`kYVuA|QPnndxLdyPxJ1P=2PqluPAfcBSD@<00O zS=WZx#HZ1SnaGT}XS{aEE@6m3cKEKWM_H~-jCjaR&cZe_9jbRGX|!Y4fo0_Rc`5hwzBT=#-fCC<2wGn4zeIhh&g2iy^_4S0Va*!&g=hx=R?utp~ zkx4OEPhhO4y6luVWGXU$ImSh-50H5JklYlKDK^6{?Jh<0&=Bi@mn@_~`E`+ah*w#^h@gGmxFKX%k=1DJR z;=a|xGM~f}jlzMq_1>TX+u=iGSSCPm0ds=^;16>jDAH7(a_OttlBZmHM(5jHgc-?v zR@@>}?V@Jy)D_Kp($0D3U%_Z2LEPNVyOGPdk!>H)G+rBkLatatYv$qO;7bPqVGgj= zu>em1tOfwlCU^N``3foah(^H@7~1WAx_lWQA!rr}^ovZJ-1OYpOrkT0 zykdRrrt>)LWxClfu(|?kN&qMV;1^mDL3B3lE?m8-HYNU<<_|+0qbrvz{}oL`QO~_D zvHsZ77jp+z*9Y%Z_a@G^SSAN7D!#a1j9;dL?*xz_f=4>hM|}~;DP~{lvcA~We(AT_ zgux7nbA^SYI06bCg;X9Jjm|k=%mvBrMGNlaMehJ!hW$I5ZYw^qFg(&aJE1~9O+#6* z0iL*4vTgn?rh9yG`=YrFeVfCfCz1Mx6~35BSFFhfr!4;z)8x_rRZRDo1?ivLf4RuK z-uFhnRE%g#y<$zA+P@)f`oY@%$aGj6eP;PYO3&zE35B$`pW8{FNp>9>VRb4LWpJ7zHy}(3D_k;earokU^us`AA{w1a7?{-KO`-rx}$+oTp zcWh>8ZP{ZMAS{kw^Bf-g9AN()O#^POpQ34@kt>Zw6$ShF{~k>%bgyv!#w8a#7kF`( z2EF`^hFwD+0kU(*>9AADUVz(i=xDiF#Z~G}RRO6xl=Fj`wm)2p+!(N(`b3V-Tb~_D zIz^^xypmjbrMC^Q?5vmS%(vwH_Wl9jFy3mT1OzBiSGvGn!Kqu8kD9K+r8_*_4uI(i%~fgJyl}Oe29jLq!}MpAy7uF`dSZ>{Mb9bNciBDbxt#ws{NOjmP_aS!%NSYDrED%;;>N?l6XOU(jpyq89-n+>kSlH2tL?GFiM~4g#*r2|PYl9w5B7h8)-fpi-?B$ICFj9t=e7 z5Q<>IcOnl7K!x)Q#+LVTkO*#>xh`P!!v`Uvii8>g*t!4#c_?IgeiUe2+XeyX_*VA9 z>n=p}umtLq4sx%i#anwhwSGf*Fe zyeY&CC5Nl@jjCaAh!xLZWHGiw+!QyrfZXTbXK>`G!2`?6`2xjf-=;%`$c>+5X`aTJ z5HY1ES=#rHER9gM&B7-fYoV&hOVgya7tG0}ZAuj3%rR;LhXdfnPZw28dSJfgN`#{f zrLjQ^x5x=29+;ISv;uJhh!i-0Nox2iG^)HQg(++%kFZGyvaqQ}sMf0A@04v7-vm&+ z?hwDtd4VrNL4l3$wY`Of&mp|*c{<3m*LAVbVjOeci9Z#K^7@vX@Cd(T>!UICv{9xU9tvgit~XF|@KXSA#el`Z_FFoj-nQB_<|1Z10V%AU#^}yw+nua++`G8UQ(c zWhP*bL^Ib3{w{$kkA;iSvVJ}%)1CEIh1npMq-ld%=$$%A%zB_6L7KJR6cYO z;&rt{PUf|(9{ADSz=9vJoRdQxs6|kcl(#mtPF{E!!Br38g8fm7(23BYIE#U-#u+I4 z7Njix!f0NZuopFlyYAKSuf0jA~976S(^ha z27~rndQfm6zJCCPpn=7}$Bzzz0r483o+M3#5sE+@Hx$5UT=&ag^56F(aC;%xs2ioT zXz4nE=<&H|rf8zr9MU0Bn5$eUyO`KO+xuVC%b!3BGyXQ;NgC>2k$e`Q!C1=IM$G!! zdwG=mDw;|U^a3kThj;MljEW-?+7n9&0DQ=D1h^g`Hlxs%`;Uj=W(%fpe=$__q(_?1 z(I^%PXi?y504l3c!V8n$&4mAc+`(xK9gH<)XIBOGkp}mLw1dK4Q_JNp=JAM>!wG|U zN`#0fW)R=fN57Nc4+Z@PFFj$w9Y7ADkOuS+>MO%&Nf~0GDFH$LN-g8Iwfg$66&i{- zW35Q8?d5I?q$`3O70WOwd)tfwta%;Ih1Pn_^(M@%Ab#ydEO~+kQ&ww#X+6P^l&Dd> zu?OgWwNf3k=kP1g1Ppn-ir|15uxCZsg)27Hv(8)^Mkm8}Mb>W2Bx3`v_`L&xf|E#a z^1jb3Hx6uBD_WqM7+fwx9Fkure2zT=>bpviInMxm4vbsFi#-H?5nBz+EJT55Va&Ff z-pGX94Yfm2;0xseP>csIJLy7!n_Luafv0qz&`ptMr$@S&H|$RKeGfPIIw;=9F#etJ zG=p+_S709JVCl$|=jTj)m0SUNbVbB|l3<4#J7Zxg0I!!sph<6_F$FyU#te)by&uHR zKZ1&=BFc?~Q=)ToqKR>$RO^3RY^o=x1%#Dg=Ym9nPvlez+vZ!EuA>|?jY(v^pjZN5 zXJh=ZsWnhMrG8}LRHCS#8d9u^_cOZLhPhUx6B4a72`AU3)}NUguP{&QysXb!ST_-l zXqb+^vnb@OG~Y|q+050buQFwU7bjX{=}T^E**mjk;?vz|i)!w?-LZ!-39q52wDfV> zrH7v`@6+CEjkww!q!Z~)h@`X~H(a=CzE(Z|p4h%|zT?ts&2=5^ZoG1C=Q+uzd{d=q zeBx?9v`zFrbE3KUuCUs8HDk+kC#8Gv>*Ys7EQ53`t)9*GOGxR19(>5>9yGzx00Krs zkZf`<4y~;}d!#O!eTyoI0&9?f%@n3A-T;kYMksfMkxO060INi;z5?+c^z&5ekSC-z zz}Cmu@gjBjar8PS<;54+7ik$1!7t;3Y*fkEw6$fX*b;3SOo6H^qnLJIlYr~Y|H(_I ztW22GM#WZ6Y;jt9DrmdCTAATD|HDhWKb@mTE6fD`@X`n_Iq(~4JmYv%K@u)`-n>t| z^y+L(@atThUtdHOSLaf?3<@|qEfw5XCsH@R1_?j$(kZL+#da2j%AHmk&8rLacHhcP z1*~ ze0AUN+y&aEGC4|`5JKk?G{>vD|uo-;ug_Bj|EN0K4# zvvFN6MFG0U@*!UH)kl_Pnj0sYDPD_>tcT@Ky!89~Z;OM1chLzx^NMudtDMnyYjt|( z_8~26#!T)lOC&okiY%MwUG8}qB=cT}-rJXG9y3__S0Nvpcix}6Kk?E>;oZznytJpi zEOaaKiI=vw^E@zm;-zDF4{`qT(xfW|l1wM^-ChRe`W1h8XOf8~@>@eceu8nod9Q(r|bJxbawIiiCf7X*f}^^7#G}FKu_= zlZ3D0-=;UD5Nq znTFtZV-CE1(a>wB+CjJs`v;je=;f3_e$4HK>FA}*0e3lXg@z)8Q^^0Z-i29%lO`r=8h;kMP@`w#ct8rub(90GK z$VKvtcW^wl(u(}diemK2aD!>E?W$tp3bM^=CW9JhZ7MDtnu&wj1NG_!gSrFaLIHy` zX7Zyj^kuDhyzfFg<(=rL*f#V|r>aE3jH;bcxjZ*}~b)=Aq6&u4-9qZs5 z_gTS9VknB@$n#X8H4B%a@+z|62o1@l4a-ffZSmc1tFp1j}-*L(xH~fepb72)?V2* z@eFl872#24uK8cMQPI5)^J*(L8!PV3r3Ub14rpf%)lNVQCQ%#n&^{=?s-;g- zD~$XqHvl(9A|4v!l^q*TdQzKx|GM=2IQtTbti-1j@RAHl%te?4RlZZ1ChC`;GZ>j6 z2DOSP6T3N$8^q6%`3J zn|Nq>3lnc16(6#4*J{4t_k5ufp}>~~5TSy;^v}`(pLyWZq=GoP2WzCy@#PEWEm7oT z<;9f5Un`u?XOb`I_RYVLTkz3cP~l`(zO7LeVAYZz(r{ha$Xk$WT%cT2--ut({m`n2 zCV>jSc>R5$ZhS$LZ}Es(R$qEJ4P=fdh zzwuJk?LtiFVq(xrDocHm>B={k75{{l%mr-&ld1I1mW)cVob%@RbG1CvSGoJ#`BAEc zg=|G6?8TExC3+P<~1N%*VlbS>7 z>jnJpQk>UIgVsk(qsMGlM$z6(vWQPNYERwr&ioRC&gqSf>v4ac6kFhASmvRtpHb7RvqV_UCdXOeesUv$5a`QXFU7L7h2NS`@# z)6rRB>T)$I%^N6PUT(9X2P49AJ-~xyDI*ad$W~*Ch%SQb@vCr0RrP^of_YJS# zKYplwpqc(wzD0Dl<=y$dX5szMg=zq_<@c=~EUm$m+IEzvK@iC{yg~_remkg04<*?k z-NPVrb^Gh&_EP`$BFc`%={790VNBt6GN0iO-JO*EElj8Zt*l{$^^Q{D4!(XEA?YBI z8y88JAesIUfj%#}oggJG9aR?_>CjF??t2;yC>QmG0KGmlg#<4{mjILgYr3KpnxPfi zqTPi4-DMQxp4Z*%`U0>BPSbgi+qT4w)-*d6PE>oT4cWh>+dblR~tj0=H2HJKk zhKrm=O?)Psi~4u_l2fJ-)q_=z1Ni8JP~!u$J5Aj#Gn;H9g9Br`DKnw$10{HKhq41# zv;%Wi^C6zYU6Ml`YxBAY^M16pK(s%Pplq16NLn8!bY{Es9Q$;@6Kv1&?ljS!Dea zw@ehQPCi(Rt1?b?JARC{l+`^RZaY4jv^0}HOt-VJg<9q$o25rLXDifZ(drj);TBE3 z%%?p;ayz2bIN5ZyLNBx`i9XRQJ5fGAvHNK?(RmVn+gZEGTc5p@yLqCxXyqnq9i@LN zmu+?6eL9I^eba88KXKY#X^pyiTL0s;>fCxC+2)YR<`apHn(e8dtWBEr*(W}m%xIhB z4>nQir!5FaqeZHd3Jqf#hErYh(7{FXi6--0LCZOP)6c#ZGew%y!HYo>=cXFx718JO zxaPB@I*YVg8`0{UiyTX&Mq5=n%T=~6UADWV2U+SD`=k+}#utYgcFDmP$I03)`4^|r z+J{3I=TPzEgNw@{@l%A$>n`zg+RJYe;+GPaw|8%@(RJ1rOLI&uAAR|DXf3Rp1|O#` zzX#jz4BGoG*aHqP@1d7Yu&ZuOm(J(*8bS7Oc(#b{_M2!9uph7BhL_>Vq+q!1kUw43 z4_4352_~7b@5#sp0=#Y#X+CWKmO|^ANeR=)a)aio7fnwN^T9L1wC5WUU2^-!|+5n`> zBNw;~C$$Ynbp!{x3RI+zU?B^|ymER;24bJKp~G{aA9nH_y3z!F3wQvsh6MGc72gw} zTyB5ky>}LRlA4uU^D>Z~sgd(}!hFSm7R470(#98U`o0j0M67=fHlkUxh#NvY}#Atclf#G2I zz?beWP|f=X!&AohM1-v+#FNrYy;v+eSb?dd87QA}#R^YJvhlW zhaY%gQ~+kAm*?C2r@d)cO_mDt4B&D%M9W{CGi(bKy<^cwp#2kI;nRx#)rV}N7>EZ| zlgU+&S4<-JE`0gp#K|M3HUU7K`BC{-&aiY~>W{YWALaKCn@Hmj5d1KA7#1&PDx%*S zhTr<|&(BM#Q$YDkvCw5+w0RSxLB;U#Veefw-y%aXWYofwj~^0Nyykwp4!qCcbqE)n z`H+y4_yMUe5b(PI{Cg+mv0-`=jvci31^fjL@Mw;-jR!rl|9BrF)Q#8Mi5Ln1HUa3h zW&)lrrl=guJO(m-09nHS!AqZMDdh}5@zU|kmVbC@M$I~#<2s6w6b^HJ)LcpO*uYeL zbSVqNd?d9}tTH2u7sU$cGATN8BR8co#Y)B5XAD<#qC7}z*d|bl8gX$v7y@h`s+Z`) zyqK^zxhGtv6U|QSGFjH#`3r!zmS1=i!EvIW01w}BK&ccW5EM55Q2Z0tFR_kPs#P|R z90$b-ueJu`9i|u|F=F@=5w28GGeEVMH_YG$i@D5KOIh-bO}1r4L}QQdW`z5|XfF^Q zlxn2=I0<7AMi?B-FWNKmKM%sjr(yG7{OE)wS4FG<@ji+-u}|J;QKvm zCv_qmAne<9J5yb*P(B3{OrsI_1I$XuC!?>Ordj?DgG=NxKXAlgNnqsJC4}jy14TsN zP~Qj%n^Ok{OH{!FbOHIoT6zE`iQAkA8dJJhOb#IxkRo(-!NXX5AZiKhJOvNXi)6<2 zq>h(XfX|O7j=~HOVlx2w;UgJ>m(_7A!G28DsIj6TCUA|Ou%ZO7X%dXyiis?0U1?l~ zy%jYDz?GUhSeR0cTnR%E|BEOFj5_%mz6t1y2mwA0eh=hv)DkNph7h~B0B=@$wh;Hx zA})-+OpBp_#s3Xssf~mVBcP7jB}ACl#DSg)Fwvqx3a~lWbHu|gC=;r{{lZvL5-w(0 zI*`|vL84<57Yob#5?f3}1huypOhyd{E9%Y@0*he$U z`X%ex4(yHb*tCN@%fe~-r1jVH%C9(U=GEDx8Z(7s(n-MHBQtPhpm)@LNHR4u02CSK z-av6>I0`s)oB=}#GT+#tYauiUvEPWi@kYU-E{fUlHUWt(xElC?45;C|e|Nj3AuH%9 z9;fQ-nUTyyz;lpgj^1!!gBw+-PejsH+v~-|?0J;kZuj+b^*HN`L+xfkz6-pK3#0Sa zAK9}P-6)?-uKM>j+e-(D*xJ7$Q+7jtUQLR=74V)@Reb!Gq5Dzbv=${p;C{lJOz=_4 z?!DmrcE(4+?}GK++27BN-*)}HZNKmObvg9@3-nPk>bL9n!?)eD_I?Ooo)mi!Bd{tI zg8W4jCV#I7v5v_fyTd?|IaK%@r$&o#efzu6k}%jUCXg0;8C05(g@C6JuM2HaN zFGOw%69(va;Oq}>IfqqAg~2H^2x6iJ05}^c(9z-n@XUTdGy^|aQYA4jnm_>j%O2ps zknsJ7t3Wil+ydGo@wKShNL5&4J2RZPBxPkjK7OMyhY|_M*$lb1-=2<5u;e=$OaQjW ziVmX?gsVy%=Ed^v$iPuDP7|~Si7hf0-O{2TFrplceY}Gaz%xL3G0XP>t_LgQVSrwt zmJhR*61NdwWI1;>^7ly|6T{On?d$+%%qY2DDg=ixR!DUhVghK19S?Ug)cyBg;VAfj zSb^ZN@*rpq2CyVjBjm0~ekcY8a=;M)rT9@EFLGd1(ajVQo%W~{$Cv1qx%@Y1UnMU= z@v)ff)Ym$XwBjeUl*}#^s6--DE|lycM;#_$ACMRY)@DkT?Uf3ropF-knkD z?6h#Gf?>;NUPb4)&je}(Xbg!$BeC@Tzv?Kwutq>$+F-0mAtlvBC1W_s%-iG7ZUXyq zEcOhsWDv}3s-HR^PjG&9a>hFF_qmy8W;5Rc~LnD!ip z=>c^X5smf?gliy+)7e58g+uXt{#)j1Z?P74*^*LasKV=)0YOEt-vq?ExKLt&!p@S^ z0xYD+iH$(Wf(4WQiR2WtBZrC!DcTbr*aZoLQidp!n288Nh2bB}vh{IQ17_xnK22Hz z+{U^mzq(}l*Y4K^znS=THJ4ICv!TK=HxJ!0-wVV8Fn~eUFUQ4Kb%v__(0YP8PS?Jv z%oadVd2Ik#<8xauIkiBK3SmknFu1X~4yKja^_Wi=NwugRrZ>UY8*XzpZm|LOz~0Kx zYkmP)Bk19R2?#ok>w)zOCwo^Sl1K?1=!xDyCYa0_lh6ZGI3Tm!*5 zxVyVsaCdiicb8yE$jS2FduMj0c57>DYqx5v_U*snSKZa!&*%AuS-^D%SLV2|+KDpx zjd<*R2NeLMl%-nm06`d(7BD%naz^^@Z~uL^QG$8c6=`fBy&}6d?jsvAPpbys*_DiN{79xYOZcHkbWdIv`PB z0{^gFM4o?==2#3XS<5&!iMCs?5OYn21I}t9Xy?jP;kL^#iF}l#rUQB000ki%DX);3 zs9-KXTE&xKZ2=&K&P7tc=0sOZWrLaLSITHw@ zwc$5mjgWFO03d+bkD{_1Vaf8e^STpZ1@rIx6lgg?hWi=nzUc`0ok>NH!Yie@X_GQ0 zNXbS2^f;{lU_F;I`rFj2*3aiIImRr`(oG@!K!XY@x2CCH9fGx32xXCYKmD)Bf~cZpEjWZdt+D zZMlw&-BV)Mxi7z;qii?rnSIvYKFW@pS2@py=sl5$C8>nhtu;okA8o&dHfF3=ehISH zUBlu9M8id8&>OVFMKLl0pM9N7y1z*--+Rv>Od_3nEZ(T$&C8r!Q4S+^Z4$UIxY(|UI+WSbgWZ)y!rq_#iD#E;fsv?GaD zJ{v4p4q+4YkGFqB*9;tU55eglKgCDHp^?M^3{ndXlW64aMhsqSrvAYvm)fUrxS(i; zj^Q>c)GNq0=*qul0&8<`huv&@nNYYwHBXU%;94+_KA4aS^V|}A)-pfl4hDR4F1-m* zk$q7IbFmt;NgqCnJ5MYHD&owJ60IiU+)l6cPpr>J+RRe`1c)msn5!k2Yj{@EqBl_KRcFMx>H7UGg{h?M(!(3xO2fnYW`A=F>NdLd*ocPR!l+HUBN0EiHKdH zv^?RWT_$}Rnaf0(OBz`ywI@)hyeg$UtE7rm_<@vGjbL5PieQWT;24fZUHU-XGgeKr za4yE=UYAx=4N5 zOtnr;OS%j79On&$u?;k7^$(?ukj-R%721;0L2fmS$)^pKXpN~eB9 z>h@{S-G?5aG57E>cTY3tv!eGZGWV<~uFoz0YF6O&{pi;YJ=zAnX*a#=Ed4iEbMI4g z2rh$aRq;0^dS7A&G!Bb91>8XCl0YSfAkC5>eTHDOl3+WA5V_;8E(}mua0xVu;Xm`z zzIi2KRSe;cFL~(_SH6<#?*EpT-W?4&WQcw!dC5x$hhhJdmnJxg8D)t3ue@|=yf9E`ro`X+r?tl#U|V3Vb$d&+towW6^!i~x%wLG?F~Wo4f)$! zy6RiDw?BBQe+a+5ldir~dV8-~eXsxa!L0hh?(L&%^`p<*r{L+&gX2O{^Q&9C_m9ucuWmaA$KvzKUBZ)1e52y> z$~y+eJfc!t`$x?DqLw#z$7Yu-0%B_0dvEU^rWaR(lJl}E>i3V&@9v*+D(bI)+~-s^ zq?OcO-Q1mD-9%-T+&w&%H+EcH|7af=om*Z{Eva#fOc|P-a}H0ohbB0MC3(iAkIpQ3 zM5ld?%N(Cux_|t6czV9@uZzCEjmarJy|{7+O)RNvJ-fWAZ0Z`En7h3Bv3qpV*fkK7 zTQ)JjeE<0C`u2Wv@9!Le;|LdavZ@cL8#*oRntjB_oGe**Z9Dt=4~KE6yRilVUIO-sJ9y_=Dt zue_U8AhG2fQvASrKd-K3d%vKq{O4|v4}JT7$uNZVVc8_v_F=`Mxbk7urs?8g&3=gW zafSa&rNffbQRO3S^Xucqs;0wq`Sq6LmwI&TX+bj9&B>pjjn*@)zRB!!zB%FAi{CrszL!NPVApfQ zDXjM1_OqkkH`VAAJU0d;Q_npkM@`Rnm|D?W_sef9{&=suWnVvPW7crOAraaG@F=u7 z-S8M(-M$E~XnbRSUymtw{Xq}|J0lvRWj0Wnu}lB)&|%O(ebzdT1&9m+}2iXF@szauIb zQ}-&tGyq0Qnu1aZFOGwTh{%ubCn~w!4Mg}NB2e~#>^0$F960965xcJuR0jO7vCV~P z(6IvuYbZ4fp$Lp(lM3J%ynPHLBr&l`^65d|L5C>)^PN}W$?xA0k4LDB<%_EMa{d!S zmK~>_dL{)7O8M6yC*vC&;Wj8V{^8W0W@0%^F6{v(9EUGWk^hMRl|A%8>$ z5|LF+0c{;w_Dc>=@A(33{u6HHhx3=3tqg)a!Al4kFnY|1dwt9BNe7VFJBVJ zX`F#?1{%n%=${U9VhszF#S(Q=y-F>1uDx)nz)jKH^dpm0ffyz!5kNxvE_N1HKqExi z(wCw7J-e};hK+MY$+v@($-i9;&mks2U>73_aR!bYZhJ6{ z82BZGoN;3qs(AjNA!HR*M23M>Ih|8AwqED_)7QXz5v%GLVbcN;pcnO@5c0mle}<4_ z>I|{^OZX(p)KbGZi+9y?&cn=N2k0EmiD{vU{MwJ$!45$11Ac}=`{=Zj>$CC;T`CVK0Xi3&5`v6V?rSBt(j zG85MKnNw*G^(BgxR>~x+n~_QNGcP(Wn65l)w0Dv3`vA7>oblQkE`8IRRaQ^Wv(G!g zl6bFB^p)n=`k}yM%e3vM_NdRf`)TGaGZR&=O=EiVN?PUM?{*$FYa6#|kL|}ot8S>o zR5xWN>6i?@7-`#q^n@nq?*sgi{-OZSrwUz2q2k!W;2=hoTr|yQ|37S?dJHtgZ#U@% zf6)95?nlG2?BQPiQl z19C#Y6?J2DB}tRRG-Id{AqhD*@Sm3bMM#*i#b$x9NX+9Xhe0GdiUM?TOaO}=+n)iW z8{Ggv5ZDvw!*9F};vgM{#mc*jQ@py9mQcbsqsKi$!T(9)jwvzOpL3}E4zcR-o>P4A zWoA4!7vr1jxoFj~Bm;tInEL*fOze|Pp2d@-i||4QZQKd+#tMylp&yYwPY?%}&NLbv zSCFc04Cg)uCZ;O47!xr7#d-l8Lfn%PAb@)}B2uEIK2$)D34$JIj?K~NFRX{#4iCoU z{}@o!(~7P0=&^)qDL%P~Z7s!%n+;^{*Lx@q1BA1)B3ZHDr3!6KL`*h75FXi#iQtR| zqg6qt0I`b5tIU(n;4j@eFL~rIKmupd(Rp>YL@1|P-tP$>f8LVSjyjWoM~PeV(7J_~ zI|39#<3BTa`hnT^qh-uXP6H zqq5q_7+(}H7UE-LkFw>YPV4&mrn8ggO8I5@*61NZPs_sl`X4cTpRxGU5vI#4oz3wi z*ZB5ar$^eAoz>oD{TNRbq7ZiB`_iGQE%LB|8s`M>LPnEYgixwjX`ffzdS1Z>Eq6dZ zYaj_+Y$O0lBjn5kvdxc*#qx*#nk;Sqk$H-|)9wp{;j}LrO)V8Y?0gh{2*4&bXA|XG z(Rl?(PpN}hy)Dn=!|LLZ-*3Fb?I;q=cA0)7`2xLnGocjo-o#_f zc(~_PD{LECFybdz1=CkOc~$-R6-|l6AEAEhz^@8823P2oUEdP6VhK=u`>C&V$U8-x zvo9zHJ-0bK-`JUGs@o)T+L`(wP-^l?Xo}~0P*Z(Nf;foh;_k*wB11B{DHvIokOy-sH54qR!6l#n-3x3iOr3(Jw*VPt@4YtC*5V zn+%(QN|cZB!dy^3h2nz@ne4K@6a%wjvx_p6LY0r~BcZ+qA+wgnS0Es3CTSQSy<4R{^*874~132Lx)13 z6w=VV1|QKuXn7tq`zV+sFJ!7GTr*^!HF1nikK#h z{L&YJARY<*9x*Zuo@9tzUyj_gfSxBu7WhXt5bEmPM;@m{^;<;3^+pAYN2R+(o$^KB zJ@H>YQ9Q~pTod};YDdGKqQm2(|4_#Ge~*?+(Fdi*pviK%YDIlxh{D(j#7+gH>%A=HIGS%g0+T`k2GKGicW#Srxy+Khm!Y_j`F%0OeX@<>XU zWh$y)YEEgY_(?MorZmMjfylm^&Bd=dU=!CSe^la|zD)VGjd)c@3@i5b3( zQaf1DIDN`C5y*FwOR{1r{4-Kads@ssn&Cm53kwinbxETR5ugbr&hb6XjBL#hVqy*V zgvQDxB%-m#6GtWgN;UV)GHWeP_biMircaei$^S%GcuHMLoLc-VtCBdoS|B?&jiH>W zxOO$Q&NI6utT>Y?EBhB)16p{~YH?c`OHWyNUm4vHTB%QRe{VrC!np;~J zR7-MJyM*@rb#HCsaSaM?{9f8iJ(>$54*Py+@g3R!JM;TGuFrlXXm$2X-CHajG!e{1QRpox%vEvB%|rq%V-77DB%ia;DH6{t z^UoRsKew9awl?&%j=8oD!?nI5X|6zO_8~)9Eg2%HrKhvvPnLE$Vx*}`43@N+4#JX=*yZXahf%c~R za1vyUF3@`WU+Y%%_A1P0k{@0TcomUvNNdQ}Nr=uHNZP@#BHqwuRO4U}U>AwtEs8uJ z*l752V#jz2{(#^o37>IxQ`q3sSKtfjz7ZLJLs@~(*T^Z*Xh5j$UPh12K?-m_JF`jm zy`M8)Y3tL#>DTfbaLgU>;ON&DlYldnut<{l9qb-F)c>x+7p2xLFHl@Vx97xqAgO1- zUTny1XF#*ZLWc%BW>D&xIsiuf#v7RKSFY&yCmlu*vxMtbeqbK@Xf&h-H)2aU;_Nr1 z0q5bCU`pm z<<=xPqflG)jKSq%2pi}B0fAQqP0e#6fM$N`lAl%(oRi|GkgDQojNb_kTdvPlSE%sy zspRXnbNfqBGOq_O`0SthH_8SN}sILxUSc`*lhacjVFl+2j5_X}T) zsC0PIY0RTN6VThbhsAJyzFq{j;i@E&5L8BJGKmfKI-Qu?wQ+p*K4`!hY6xD;)I85c zbqtmS`@E!_B?s^WY-eR7t>|Jng>sg{-vHr2zh5MAfGq)p4BvWz6P0jEXk+H#@tgaA zFWk0o)YG=&X7dK%x{&y7t zaNPk-ilf%5OJ#0LeDOH~yk*0@Q<=NIAipD>yCS(X z^$tJ{Vjn}MT#r@3j(a)qc5{Tn#Bfnv2zHIDl?3bF!{91+eoj;xyIol3CVKjAnbD5N z@Sa5O&b+iY8XI;sul!5FnU)-&XPet#t_Z^HJo~(Di?fF&whwRQ%}0%7FN!Lxf_$*J zZ-lv@Q@ab<*}IEf`Te~4u4kBi2PwT<;fFEdzKxZmE8%&3q`(Gzy*6H zL&zr>rdyQ^S$`llcP1Vj#@p{7Zqim1&T{YGUooY)-HlqOs*_A{O5 zGojcsxSD_R%?}OrlXe#cY~&V~xGx<3PU8Z;V^(I}(2wmBj>izm)eyDO@R=K%nZ@Xp z?G`~&A5tx9OgF0ZG%EHsYWB8av(LqQoO3?P>u8K?Q>7CDqi;_~hpHF=_aG2L|)u#^UUiWni|rX zt?8O^JDc&n2Hw?=CwlvgA)@hi!{yo|W3b;$*Zn3td&TPb>J z`|O7tx+CQdMJ*2LyW{5>{_zk zI0Ud)BYC~Vd97U~v74nmDvzw;0GoWk%QSPxYU@sAip2ivb^NyhP&VEqvMnFAZ7i#| zSGMiiqHVp~jMiJbSiLa>2Sg!BwDGKm*sX!e)r%h*2KTysd!3MjCPYCA^EPvWRPczTI-ow})b7dbxwZ8Bt3DMF9kO zQc0*vFQPvtnQ$PX>aJuMJ}Omxit3(p6q%3@B9Yp@OdRb82-iO@I*C=UGf?*3&Uh-0 z>Y%#ibq-R96?PF(NxT`r`$`D>e67MTk%vG+8WDSQ+*5#+jST&zGT4JG7J}>!*GGxO zAW<9BoqB8bsnK?$Q|~uVp-R@9dKQ( zI$?-EDsO?WN*^*7i2xY(`q+iu7o8A9Iu3qgrn^w7*A+~*MrFOyV7oOq@xZK@j^d>C zGKG)T%aez2U0|WZD87%qMH)eke$f`A;#|}mB~!7!eJCc5vhxImM2@^TjuU8 zIhu|TIhU|=oSDgukaU;u9m+^T%NKzV$&&3H901{k4r7&p;r7xH;Bv9o*Gh!Y-uAQi zC9}-eNW2nBuxtwSM9-1h)OlZwOTqLd-#AO#?60&h$DQB{?!A z0G^l>a*(4bz&fMtp?G`GtF{7;YD-OPy_fgK+kI>S&|=tDgUisjTSLC18@BnMGhfsL zn#bHL9&ZP=3p_awoA;t(B6<5d&zqU6>zi7`0eu&9M6~=aVVCd`7*Xut*38Mm0+LwT_IDcIm>kguPlL^F2 zFwBJ`NYM62wbYS@f3ZW_dx^M)v5;tFb$}A|Wd~o_c{@CtAWXfVDPJ<$6w5&afEgyT z>cIJGHu`UhIR>?o&oIfj;OhP5a=y?V!Z?!sKcXt~^{cqVKtDu$1jRP@$AMx)yBr|aNee9SXjOg{ zB%p6tj+F#FFFPww7MptUebL;NMGgdpcjGMj=^JagRh^AVWkG^`qcZ_6_4(G<$4Rk? z3jXxyIj4}20l(%54vuu43A=|5WOze!l#`Vyf7h7Y8*D&IVxo1C@VlU^V^qeS34>F< zq-vOBbfLl+RqJ$WF6#(#XF&XMz$nu)ZRT@+?EmUen*s^bvjiT|9DbKT*^=Z zh%uJvgE8Aj+KGtJo0ww3!xrqMh=c=$A{5_Ky|-R#XPc~)RKmBZue?vsXvJ3DVjfZF zQm^hnTstiarjvM~xApWg*Qv^oi}-A+yCV@H#ylL*+FB6I}22PZBc0cBR4=IuIK2ePo=*?ln|Dxz}YL!5|5Fwga##ei)@isxD5)x6a zXS=K3BbQg}cwTNwR;WEApwdv~Qf}*Vrn6DT(LBj*?ATyEAeRQya=T5WcE7g{Iwf8% zxJ<0+Lp(R4jMMJN(yVPZIyW}P)fw@etVwKOF{2mPnZOFH%hU)r79(k&Vrs0<6tp${ z`2JJAeo}+7Zl!_on8Hk_Ye`i@WvyBI8t-CK6WfZdvcvDS`WF|SgLdiQBB6H3v(z#b zWanJ?UhhiUbs?sUI4b&0jyjUsL9i{EaD%-h@!lD6}s6f{E9TJC*QRPMmh zZiMBw+(+Rv>@6k;!A)N7FG{!$)o6zhG%XiWxjICc3L3+Ruax?@Up~>hv>P{WrVNQ7 zJH`YFw!eP0GWF>VgQn3i{CL^+8gK3C9`Nz0>8t5q22Tfk~(I9?36-rX3Fu8 zi(X_(ooP4YY0@dMa&^i$5Il10P5loSyF!H4I;^CM(-x|O8?yAsUR-qA zMBP6wdcsuqYIUiLpeo?SMMK`S4R^n|XcsFRGv2k88x7a`!VMKkl$NErLDzz6#W`E^ zwYAX8hw$h>wl6N4dPkqJb)v&g09O8cV$aO2{h(6SJ$`xP$6!;+)yA>s(c0GLrkgYZ z?2Es$$2P8zdk=orejq}_7J5i?6-m}~=!f-PfvRRvP9KM;4?lM(Hrh`HW z{DdkCPbC(wA85gz;vixwJnEr|(oYCr_}ZhCuJxnUOMa*sTVC3am_*dl0Q+y9cQ(AF z=%_}}nF|R72~v1UsITpGYUjNey&xxu(XTEhpF#?3g054|v$Vi=8t}ys4WuJ=RG`Fw z2QEOdF!0)>t-7aO=>b5g;@q~vtkU2D9QP%!U1K489U2n?HqzhqqdqZpoV5pGLto7i z^jiafU8z_KOw3!u`v61O#_iXsucv+OSH$OVlo~k$M}HHsOEZNp%7(miugH*;!3FS% zzB2Z9YzQ*1{g0Zayl?+}z4}BW>DV)cOKDsE^;BzhgHQ$vrlEQkohA6WfbuP4K{1>U zY=TX`>~q)l?fJT?YoTOHWe0Wj^(Dph@5>>P+y&NeI5P%+9?ZL*@w$cE1Qi0h;3T^V znMFMXx)Gg4@jr{2gmt5+H<;ITqua2v_H|?Ki<;$&9-MY#zwWu4?Z)Bi!3%7BMZ@;m zq=%rOn#HMyFrnvMP3+-U=dUzT$Y@V&YY%ZmIr4K4d4Db0GnneGXIzaR9LP?+4yF_A zy;2je&#Nf3@P(Iwk<+{T+lYf02tlBn5|Dj*;I?>3N!F_vf5setrW$`{d+fI~4D2*e zL=|5oLtkV=0L2|Z@hAkqzVPh62-t#Fea#GC#UrWvYtzI#W82u*d)c1FUlv+$2$J#^ zggWK+Z}>_8Ie^}6$8<_ZfHsJPM3R!FzsgY@TR<}E7`?4KTm<)hmngP_V^UuXXn?O^ z2pTaGBjx|p3M@xVK1Bpv_iJ!r&SMXdz8_Ev%v0x*GMk6u#YP9@L^Ji$4ab96(R}|N zQ~5vT0esm0D%i*~5`UmE0lqn%Wwj>i(!-8}<#Liqez^E~gP=4@c~6i8Dj;c;BZY(a zF7&lLOf5dZ5Kl~U&{g*XD%Ws{=g=Es&_{lddhG|XvJc{NIY?>H8V_(!D)`TGBC!3s zgLoidzCF;nEJ%UuD@Ud>O&C0J!3HQL08B_^m9x@=bzv9_fA0@p-_{h+tU=-i69pnpdAZUNKHcQ_A8Moc7{egXGNMsp@~D$ zsbtC%yD`{#5)FWTV#o@!t12UucB%rVJL*eSF#I3o0!@0n6?)G)A99$kaZwv-D z8Rw9n7_^yiCI*?s4r;A`u#N!P?B}iCQQ56f0Kgju$~R6cvIDw`bDoNJ@0AEBQ#CPw zjvU3w{jpkSkc2-`YA#Xw%7CAH0RW}R!AU#nF97(``km#6Stgz3l^i&ynp8#u>}kzg z=ser0PAs9Hh|##w#+GN4lmtQgo|B_3q_+heLxNL{U=>51VSq1dUx%Dk5^CG3&`l|E z)0#qQ@;mOmoUsAF@^|B;)Q_>&;rQS!ldPzp&*E=V2jf?XD0 zO=a# zneslE%kSZ}X{fbH1eZBFnu88lp&DwT-iv`7@4^ODBL>vMBjG0?PBr5r+husYAL4g8j7{FYH15x zb*ytWQlFVLKC3%@4$53>5(;g-Z*JD(ZqyL#bW!Z66m4(#?2W7Y=Evt;r1c)5dOud( zEJfXc4Y>kuT`ybR;RR@))Z~b1+h~KX>w9`@J9_$4 z{`y2N`Yn~4$3m3h@|)i?HxD*8U)EmZcIcnmE*uW%-O?`H{HeRbXL>*qd93bGzX<2q_E{VM`KtYBSiGyN)RqmK7RFT1s*<#!sackU_;(WB&la2w%huD{{g zCQLGV-)r=%VTbFFQQO6i8ZiV;e}}B96r5E<sfiEJFZbn;t5n#u$)pdwgCIrB2g@3!!L0k5bO$<7+PVaL9~%#74@|kj511}Z zQ)f-r(9F2V&8P&-$W0DR7IRG5dLiWO7L&YI(F14L}>(0aL>0|Bz%lh~=Sl!Eq$y;;D-qrj)(($`Jb1kf6 z^9S=3+oOQ2bpMBJzd_CryVk%?9cU+K=pavov|1QUE8OhZWY=Qx?wEhh!jjpt4$blt z?AV>$QeXZ=*X|^dU?Jsl`BTz~Pmv|z*OPStOVcyU>Qzf)tkVdx)5wXF&&;QIe=OAn zPq{x^8G4-#G@PXS96P~UN*=f?qSj@LPQC1`vK6hSXHPqRTjjA@bCR6t%3C91TJzm+ z+6J99lcQB9owWv^wbh=rZ!UT+o^=LmwmzJ7yNb0FocG#^b@H6|lZ$n0o)314_PU-A zH;Q(4YHPC|t96{$xsHuao{R^dj~1Q7(qQMfq_&w@wwagbjhZvFjqetul_npormL)G z*?5jjmP{^~>TDeXY%`KBf-f(^_%9Y4&v)!fHjvMD4=?s6FEV;<_LJ~V2sXDg z?eaS881n6W>MmD!Y_E9i4w0?bvFu2^FPEw=engcj{II#Uv%BFrTQ0KQ(fqQdbah#D zb-Q`|OIrDsAxK{+X-bIDWD#%B-#Fk>T&p_SZRLtH+rYCVfcOg}-uFugeTBXg z?BmjvKuNWS`vO9L1z^yBKi7nPf|=DqY?FZ)U#nK6s$p@&u7YwPh-BMWg%1HaMiOwp zWuSmEnx`{O+0$O7JYe`f_G7?ksFgD$Kg0Xti`){3KylxwaVa~cb@OMg^#R8}GM)N) zNpEpVuCYH@{LMT) z!gt8|)GA)@29T9RX3nXIre(vh81|$SN+~RcocoS_dl}(~6`j1Br zm_|bE$x~gXGI9eMi-1hD9<9Gvf)_RWUq!Mxe?t?a@nwWSwDAm{hq$f|20z++@M&YL$$9j>q`D3_8 z9K%mM;9B9^eC~JzWmwDukn;d&Ke+sLR!J7DlZYQd_Z=OZ4tbH*^iN8U?vB(;aPIE| zwf$eYK-HigA{;?nfN){+Pawr3!0yR|5G8h8&mam$pXxOJlu%(puMki)L#|MW%5$LM*T$)y^0{WuyYx&b)wKQ4M#A{39q@%*@U7l@?dW&#sB77WKB3t2qp*iQ}% zQ<%?Iw5a4wWC*z3o}c`npU&ZQKx6$h7cMOe!~n6!j@u&u0q%<|?gKN2R)VM!VI>Kr zAM+t@R;1QRkd-$WW*F0g84X#5-h|=6>(28{j2?0p-gre zjT|QN43WdW>LrHikqNBSCPV~AAR*jzxz~h0xx@!cwCe0Gez^=r)=Wf&Qr;lx0T3>T zZ`sU64?di32XPE_KN>u)#$sotS5yCH9i>PXd421BjxGA)3`1}Z6b;ww34EL%(vJp( zi=d>QkxC8HL-&mH39C){{13VJZq(}x5HD-M?zFz_d;>a=V1mMlm zgiE_&CrBV)alnh3F&x18+B3-RcOxMfF~kNVI2`8&i5tDi|G+tWJmU&;wWtk}#@c_$ za1f(%AfiZo&B4Jy+7KhgB8-Ubd!^UxHzYcNBtNvlG+6pD%iVSdBkz9OB)5_?SAI{0s|~?Wy!P`Ir^?7dM8~Yj>Bm)| zc`b!4zO5ogYIe7S0*OUtXB10Bwr8wIu{>pLSb#N7SECeqOvA$9>OtM%-)GaR#ecth zX788gC*>F@x&M4NfNy=CQa5H6Vcp#+i?}Y1@P_7X2f|AD)ga!N=Xc}yEu@?iOA`@C zL)>TUa}!R7?VQv4uB2QuVvo99vjl&1k7i}xldbhBiU_&%NqqEn>HJ{a!40U5op3Ly zTMN-G8;J-tu2?EV8&_qLF%Q>lNo?<{9L730*WAu9KW}<1+3-gC{{G{*#epW=JQzgX z`SdA_Q|V^M`aO)VKmG$D|AEe2CjSw^m(8E+*?VF9$D^OHC{GHPSX)mk<;MkVQn^(` z8PKiTL$+1UrP69} zXzNpwxGCLF`^Cbjjnc05*8UgvAzgE5uf}6dS9jiL_$s z`=2?|`xcV2i>mRlq$4!$GNA8s3CIhf@14}>h*QMaT2P6^QkLa{ zo}{RJEuoTUj&A~T4Bwj3$e?mT{EauK%~3UuyFlONLcbp6H{TV>V(Hv2&~9=_uQU{V*RH4YJbCxC5_ESdqK z*^`_p8FazA&oQeUk+pU#;voOKLnkhpFTbTg(z(tHPP_)%$rF?0# zTujVv-A$$mc*|=jYN-Xl_DgM$xStKTM_x>T38!<|1x%SZEHgIBE=eGjSfO6=k` zXuQ5CUIPzsB=*hxg_{Cb;>-RK4ah+jEt#P@*O^MwOv?zxB)04m{IHAcH-Mi7r+q29 z366yqlq_e7kwM4ag%4%l&W9upqanUu-NDsrLNF?qTwh&@<6de<&MlWbx0)+HeWOPHdrufA^p&RSJln4<2#(OGBFOe<~4uJw&b-aR3Uc2*0?czbynbiqHQ5DM3g z!_reYd&Gv$f~@^EK4Vi3i472*Qh{VZWnubukgW1;9hx_wdNJ7DI0ZqLH z(Wo~3XzbWel$eqo%Qpf~(O4~tciMWSRx+mClKkzbu^hBp=L*T#%% zu9Y$Xb~&87&rZk^%{NJ%Zmk!tV9@c9R&Dk&^xSKMK%)F}vDx)Yy2OMv#qZTxP;OnB z(V7))m*>3C;a#M0ztO9!r}+c^3gxGs;{qAEUdM*E;N&tZ7#8PQ*L@qSJs$CN1`|`KW!VRE%rD#7H6lI@9adBe_QRA>Tj!NT? z#nykDqAV81d7$b6^$FJw6gRa=Uc;kjJu77+S#vA;3J3bYIXS$N!IUh83=G=eU^3R| zyd`5p(LkhkRRg9i9BZu~YhxcCt0Z>+D&HI--=gpmkn)qJ5&MmqbmbQ&7?~#74F+u1 z(S5ecKrw&eMno(Je|9APl12P|qu;C}vonz$Jx{T*kuAP&5HE=OS5Y5bbMpX6^bi$% zgabY%%gG7N*`@`PeIJCs#Y9cYk6Ik3M z-8IJQ$QRa(6r`IIdB_)f$P$${5GA0QxTY2-KoqKymS8jaz(Dhjlt$7_PO2ByA)ALmIVIZ~;kdLBHv~WLg1yRKZbAfn0E?d}qN>e}Td~$q#BMa#SWtc?(Kt zCd!NZKF0hyG%AN-s!YhL$!;J_;15n1y|mHeFIL{KR6au2iVei2M?b z(d3!bYTVO~GuCpX(ab8OEi2S6GSy6?73eihYdKIIrTrWRJJ4e))SEQbryJBCG&a~Z zHH1tUd@|PVq}78rHCkPTtU`>j4jF096v+>DREi*SW~$nUCJ;K4Fcb4xDs!_#e^Dvt7)JUG3=I7KD_~i-Cd8Il8QaD=sk;y zJ*()w8jHO;>AwyZf1RZFUM%+Br1v>2_PM10_E7u{M(>MU;)})LM^NHN&frg1;?Kqq zz*7<+%`;K=UsFN>&9Z`#wP3LVddr} z>()c%7L0WpxoR7WZHJ(0hn#Jfu4)TTcE4zm$?vbfBL2-@UgPG-Z z1LHH_;Z5^};b3O9BRb`DMgl5^L#_lKwE7uUD@MyD?R^~e95*Z)_p zfBi9qa%cO`AIEd$22-8?`s0VwfBo^l{`g;i{I5U$|BpYu)Xbnz-;dws#^A>bND~>s zZr)6u0udn)y|kd--L2FjwB+ICVgQV4vEQhrcBw=2cJL-VJ}29$WGeb=5vRbJeSn&@M22-&`}smFUs*bMUOSv?X!(pm-n8s2sFpx z5MDxp>=sbDQ$U)XO_uH~;CpXb-N#DZ$2)fSSFHU%O>xUjvl6tk@P9DH{}U-*{)ZHk zdG}Zc{xaq65-Gcq2}cm!4SQsH)s@^bRReovEcB#sw?gNnx{}7(MEng586eULqI$v+ z64ANZQoiH=t_VIi>ipVWbMGt)RGr;W)w8x7ew3} z)I=40vJ*587hFdha4a5tY!p1^7u;GHeAF9!v=clE7t%u;awr~h=pa!3BgB^w8rB!` zBnGX8Kw*13A^y$Kh-K)P04R4!$N_xlPA)XcJv1dH)X3aEPKGT3M4nUI6qh-buDD4>o z-9-uGl{W3o6YURo#(M_Z$6?x^GK{~UX#S+o{v~9D8=*n4q(wSmKuM)R<)=k&VZgMc zd4)=g6UufZ0!v;(MoBy~DB&8ESkRkb zC!WX%N#rMrtng1Pq)%M$P3$^M%!5y|{NLES%b>UxwZZp|J2Vj7-66Pp;|{^y-GXay z8g~f}!6is=clY4#?iNCl&XB#&d*-}VQ}f|g-I}>|_xG;V>(jD&e$QVbef}i1&Me)! zD4l{ny|6$1+TIMWuK zUfZ8Zl+GPvo0$mx(eX6%OHn44>Bmv2k7`jL1y3`CU@&uZ4f8%Sl=!3*v1efNm())Y&GqwK42J@in()N59VwN6Lz%&uU_b>X)_w zPMPZ}n`8Su2Ocwb3gSb*@G)}fd*+HRaP50;-h6JZTwcw5wqz*qsDk{mEq2|O;f#Un zf*_yJHb3DmZ&5D$!3X$K;qn}n2*t=yZY}iNmK*_@0tq?)L>CiYpdh%R;44yL+G-BQ zT0y5=VP8cdbaY|LX(|>YImI|RRb>HgWe81{FR^?Q(>Og`bP-EC9fO?{dwU^i`^UGw zpQbB5nd^Rvx+@|-`^3voOfFX(0bTq!_UX>HIEdp@mS>T8WwF~>F|AxlXh<={w&eX@ zF@Ui|1F1wVD^G7c*?g_oB&)>eCBu?1#r}*=Co9)+jn*K#z*WA~wjGGaSnB1Q>B0EP z8oA6*uQ2%KBShi3Y;U#9j-!krvfSscG*Y0PB$_E&{!=1yxoLY^tN>j~G!~mGLOo%m-39P=t{kax~!^p#*ci-Wzf5vasqta zc2!?0bB6Rts|oQ3kgIJNtNAO-M186clB$F1t7lhb2IQ+U8EdG0t9rz1KA6^|BLh~m zDmTV+xAY=U*NAq`@b)Te4h4XhdSU0$)sO8&_v3g=<5_pUIX^3F1_^6&d~1scOMbo7 z9-P$*YE)Gw*ShW2$wAfo)Yqcee@4)+-zThlOIa_|SML>E*B$k-CbS-~UI)uWiq~Gn z*wLV{51}OY%kkE8r?#(OXRMnVZ{W-RBEH|iNz}mZS97bELZ=_aU-?DauaUF^mqM^% zX)H^eC{+?AdS4RQ?;N{ba;%dlOGp?%%E^$Zig{9wVlK!vi<^(tSK#3;cQZ>FM{^_oci z;-nu<4nL}7{o17cXq?s~6RJp5V%iE`N%VT#ooxHcZChb>d%Hk;ihXHKc1yT^gX@p> zB)N`&hBmwPRwVn5<=~F^-Hs@m_O7aq-gWGu4*U_Orp~IOdWA0$6Yc)`O=%q+VI9Pk z5Wg-)zqEdPlJbtuMX1gdqVBrNt}T>+!HzE8&~7J+?hA#=1N$!oOdWOhT`lD?Pkudt zDV_R-J!W%Vi+;L~F+I>iy$R*r5Bl9dcY8i$6Z1>h z?6Z*U)86efGVM!^=_5Air;UyLz25Q_rJoC`JC~E3zO#2;zlF=c5A|n1G}Zu*(7^3^ zCzby|C+q+|U$)nJCj!%dVP(s|u=1?;zp%1KAN(XPnu8d>&>#c2_s*-^q#EmAUU|VY zo(`x&3{bmpW2GH>^~w}EL(W8lhMoSV{KF*l!zSXAkiWt54ZN4r$grw^;NM``V{#<9 zekeC}BpW|75w%j_{Yde_EaP!v_iwH^WB_;c9KV7yoen2Zbf+1TS*jhnoo zkXo%#?@!D;i9^|mZCtLZfd|uYN)=$>V!!K$Rk} zOmT7%6|ni_Xt>+&O-wHEb3ll>C+jE9Pg-RN&-nWd&hia2?2%FEZ#Y}klRFnf?5$%- znPUs*I3&l4WC)WkIh>b2Ij=7`Dd}cfVsXD*XintJ4((22UyK;JPQSwC1;xo_VxQk5 zoSR`o&p$i(VsS$bjHPc7f`EuWzCn!P`=DIN5kpl0I6*LBL2%;a<2sfTWQKJ&3e!I} zaOQIyU-9x6JTHRWail(vhX;?%i&?AsSv&T5F%5+C98NY`VEB!qFiapX+MH_NA{q0X z;oJl!x7u0tTxrgzmEja}I45fOB=zJFC7O*52qwY>kv|mCRtczEr-+(}$SVeol!)-w z1kS|;cUP!G@Nyu!1}CdUJx5yur!Gjsan#;_X&`4g-&)-XZScV#SM}2K4_^*i{TE-p z!HpE|k?QQ%CH5cq%Pw0wE-b|^HFu2`NBIA-%Ow+vhPcYPxcQgffB3T4n%f_~j8}Ep z${!GI0=fL-myf*WtPB^vjs$q81wz#Y))8-x63yqaEEf;|@yo?Z9larM4mb39upr zDjFY$fHEzXOc#LS;ftm#-Q5A930eC_3r>M+#zt4}euM~Xv4r*%F za7Q+9N1oJcC>A&&jHF?7$n<%HhWDV=;GlYHmCFcssAgQn2$=GhV}3^pfM|6uI$ROy zZB06D9m*(A$T@);GxlLj{r+v4H1+atuaAwI< zlA%4h=VJ`vlQ+|+k-Mi>YDoO%NX5c?g4jU-69k!AC^#KJs0&gu06x~^uzH#(m=(tW za%SXoVjcYY%cB&`gURd_nVeH;^kZXXTxuZV3^i0b9l^pC*%&F#L^n>)D`=j@=j^^T z+x-KY^+*Wzox1C$Nssez{szrKub?^c$~fRUoZ|eN6yRq9a56DYQ@cj;zZgim=7%!A zlQKqSJEM;nMvFLq=Lm$BHi3^YL56GwBlw#5JhF^~RX&9F0F0sjA!H5WV#qde_yt_szjsmVU~ zVm|P?TE}{wr^NZ#d^irb@`9Tii-jLIOkJ;eWzAwfudG?G_8Ifn6kz`TMeWLv-oAY1N$-IAQ3Of#+6hB?BvN?~muxjtl7IK~6nhk*l6+rFUtbpj%FId@liz&$eIIIiBPxFTikgXphX{Mjh@Br` zZ*Tu?!Wnu**CIJtYCiy=#CF6&;Lu1xnX0?}A<)DEsKBJ%SAWc6H280SJoeTsD3Ru0 zUFLLh8A^Yjw^j-%Fw%PTqgEC~!8|e$)Scmi$Rsk<7g$2I@?Ks{6jf@%IU8|YOnqW^ z%p~!dYyhhXInZ^eS6w4enLVu(Ybu3vwL6?h`)V{2{V)QQ#RW)5fxU+grv!!=y<*>= zzX&o-())aU05*zzMW(@T7*A@%`f4qZu&?qU)l9vY*7GGw`O-?R?sl&O=sgik1oVng zb$FCRa;j6KTn0#NH2B=T3sXG^JYaknJGIbJ7S*U0uW@-mIgI|U} zpX1%nlU2a$Rp~5LBnSBAqyV&QgmCNx(PR|=FvB3wAXF%@2){Rmt(X3!JCq(@E)r4vmQmVGc?=uJHcTLo3FIp2m#4)h&9#JmidK)tR256zA- zh%Y^5yr2@gb-bV&dgbhG|GUh-0zzeWDh4x?j z8ewQGc$7X=`Un|ow*eqsjsd`u21Ck2V6EODh9ya4HVmwl!g8sKLxJC`N@BpNNnxNg zT}lHE@NLnBdJH%x*-`Awin(c_-N+H16lc4TZOeDRf*r(0Vc)3}$l=ic25~L5RyIxy z64}~tyb|b4u0mx$mXp||*`3DuU}b!y@DNq}(_lFT{IM{RbF+6^_O$_3dJZjzPmNNh zzizYyDA#awe#CNnk(*LcYE6-%NbpcvBFz`-3OT!ABS6q!@iX|Hchis)f+s`K?B|Q< z0xoHFs!i4HCayw7sTOL# z=d;NQ>@34GrhxI-(Qqz2$O}#o57k*;WU&89p)w}zrfKmAz~q%cBb(6_X+b;j+b5xl z%q)c=%rj8t2`!VU>;#$sKAQxzwx&kO>)qbo@lTWo! z03<3oXu#4@k^{fx+X>%fGIG)_k`lO#6lPLwYm>6arLuD#Aqzn zQOb6E!er$wkS2flSqA@PphWbWwO*w(wfHNF?B!4w82ec;aB#) z8YmX?hTsD7OOnVXQN-rr(;ETrb|TsA^gt_-<7jL1S@{)*+)ZQ2I!<4+S074kUB-k5 zC|D`4>pwzALQm2X!oCOe0}h!Z+ippU-7vo!oJiv(&1+%-%3@^Cic`m3a2r{Ixojj> z=as_8v2xJjrU3R*%47aBR=ZVYgh-MD4>fF`a$>esj+Vs$8*G%{B{9V*+UH}0QcKt@ z)f7$J*xL|v40`-7Id#aH_54$pG9D|gk>`@BTr`S|jL#bL{ zOSRLGBwkLa%Zne7HTyVS+W$#6RnH3r#A;SUOIL)>20F(0OBrc9BK$R#E;Tj zS2?d-t%vjvabcUMxaS-S6}k?T@#-dMuo*4AXwp}q z6rBb=OW%4?hFv1K|K*S2UBOa+`(rw3b`Z7DE(22Lkox=E7&NSXNUagy(4Q5dul|_y z+sX)0X??6rqZx%g%cztHhnC|{bJ{=tIO2UOcg_Ljr?7ENQWfJ@fBfIN%(^_-Mh&Tp zfBf<4)XyP~g3rX(>zRLdnIAi?MKTDc0{(QF|M=sqx9(d@Ihb8G(nPDXfBZ3xux%HY zo>p|TdntDui@ev`t3T%c$m>Y2nDE+VmiDMT)VI@o?K0O!JX-1g@yBaREy_$uuCHC@ zZ)?kbxsSDf`D3EkcAnQRbC-h^!rPUp*DiC3@FiF)^G}z#xrxQv!uhq!4DZ!iv*GBP zvA%IE-QqTu>*NV(S>K!weCjw9cJ_tg+j<=K>V6E^@Vj2${tf?Z{)5CN1aD&}$M9Pp zPPa?M7tbBENbf-!qxCSAjXk^(J_WKo*Lbgu{fy7gBT^#olLZA2Xk>iGH9vQy)NUNI zMe?`Qkho@6!vIr`E}$#$F{L4@-1Uxv%|B@Z%ZNG z>-^5}`oneWHd?i3FCOV-h%@URT90=GQ{Hx%wg17VEAKsZqq~glmP5ZPpGmL4t(+c~ z6JgO8_ZWysb17ZG*+AUOLW9v`?M(Bz43po=vdCIv2KRwu&yTKi(xukpfSX9PpW%ZN zQVzY?X0bO2VzB*bgLr`tUTD9<@Qry!Yc0M}sv~5*7`<#K@I5kxgy(zH{xB>Ira))M zdc7b1*opk`b^8N7d|WZ?X-+DobOYSC86n8;Nd8-MFxuM~unydBeo+{X;G~ma2uv@+ z20zq0M8UT~Ntw{N{h}Yt!jf!Y5yE;giusWg5p|!VbZ5&qyfJ^pAVM@)e#7+Pp>}>p zNyR5X61%BjSH~b64SkFOKiP}p!}h0Qi_@%zCcS2wTgBg`qOE=JBX^fbB9aIJL#yCN zA?rY5s5=V)Z=nf-!X&&!2>kosZZy*qgY}+~UicBeBhq5LcA0bdIA8&&&q(6331PYe zwC)2!4tyNN;e7Z};x|D82f2bEYQBX5NmN#j4KW;DWNwEtZ4MA9b?_^UB(^SS)dnQ! zKgj0ZC-(sIj2Ub~9#Wx}3a%Q|AR1DCH`F69Rc|+>$tBQ`GNk*n(e2Y~mwBizR0{D= zmw8C|?=CZOqoKoFGtjWbLW9Y>VJr7xHqK#Kzae0jblCZzUe)j`#Lyt_v=8HTBCc~- z7#71ELA)PchmrA97;$YJ*70lY{6noNUZpjWBJvOzb?hzbr3NYkY6u48-_E)<#h)5= z9QdEkI!F*I|6k6!w|7ZT<`<)kCnzbQI?pQ=EoQtwsaHm7Rc7o&CfEcuK|;1mRd%8m z6`6kwe1a+=FtU9vo0!9pRQx$_0kMODBO51MQtj@ zKE;lySk5p0)WJHLV4KXLcjJ&@VkO17RHc4=Rj49?tkgs#K+xP|-5dEChw^E6uG!R& zp2*n%e41`M48n%@Ch1$ zdbWp|!afjjUsw4~eCBm`W_B!TU8C~V;B-}rN@SHvw96a9H_FBw({~0+A>IWK517bU zSSVOCYl>LU%+2RHGfO6_2=_`$E~y;IL7bF>5DVo6YA}!Qr>03&{&`|Sd2;nJd|}F_ zACsRE990)o)u5th7l3&03yV<<X606xukdYUnQn)jf&Zozq+ zscJkNj=6=Btlb$xB?#D*v6O^{%tD>^b(Xorl(4K~8cs=_<`CqCsv+L_alkggO+bFc zfc&m)z$-b&yE12DEN6w94A5Ez7^Rz|AZdavNBx-PXrZoQuf{%9%2C5ScYqEnGz$h) zmJHHAsF95njDJI_NWy1mVrKZsKPOJoB*DGVCbqClsOh)CfU`Cl!;vq)*bM+w7L6B@ zoE4H4eG)vhCcrh_-7=5rfj>dwL(AOH?MMJgafX?A2ft6g9H4?4W8iDmirOhtgr4rsP9K{_Ho$X&j zdxr*M{hN8%TOFKR`{5-=i_M3>HV!Lr?Hx&56BK1pH|9(^die!0ie|vYx7{Jp8jV}KC zmo^;FPPmzg4UtK?qlrVnj#bQ#UG7dp`%b6Sj!yLss@5_(dM^f~8BH35{h8^_6En`V zB(9Y+4HPg zms(k&%h?=_Ico7c7zw$;GdYurxGh<{FO_zOaC^WDd0mlvH(NS&o4W)`dO}#W{Y%Y# zl-IwQw@E}Awh9_A^QFEIAQ2G>F79hc`^3X#un%}81K01xwAgqx#py^Ieh8zcsYA`If8z*jc!_f)HS2E zwHvq+$8#0ReY9u9cX-5qcJ(eh(8)CYYTNSa)8*Cjud9`ztBX9VgDv56)`OeC)k|9Y z$6@6Mbgd^IzUOBC7bmM@+UvVg$M39sKa@=%p1i-0>;W^*aljiVT9+Wfn|8PBDf^py zy&Jng7b}u$_s{DnBRBG)Rj9`|sBDwy2(HbJ9YDIM7VtLe!O%_kL0G{`uWK+6OmvM>iL$ zd+WG+0X9?S9yceHd(PuK5odOhd^e4sZoC)|64upZc<%Tb?xyzcu*Ub)-`?|NoCwvr z%h%c}@pj0HVy>OvDLLOM7~d(9d8pytOD<=r)A#e9QU+&+CDp;9(fl`pJ#O*{#t+s; z2+~Oa>msbNe{i>;aaRx(Tnd2GB?FV$c<8*%;!Y*$IvKHMd$P&*G`+SKb|&yn9ic54 z2{Vz643mv2mJO|=2znzM!X*oM_RxmVA(~+T%)M+}WXv>=vn!DRNWH!Kneo2Gk00Kn ztF}U+BZhOD1f@TC1>qqEJClZpK7q>ew7ADAI~N4%d%Tg20q6OkyuWwBq&xqz^k;7E+;V7wE{9`Dti?(7YbK2eU-!|SD1tq)+*_hzF<{#RLU{?BFO zmjmY~39=yQSTN1bVkmvg7ugu5M$9V=z%}0KgeZXw!>d_S0>&v}9;!yD1}ydX93tf4 z>53J7O#P)ody0SvXoUt&Y6casVgYdf_+yGeFc#e(e_SLPg3tTvk8i0)|J`LyAk=7Z z@WF%?4=E%@2iuBM!qKyPnW>!sttLORMq-uVf1#gGkxAj8(M{Qzif}M%)*THoK>@QO za_B&wBTRy0U`j6x<{zrZ(rlKs491^ohRUFdpiSO5P9n2h^SOQ){PD${Sth>A?=8< zCXm1oCue8pHc*~}t$fF>$t{#07~nI0a32Gj?kV;|=@U=W)Uh2((}o>#RkLN!ecE<~ z64OckfF1pY2+fBW3!8FQ98N5P2y0>2I9Tb80YE}mb|H|d{h2bBxe0$?T4#`Jgb@NO zObIOsr4Evehbo^c9aEL1_(kc2$)dR`^K`j(kc=YHa*4=ly0{PDb<#_C`AG@&3w@#@f z9aP0aC98o8$dch$?lwhBaL8CG*`DnT0H}E}1aXbn`dK9Q!kt8PcHz2N0`@{RwInEF zg5LN7Judpx{18TMMd?w19K~fgEpt6^(Wgw(G@d~0W4qa4RpX)_3SN^#JSL1dTMlv% zKD#N9&Jg`SGSXteoORD1j;*k9evbO9Jg4>rP)nF8_^45;P!Mt9=iWpNVcBD+Wq8!NXU_Ea7BnIK?!2bWj5%qTuB!7+mVuW+LDB2&tM3MKVpZnA z(s+K(K{u!aPQs3L0;hPs`~;3T&`w!9{E^-1{9JE9ihtLm2Vo^8y<(&OU5~C$?1b{} zQ0;=+=xCT=Wu4+0#bB?jj>1rLs4tb_ebcfXj1u3NPv^yMC|MjkhBD1h*ZiN|XapD+ zKJgiv?&lrAx2m`&ZDTOA>@x;#0M-puuieG?yrWIwC6c63 z^pY-~);)A1-;=3V?$~)hmw@mqtVa@w`CrXw+5c!pgFye$jJ_H50pxKO^NGja$JahC zV>n+#GOBk*z_I`&VZ`R%w+QyAsraJ9YQm7w_kkar%`tPx;R)W0-@a3o>!Zq$f^P-B ztU6OXqXa?lS2|D|ZfuAgc3}jcDGB<45p1v+X!fK1L}zu8+q;Dra2b*)XzXBg*gel^ zo52$b*C^#!MeKYqI}IcEkO{Dn{Q@cyJ!B4Zt*Cl&oPW3{T#8kfrPb!#;*i{`I zsEE^whWV^+Vt4DQNR~5)`H$2>oG+-z`R_)=^b!-Ch^Z;8ZDd7uA?!(362(+h-&>^Q z)x%RQsHvI8@)aeLQnC(qXha$0lfBL9|t$4x=xnpUcH2fzHg zks<*N04nIh2c@IR1wrHX2Eo6UqcIR^0p=1x(D*xmEvADpLjG}_v}C@`jZ)WcBxSDX zd#W-{#j_%UEPZs1^hP0TMW?Yu=EkpY8>`B4VvzvIjni*&3W5aCsDhD9+@cS;j+Ip_ z%+vnmzbh+{*UXA!`pXdzc@P9cw9^YO0K^Uoxq-&_ z)&_8>&ZbHr=CR9JE7373g1f(_p%<3rT*+xg+N-rmOW;Sf}ZI&69^MhlN^K zjqzP5UPGc(qycLbGHQmXF17&b7`2+B=j~V1=!4K+7mQMC#YL1>2M9Cyz!WSEHZFPmE?pjfx$ z4HWhuT;*fjjOq%-`vE+U6>7PRHuVa?%ki4#rvQ#vhP_W*gCI0wbSF2WwbcmsC~{*; z*K{H?nvltK3XiqhlAP^dPrOqkA~y&K#6i%%wMUT9dqW83O+q>u zr+~EJu#H%lcF zD`gknI?YzZL;W~|g(GLCfC$}aLMNt0I?wpv&M)P>Z%|F%$$PA*xl2xM9(n3(kC zl58gqV*AEFui1{}Hg}Q7jbhs$bCghi^0Njbi(uw=Xj-+?rL`u%#VizkqaQj+5XkL* zs>G?Ho?`FQDzKQRW^1fE+~M-W2=z`2l9RSM8=SKasZf_auot^QfSf@0wPM6ie znXKzJWst1_kAsGafAg9w!FPK7DlzXjF+ltq3!2@m8_~O;Lvq@_o0;9W<1m{WNnWE1 zRU&thCckd%y@kw}N^em)H{M==B-SQf zc;G{9%kzVpv2_LMi0$@`;nq1f=)y28a*=eLB2W8p>$lYQ9GnSP+C+~{X7MF4wCA>D zn9g93v7|*-AA~%%-&-%abp(A7_Odl!ylLAUj9hV}{X|2)hExDLA;@?J!K+eWkd2(rjSJR)mG%4uE&{T_lnT_k}^&Vma`|2nG!xLJbVBDnS0 zk@TK&4WC*`omv$l0jZ*i>!2;!po!1s`u*(9v;Y)y5ui3~{|HuuhwqJGD4g2eDHe|{ ziQ4T=DmVg&^)o9X`%WTbfl!vRG1DVa&B)Gu^3Ib?B~Qp9g~%P;pzmGl-%H3aB}Q?r z3df80wt_Rx0Qu9Xd*nPN+vkBoamh4&bV^T^?j z)@g0unYPqfIl&43SPzv>os!O$vCP#;-Id2$qu|J%qs&y@x?70Ooi^OV>KMb6&a1N2 zi+0YF^w7IV(PwMlC-B&`vdksI`n@cjA4h~A>5>1iwcbKmfTvpE6>VSxy#H012_aQb zskARTz1Kro@Hkxvqh+wVNvQIC2<=HDs60#p_?l);F|eVtrH@btMzRinfOwwlN73U6 zm+yy{n-$PUWtC_7(?{7Q#&pv=j-S{zyh7xYn6>ig=<>Mva)k#QHR#iL&+>TaQ{%nz zge=SC((**Y3S7!lR{@4p@zZ22%rvu;MCsEsEt@2#iZFTGwC30hTAOsOl}tjLj0lF5 zN?VNJ3Y)wN&vskO5{B$EncO8H=&&O1iXs20A|Jv~0AE>v&RB@cm~WL*NLyLN%J_+= z@{J-J5o`6WknuiW$9Uga%E+6WmR`& z<@?I&X~vqR%9<_4&qtM?uNZ5eDr+H(b?{Yn=uGvvRrRDy4YXB|23DpoJXK#rm>Q+4 z8kL!vw5pnnn3}Dsnw^+hJgZs)nOY;NTH~48(yQ9?nA%IL+CMXOG*@+WGj$GEbx!|( z-5*2#FYw3z2fNHY|JyDz>PQ{x%v-eOI<)P#=*M;F*KaYt)nWX83q+^~Vz6W4)nk&e zW6{-Pv9V+G)?&%YlRgd?99Y3-jKY^Vfqn;q2ov^H) zu$G;urJksVop_|4c!r&1xt?U3o%Fb#^qQUQTRqutc5;LUatsa%yaoy~4obQPN;VEE z-UcdB4r-YOY84I|?FJfS4qEGm@&BjU=zrLDMdLqg`_stGLR?;1P-f*YV|5ph0|A~YC!?yon+trOrcIP#%N0sNFJO5$Z z|74^8$wvQ^jsE{rHu@j7{SVvzhi(7Ew*O(<|FG?U*!Dkc`yaOb58M8SZU5iQwk?G$ zHGtNfKszd+?DQcj8o7g&^CwpQio9QqH{;2X_05u^hw&;wL!a{^?wctxaGU?UP-a0jRx(ZW1IyJiT7dfdH z8LRQ=jS3jNa5|_{zBCR-a#toWZ#+g~Ux=LN!&Pzo?NK~%d-{e( z^h%42IBIM1^Ynk1a+e3=+`DkhYqQ;lf0=Uj$DQeW49q*>+DFR#3&rgVhgwpmTI@f~ zY^iSyN{codCf`0k|7SD%e{IWmOhoG+1h4h_roU**2a`H0+p5u|zVw@m94QXW3*nk~QT|B=Yj9T$VUesjNmz#S*1lk#IsyJGoNi zs=!pfrhPynE-(U$;fQ=0Y((Y@_%2Sd3b4Y9r@&59{1|0JRjEW@Br%9djh>8;SuX({ z>aZCCAn4yI2D4)M0!z~NHOJCejGYi0=&Yu5g}or%a^LT5UfH(Fn*hB>yQLBh81G*% zjizB-lb{@qQkUg++vPheZ+L3LXiu0ODQ{@%=rDRQkrl%y6Qo31)Ofp#Paa3r>s=pO z2wge7?+%3{ubhm2`97gqwnUN{2V6WLZfBIny+xDdo?CzFKIc8fw}UR`j=pE1K)~`t zrAGMa#uN^I$9Dp5lr8M*{Bf|a$}nZbm{0>Cq!){z&GD8HOVnaU1R!dKVHP6-fSAL$ zn9-DAjN;6YXvXT+kUBi`FxTNwEL9UIctVrjU<5?Ta%pJfw>tpXHA%K0^p=D9rk8eD zPQ~eyukQ=dWG1f3dBp4ndhj<@NBIthDIpw`d}zK@MbM1N8WgyccBT|~lx6@40Bdhh z5Lk<^Je5H!r$3d85$alzoo(@Cps=$FQ<|9-+%OH$BUWDkSY5m+CPEu8dWY}hGPeMZ zg$)YnGOG>>Q9VyJfqrTjwPneR`;^5l|(-W&pNsz^6U{P7#0_jc3Os6kTk7Q5A%PMjmQxoYi8K7OCW8nUSRV zq!6mtU9Ah)G5I?C1$oJ*PzVMB9$1gTeBlfd!y)7flCZ7T2q$<`xtqFf@~&4f%NSSV zYf-a3ZZ&xDtc}9n>sJCr>p_wIaUsThOl>d}HtIMRW{fQRW6+SmwQucG$2E&ND`#hK z8~hbHzgQNPL&Px83QIV0?1>m4LBpo6odtbIymX?d5PkxtE|}s^@S9q*I(_xpya|_l zupg=pjdzoWZJlBmM@F_449@mf4o!^#^M~ccAPTH)7O_&EUrF02x0P1o%%oA+X0E%~KZwRBeR4Uz51&Zo+7ui9!=E%3sca>BE>e zdbJ9ptI#_kjjQq202_UPZvjc@a{)pKrud8}080ld2<^=%P(lYYNo!*!wBIcE{HJvy zw^XrGqhHFmNttH)JvkML>^<>l&&DunN81^`nykCF>g3(!I=$&Y7RB{9g z9jLKNTDIdFOcA+BJmh?wBpY#8J#`E6W@xb*m$-?roxLTAac)X?DUhL#9VtYpZGzn+ zIitrwiRcGJyG%umUD^k+I2s%_8EPSp;c-R*YiyH9zJV+)%?G_oECZYP1`3c|odP2^ zBxeYnB3xjBi|l#?y3srj=aC$p35h7UhBAo>p?t@}^xVkaKbUa@ORqkUuNs29;QJf& zH9Dvc0sD4Wp6(3}XNj(gCcIb?{8$puMKzc&vk)V2v{3MTtQng=7!J)O7%ROO7QBQG zkOjzL0qP>OQvtZ@E0Qqp03qbFi8*kaJCNoj!fX;&$|xdo5`87?Tf{zsa3`$^cVqHuH=E7#yR0ZPQ6+j8; z!9?&o3lRRPmW(uP@+8%zj&ar6yz+8;h?|N>?GKJ+C+#|lK5YRhO~p_ax7OjXIjLNv zse9VuEKq+b4`%-q*!!!{hsP_kj_mE4&*?pt>(?Jxu+~lCO$yNh=zX=_)c_mQsi#V^ z(!6VbV$4M@QeZ@R-}%(f?iGl^wjc{%;~M1W#x-tsj}gM1H?@&NEJx_x-x16qzPlO2 z1_8Hmi->$A=PV<_dAjDo25dwa1O=iz@8NxNEYc|2MqsTPGNXwP4Fx`q1L9ZHOe4%# zG+@UKuVz#GHuP8%zE^4Se6g5S+-EBz$e8oECtN1B?wR^Htz7RGz3y+_lb$(4GI^h` zjcX&$Rx^*UW1Vx6f^awId# z{^%iT$n(wx`q<`NrF~KB{g?V&EX$s!)vvE?dq~*n{aZ$S}pjn@9dwp&{rX&6REaj4SU(vYn7uyaOaWDGv z^H560cm9=am-2Qg3ti7n7m9dP=6^la9{G!HQ)&h*qkVg2+fLG-GhW%Y%#ZOA5i)S? z=B0C_--a=ZN89q|mDh-%&S{=k_qWaK5BXbLP@>-bcw0BaPCs^Wdc22uyT_uu{10eE zea7t(@6ty6kGOlj=NaeS=OYB1NaZunBtW(v%4B{W!{z%fwQM~;8T~r96!lxn7IA>K2_U~7dpJ828fwky`f9Qg9??p@%TMq3-YV1XU?Lr>>la0oZ@4$fVd(B3pQ}&2OC{}AEJIyA zbf;4W284|lp}p#M9Y`!#H+969deppA=B7MY7!bu+02j!WrbIXzk}7*XFid{~n^+Ez zcOA7)hLWX+RS+7DdLt)Z0xG31h(CfGJc!y%fhI9}o2QSuJAj9EShRxYD>{PUoY zJ2iL3!+3p|K;0zU7wU<|RPK6rzQ%V7PzHUisS{rWyV_neH=w?jV(!j^iEiTd_J@hy zH(p3!^*EGcIB+pw zqbPwh2dwb>uMGWdYA!tVm zLU<8KPMt+wlthkeK=r6tK?>TiDML{x0m1>=is(?kR2|unwaDiIbn=cH)xo6y=CpT^u<_Efc`RjrxxpqwG7WSLrtnk za!E`b-`|`z7S=C33AIbGr`t5ZhEqhuA=Db{ob>k4>v)^f`)ml?xh5uSgBBZw0OL|_@ zenAHO(9`X=*UgZk0z1}c3fIxP(65EPO-x&Zi>V`@rH{X(Ph^}$U4NUZ&XBIB8H!jB zz_0&A(pjvz7Fne|;Go~3vEFOG)^wTOn%2|SB;47>(NUrw>bw4KU;p^4J}>b`_hDnt zl>T7&YJZ93Ft>p((uPTtfm@b=jK;>uqTtBp=W)ZYDnlDxiv}hrhEn?m5LA-QnW3hy zkCPLcpvA8Gd8y6#Aj3iP%}V!8P~0X_mmvXhO9y`e137RmZ%sqofL+|sV& z%z?+3y-lKH%`GoOgCjJ-lW>F6TqC@%M!o$;hL0PU+=ExbRo7A)=a<~~IL4e5#trJm zXuihOcH58Kl&vwwXW7PcQpPXB+h>=XH;2Z;6UM}Dlh8aSMKC)6+`1o@9Wb6d2wH8h zS|;{2Mu^QjC|ZieBs)k?$-hcO;Y$U8M#h+sO|)rYtSzHAA_5p9VmMkxc*@4u!@~H} zhJ@YRMACf35Cf8UMS{=5q=5$H$_Ah}d)+K%DuR1hR;K8IdDMB3X_`_AGOInK5VLP? zdpLP!3Mpob>t?GRW|6=4j%xM*sQY#-`>G`703mZ#Lvv!qeTcm|cbqxp#a?FhKJ!vE ze<`Q1(Ujn@dBx8D@uT??ip43j1(Uxy3-N)dl|Gx$ft=sLWUK|dfyLWu3+bmG5NnSd z?WV%8MURJtijkrk#6t3`#ofLI7wh4vyk)=e;SYPurr5*b0LvfQmJOYUgf)jR6PC3X zhiaRL7_^6)T2aP<4W>K;CbU*-XqJ`{qUL$>Hi3o~M`qSWRw`2xw()#+-Bt;+N8rPw zsUJtV#MV&FR!r!}PPDyl-QDj!Ej{3StZ4V#Bdm2kS))O$tRLNulQyhbrjH-akE2je zzH}as6P<(zolLRVj4Pb@I@p~1p4dW;eU+QTpCn__JHf0naaJtx(pyobC-QwK-S;+b z=(g7+w%ts&*!rjX4yXOTw#Xv3-;_@Cs%?j3PSq!EQ{ipjb)SAjZ^(1%&egIhgtuEH zx69%=yH+^!F|zaXw+oFu`$QU7D)J>?OQ;GLRCC2voo-UuJz2pj@>xWwR>ZcUS@nyR zZd0jEBQ1SPymcKsV=KCSS^9aK)%ntE=JV4z_r-bn#<}OTy*K21nq;t_R&r2zYJk+i zL+j$x#lXn)(J-mt80}7Pw>^IG1=7&P>6Z(JpAL|Qb%!)kM>BNC8_SF7>5Gh9hsF5r zuT~N(5U%A2kyRdv^*qH6qsw+D$IUIr-t^-Ih~qfRW#xe54yn_?aR0v6)j@;QfzN$J{3=XK7+H6-_%^UV2b&G`q(4Kun+2LH_l#Q6pNs)qH3LHTB+%DLRg1-{k^ zA^!$hr4>Hm0>OF@F<}dpR|ME1hP5p6eaYn~j;o-N>mH{olK*XoQDnUp*^?K|kc%5y|c@Vr@Ml2#NVeHY35j@$R{!uC#h zrtSr;t$2Z@V8OQNh#hwMox#F8bDaAR)b|wJ_mooiR9g4c=Jzzi@BRedOXE55x64Zz z9;nnG@n*bdD!&(Px&Qm;J@e3e9=Cfa_XAzqrQh(bzWqbFz?MOzmx1AbI}|UlaKG`$ z1A6+5>9N;H?t?kHcYpVT1;ZlHf|!4t~+)P(vKd>9&dN}-D!W~lzDs7+IoMzdk4RIeE;>)G2LhGPMPd74H3Fe~KaQU8;p;0f3NgR{xghpV5_$9*v) zH?bm55h4TrJ|BF3exN1wMmC_;(Rr(C6dH?4LduGr!|M-5UZJ)#yRA*SxBoSG{_DqwReF-8)lc-OVXfX%?*zbaZ-}UaAxhvgSwES!| zpZ|-3M|PpUYy6o09PIJmRQFvV7z(CS(}s^`Jag_mb$3o@3Bhg$)6iU*Z#0ZTb^cV@ z|7pbYTTt}3i5gU`Q8>f~R7(a!b^g+m`xh#MtI$7kn)qh?3f6+bXbM4CQDB(OSdmYx zQxtZaav-^JU}Df{HR)6DT!v^-u@f-hi>EB6U zD{j8Qe;G^sIxA@z{ZAWSQ2T#u8wvgYoQ>A82mN_D2 zg^$m{2!V@6XejX862VW18qwnz*oYZjCp=3wI&c!kYd1U`gR%s%snw!XpyoaPe@X5W zZwF)z@R^{H4;)sZEZ!{IVd}s5k0!H4R$3>2@yD65G02U{^YY5I;!7ufPU5{k0ZOG8 zB2GHJb-OyYKGUcSXbiGhqvWeZeTGJ-;-TcLMnx29rEwy6Y)bxWdno8?X83_4^KzUk z$QBoc_N9dEKs8>vWR5qN&-m*8LcROH-l1Pl>bRNweyXzD#Cp-6*fcHGDAK4FcRu~` zDk})3a3w8LMnXzdQgZ?y$f(f~r6(gJ2_?-_VD}5JyAV0CBt^T+uF@-QXC><5?ehuE z#=`9bI<{r!ZWOlkdDHJdCn{3-+NdbdtKx%;!wI0i;Fo}+3%(_OiHv61{Xw!k``V!_ zVaRD>xJ$`mgbb&`;x}1tg~1>hcLhBl3snhaHD)6 zIf;Gv_%6+^7BP}-`LrLCk{JPL(fbyCN zbw3Wej3+*|aw6_H-!YXuA3ElEv`~v5Qj8EbI+jpyyFxeta@)kLuuA5&5m##*pZ^?X(2Dn5zrGevLSv%t%-CJWC zq3h|sB$mMw#W;}1Gg*30)3jzv^#MLM2XwYAnS5=MC84(wlS_W(=6l|F{`KD!%|!A% zHCl2g_G%cuTS~TLki8JPsSNaAj0%9t--o2;?ycPnP1dnS=W+olynw1ebm_zBJS@Pp zDj3+{x9Fwc0c7jZe!Q;#`WdWO-klp;BfMaSpTVkuMISfhPV6D~mG$obos|(-m&-GF z^}j};3!nes*~gw`hf~iA;w)*1M5_Q$WUtK$XI?>Al@y|D-jP;9%i!szBOU zx){h9v38Rw@TkBtAOc>1n|F73QH74idn}Uuj~;|vKXH8xKI6OirKF zW<<|YC2qw3Uj}l{l7+!`QPeDCk&Oz&n0P^SFTo-I`yr*uYqAWXVOBqvlqb4_WbCys z5#S^!9<~e$h*wq`=@ypZZ`bXQp}7ibR$0omBPew&aHderbi2!wi)KqS{cI1l!44wN zi<tpn2{;QGHHP8}wV+`4m-m(?+laU5K?*&1qgG?tLk@nTq-wcE+@A zfinIy7PZ$-3pq~7NRScR(oWS!Yo zIW7IM@T$i6;S{U15QG#okCA+nx>yK>fQ?)Q@iXb8v2VxmR4g&|Dnf|sW{KO{gy`L= zRgj1p05riM5bg&V!$2~8B%(e5o$L@bsp{33pU~$Y$j-JRp=*=#@0y7%tkCtFFs_+Pj>fXX9 zM-G|ORx?TZ;2S#rJSvG56b1g0EQquhh_KIdgA%Dkp$Yc|uNadU78r~JRjC>mm}h=xz1m|(a3JC zBCAVy%l-Z;d!^@*tRaM{#u7hfc}V!Nkwl9p)lzML27JPXA2rTP=s4)k9Oe&#V95`% zC06PkvcFzav+B9yz$0fHXz{#LUjMTV6NP>?MeFlFw%@tj6QTPPr-Jnt%K}9B1VxWm z`5yx$VG@}W`1u~;8xpoy+Svk>TB?y)50*5BK7)>2qfs|1TUwN>ZET*6k=BIPs>+>9 zRQm_xfz}2hm4==WiXG}=SGWu%{ zYl*`qK@HZ=U zsj1!o5@Pg8B=yzEQi(P@sDWhBu!yic2p>l`Q~@h!uFT8=@L;8PspH9W%nN~aU#tR5 zANuj5j$dMwubl-7KZBFcfeYh3G*wf8L?rP*!REy`W^aX991oAsT)K(g+g`JH0}pNj z&NsquYTI30U9c23Hc8sreYiagf11+Sj%Oq=?4gD7KF@0yo2xf+G0KEx;KES=@oQdbi{V@uG87hgHhUa z8`R*FL~3)$h5kHf$^9;PRssd4`ilaPW)9O=-g0pQI?#{^Zin;WU17xp)nC+NQssjXz#_ zZel|^$k0E*kP|;pQ?I1^3 ztit1{>s_<{m70BR*$Q(kSnPS@M+}AIE6j|>{_WiMOnS4E1pY@pxJ#UWK)o$8Cxe5X zkAt!k>$UrAX?CDV10fHCYeF$EV=$2{mMi;!t~ZTgCd!N!04EeLZ2h*H_ z#BG=I8y&sY@B?oSbu^Umtk94w4-2~W?IF9>Yewcj(LB43TcSXty3V<`$iF@W-zCxl zQa8D_cUb7d4om4hpDFfHOx&^Q3(4tUc|vQrKF??rlNs#GX3{cgtqkhqFJbsmCCH*N55pC$}(0U15w{F01#OWv%ev$IOO%x&+ehOKeEyDK{v-cT(TN_K)d)%up}IkwfF$X0Y6DUR{D+-SM_MBk{b|kE2W1xg)w-rN+4>o1?kyJXEXt3(``L z9AS@AS~v4puUJ~w5l1g(4O4jL|4lZUxn@(dX2_g#*sf;SjdR4irpu3WG@@oSo^veS zB@J?sm|Zho$2rkfGohwA)LSz-%{jGPGccVwbyPEb=`#JfW(LkVi&i^}%QZ(*J4eGc z&s;mt&9xw0yCB82s8qYC#kFKmyJXI_Y*)MN#XYpxb`NYo}*~FT_&z8}|R>03*-o#$d&(Yq* z@s*!*q=|EepKGOwYlolvxQY9UpXX;2&p&=%^k!Z>0Y1{^6h2x3ewJo_9svQ7W&vpd zLFHyaZ2=*}W}!C%!uHL=?gAn{%_5%!L?fF;69islG`}bi5G!vMs}~S&Zx;V5ATiP` zF(V+k(k!_nAa&d`tEFVths!qKqeHE zTCJsGu2?07-E6$2a-m$OSS?SjwQ8x_sM%?2ytR6z-eMq{TD`4it=VCr%537l??}7H z{&=2xd)?NT4|iu<6YcdoUxSdbXf!$+z7N0%Im{ytbR(IaZeKA~jG0pvBx$eg{_vKOD;`x>qO8kgsWr2dA6=a#wt_W!|v zI6|T$Bzj_F_qW^o$Jyoe@Qly-H7y4x7xxcOg*7eLcMpYit=ScgS2y<;S2ywb759%% z)ondLuJ5{s#urvMvnm>V;xb337v9HYc)(KMMW_2E=8VrR`6guhC+AHrtUUbub#!*I zw7z|IdHpdl=kDR>!rE4I&%pTHaza7n{o}8biz};7v17AKg|)4Rrx&G-9ZLv_zJC;$ zoaYpl6rEF6+|b_ob?Er~vZlSaYhY|=|LFAMDy5{lrFU?Cbu+!JE-JeuBJ*=bSzT;y zIYOcnvLht=&+Gk(0`0H8fB!t)o$t(i{rc}8fX2ETghJx58w_Ty*bTuJKG_Y0D6xJI zBQkLK9!_Rg@jZgd`{a8hG=g;x#+dG~7sXmuu@}wRcCr`4JIuNtE4b{iA18WLu^%t- zc(R`$gT{7{s6gU)kfg#~d629je0q?gqr`TYs%PMMm}X>Gd6;hMeR`N-5y5tpX_M}F zl;u!Xd6ezac6yZKG0b+H`+nK+IPb$z<#E3M>g02*@YzXm zq7wUQNveUt z4nj215lwVN6CKe+M>Nq9O>{&P9nnNbG|>@FbVL&!(L_fy(Gg8_L=zp+L`O8y5lwVN z6CKe+*M34lG|>@FbVL&!(L_fy(Gg8_L=zp+L`O8y5lwVN6CKe+M>Nq9O>{&P9nnPZ z<#`^if1c*~yIlWwn+JYW55MI3_gMcA&I6z~0C>D0(gqMMFA_@w5)Uu3NCUDoFN$&l ziZ(B*VFT(LUNrj#GdUT+w)4v` z*TWoF-S^ARS3OTh)mOdGkLOok0d&smJ`_@y>wYjx&Gk2Ik&EjAh%)ERAd#WV%@CP= z&CM{C&&ACMG?Mdnlrh8Qc8s;W=60O3{o;0lcZBn9QgCI`7!W;1oq z+%Ni5@9cjaBH8!u9OWWkbOshiUS6FTU^LtTC`1;0AauIKAS5i_1{q{rXi(xs%SQZ{ zOJqr?Ac}38o7mS1!_ux9d=;Hp6ry{LeiSrW9?1tJ3|he(8}d)xy<@Lh{Q+XYq8}A` zHx?vIc#s>6M(NNeJH3jvC^daGA}u}rfVU_+O`{X@vp2H-TGQ75kZ=_JEgDjA7}O60 z=?A0nBjNAHBK3WQPBW^=Vxa+{sK02ZkuuXk1heL7shCLUav`~CGEnBxH4MzRA-OMr z2>y~H9C@$|sO&lne)pSB&wv#|w9AQ#>*3Q?lYP+0{sfJLh@l8J~O^1W2C zyyn{f6e|c5tqCc&aTm(fw}ynGI}GH`K^?LCDC$M!XwfWUP|vMi4Yv!Bb_YSR`^d3z z36OL7WT3&=eNY_TQGhBr9t5Q`)_{$CI89>nUwn;eBaKP{N9>!$xkmx+>tE6FBp*I z=sKF|$@-x(yA{(Ceh_x^1Td-W5 zi;aY3OgGK1y5dB&^5v(L)-th&N}aeWy>cF=?7bVn2*Is*c`x@|A&n<0(>HzQ% z^v}?6Hk~3&gW0^tpkc}2>pJiD2{T##F|n0?EjGU?owuc}o4wwI4u%bYtZ_{9%H^Z| zV6huuE)L-|HMHM*cAN2Ymdw|5?~-<=c`N>>@JMc=$3Lbx3W+iEa;@nRU_p zGpW5v-<51f!wj&wiv$e{0lId>c`|QH9^cVEA1Hqf_Qwx6GpYA~gYw4SYt@4iEn2ZZ zv6(ZP>jpag^4>WL$m+uH2$0pdfUkoW>0|cRycFn@;MsCd1xgY6| zg$`nIe2!jIVmBRXT)8YDc_L4PcN4XcEmA!=nVe0qm2%^f=28q^meBomcwWqAc&jBp zJ-h3e7fkV4Z~0z^pi_kcivk#AE}{DvCm_vjyX@NY&`=ma>*%a7?cQ-;6!&9Ca{m|f zGcG`-7T}^6s=Ktfb6_T%&t4Jq7co5X5OJcXKC8Z9ypGujafv4=22P(GhSO{fmO{a^&F=+mq6hP( zzml&qVBW}(EsHyBJbPO1Szu>N;>qPSJfcBbFi?c zoBe6Nk0@VX3`K6|qEfPN7&kJ_>)M4Q%6Laenid?y912L z6U_FmgVD=~$!C?-7smLJl_{Wt^^*}}@DpR`2i9;_MtI~XW0VSO%o9UgCSw8_Ytkq~ ziUVWX2}?#MLzXCGP6tb#1499ru?WUeEXq*2%1~~^QVC|Lu3)HTWvO4KZ#;=GT@2Ub zk12GB$q0#QDvL4u7UPN(%Ss>1FBj`%70VP7OLY{J_BobeFScnkHWew3PA-naD$Y72 zE}1FL_;Z})UK|xtJTrZ~xm^7CP~2;)c+=1Eq~GF~VDU+N@x=5Av~mfCRtfTG2|p_m z5<(L2_Yx?P5?|3L;>snGStaU(B+l7I6nsw9+Dm*tl<Ul!#xVb!Q;&B|!)vFMkl(XTLK^vUBS*4Wg2lU|c27^=oxHKj!@ zrRC74^Qor)eM%Gm6;W-Kj=h(zfRqs#o^D=|?na+6uAGq>k|FyoW4=7&i$g{~YvzDT z=8!|?2rP4~B69+qIkT7Hev~;inrV-emCT&Apps>0m9dYK|;X3CVzmUZ`pzMUR*EzCm1<28U80Ja_OdGA z_MuqRvNS2UR9Ccg2~E`4nDEURnPoJ!br-R$U&(4%8Kj~NQ@706v&=Nw-{p+b?JW4+ zIGIQG=dT~ie~>Wvu9xqOmUEGo!%vP&Loi9avdN;@3&XN=)YmJNK2-3sR$8ByM;MoC zWmjr+B_#S~q&ks(a)M-wRmqK4KCe~IMpag+Rn=e?lvU+cum@%QuJEH^ieaa2HzqDJ zhIDoj^kkEMbqXyoCi|iW>5nEDaUvbV3>Z)&8xn&|7!%BikuF42Ep@q7sZ|G^h1IUt z{>q|Xsj^&WubTQ@b~ui|on2Q)k(-`fi;iChZTx&DR)2(1cT7Px!w$LrjeqM`Z`xQd z4Qc?+>JBKXEl%pm=^E&Y8YKD~3eu&kvY&22cnDjE3_BR{9RYDcL1Ga|+HWf{4@5EqgEs&dL;`3HlP@6bki$)Iq zVXMG#squ!j=MFPOj}kDLa9Q$d6)!e7w`_4`Z*!4t6SHiy@RSB6N)ruB=X$%mGHFfl z@jF~_0yRkaPPF5EZzq=RC5G<&|G4$fYL8tDzN}N62RfHzV-{G`442InqZ8QuyukM*-$|da`mo7 z@qTcUTdqyteau%US%q?al)!8BAYQ*ZTL|SfS}+uhA_EfP1seh=MU*cu*wema)owm@ zhqtLC6}@{Y4CyiH=~9-eLs7^0*^Bv18h6q!BaeP;@(o269JeR{V;PwA9b_Kw|2-bp zKA|zq*!AVl0Es_@HBw-NsMDakk+pKrUl=+3zuoFPu#73hC{YC~2rSHt1P(&y(Lr^e zZKpJqfPcCe5y~C1$Htep*HT2+CgS}l9@`-)(ew8FOG3tb5bw~D@#x2-!IwvxQHcV^ zkP-NT(km$Np6)A)9HnLqJRW2 zjx^^9Dg=84kIz$#Iv0&sPks>H|8T@HLEP;VX8$sY6i6BA>WXdNh;`1{9EeF2h=oo9 zv+kf-@JP+1Ox3jBX5TIciKN#@nY4HD-5cE`B9evyu9gGlJ2s9+m>S>gPa&@Q;VWzOWc_YK@y{^ILq~o^A0cPFl8r@=H9)v zK}Km@1bHmn>kWzjn3j;N_@^;v7}up_1~HEmczKPMGK*}J=Cm-;fA*qmF@ zGKTCFN-!$hwLp}np50%nmp`hpH&?;2L9D76FJ56BOwN@ULcAr@TZ77 zH1IQL$s9CE;tB<%EymLLwr+p2cYH>DQ40GX2|#^&H5(oX(p(>#>n4W`iTdq%uG#9AlcX8 z937P0YankIqldVGEpI2xbY9zR^8=UFER&h0#x7c~0Qgb>6BpR_`hdUP_P9SuyC}UL z-i}m+WZ5Dhgj>wiyMq&Ra9w*KR=Zay`KHF(OOw&Ug{xm57eG-O2A5f2A6XD!10m`i ze+YqxfnM@Q@2GnW;RaBl1saylfolAwyXBs3+#dJ*ju@Ynu+KU?uEyQc1>(kKZESB1 zS?m-$l7;@a7LfqDj2Kd+az#+08?#ESfaA`9J)Pc<>PnvexPXMq42tX|E$Mr-#vzL% zjcuZC2WCvE$Wi1kD}o%yQlke-*h_aT_U|JEydRJ6FOK!yrvE9OA+>kq*Qx)B=s~tb z0R%CxxK5R~d;W15mw5RZO|*4~uWM;Qu(eFu!cDrEzV`}=_dSTq#tM*e`)SA?pQxR8 zx}2k#IIc(h5WRD545+0+XsOo?Gg2B{Qo9?r zKUQt8gaY?W#VhSgw6;U6Ws5l~%O?R# zYxAR;2+IVMmW%u*lTTx`R|lTVw`&msnZxJGc$WG!ZUT}gc{WNVjLPq;-B4wb%ld4@ z@8)IrPE{XA86yOkmro1gmn6`wLC}+L+^@p(tqXEaq?9h+uG|#7*0<1hq<`Zs`p(_% zQ%5iNEeh!3Py9U)G{E-8gH?DC90_6az^q6VsDyr&O3+T|J_YUC1ihIFk%oMR|Dwx~ zN5QvaZg;QRCOYfIAK>|tF-=G?a+*c^pr8N81wLcjEe&DvdHd2p!)9_Dg%7#PL!pl6 z-1=j1hq-<0*I$KFkoIaBXkY@WmBKw30?Iegg#-SXs)RKWHQ3R${`YUx~N zy>LQbb^hY@15*ZwY+9{n@9 z0H-OLg-*C;laPJ7VvfNN<2Ki=-oGD6E={|vKhhc*isM6qTaqb^qS4Wi^~y}@umH5l$QB(H^fDZVNFG5t z_`)(sU%CH0qS2UsFby4WlnTs@prfc$L&iRIA*#G9MIt8)1L^yXoP(M^##$!I-W77| zP_q1?{OkAlW9tt$+#K%z`{6q}P#GAgdu+%lS~d-p_?+U@1)%$bV$E>U@vfp0*qyDDsjB&= z#&H{@CL2MdO5v%(kf6X{LZ4#Oq{^bK>pu4Q^hY*j{l$LnKLg*L)odIG3^C&qyG~FivMx&8>tE&9n zDOHLB1Pi5mVXk*EwaEPp!-!ZEJ)MZ8umGbVAv^32kvl+_3Mpvf?q9yPf8a1Mb{|UX zVSPE-YWPO7>A}#l=-@$x!aj2V$~M^dp7CYQ-%;#{X|VpQU=53tu=uwYqrrBriM&CS zxF7jfEoT%B$E+4?+qYW1hi1%tQv`js-<;bfD2b6_S}zdiwLX?f$`V*(hZ;i}UQzR5 z(wWkbP*)U&t}AfUhf=&Jc=J&tUEexh+K$vbQ8|CcI(fp(XLJySVG=s<9FAXNk9u@p z{J$RGzI*q5Mh;F{+p=I0SRoW@A^&1KC1ZNYrmVnQ&!(b$dcv{lRg0J?JoOe&gIoLI zVx(|TFHyFE4qJrvzgNd6A1XX4dRTqT&F9>8Ri^FK{Znbet#{{cgNMC#P*+_NPvXxt zuQ>gJhTxKofT!qT$%2*yab%-*C_L8W^sBTxkH@U?h`Rf{wzBH`#o$)~UR5SOlHOjD z89k2=NZ8}vTcDtTpY47>^Q?D6-voTvOF$>_*-s+%_C1%8$w z)bBEK1OCx?fV9Bzb^;IXf1jZDDPYgRr{MB&zuhPBcg#;XJmJUJf=_={?|1%96U%^Z z)GqVrvS5Dvc!(~Q;P(Js zRtciIYcH<%ba!fG@~x9Pe!?Y1<`$U)Dc=(#r#8Oh#U02W;J<_k^X=i!r6@2>M@MOD zj1e}IDzM_JM(fv55I3rHak%kG8;4nu_NZ_^#WhA+2<~qWW)2gkCB)OjmauV2TX60 zRW&i~lM7I6SruQX>88)8=J~_e^gGoI+UC>hH5l0shg4rL&!>L~v*q^cR5yRr^=;Q6 z+NtT*rI@*eVlO)MVwyNG zCHGjtUTkSh@?G6R-c^{r1kMLd-{pn;pM&Lp*0Zz&9~TP#4N^#g#B@SP77Hmij%A6v zbRvZHn32336qv+bMx(J55f3>i2~|zUxGfgbqMizhQ|KnAFP5ZHovP}0>81ql|A~p<4M^PR+q`F1q@s%zan6@-!pn_4#x6EY;;)UQmYXu-vMsjO^d`NRYjVBl z93;ip>!O9j%a~l9s-xHOn+#g(&8nQmSxr`#y(?NuEA3prm~7u_wNw3dbq~)m-qdaA z7*MQJOE~X4WM1inx^g2G|1mwYdf$cA?dH{bK6`Oi|78QUUiPc{*PDoyZa8PXROm6-qvQ8{OW0l?>$W$g4q6@QevuDp`Y@c}X0I4!zHnYf-9A%2NOQ+LFxY+m# z=n|5SI_k6Y#Sub2Z(QjaIq<{^>ef!1sGQA@J-S+lw`yPKovYn-tc;|e)-{&9*oc^f zPWFDU$&+;bDEG&AxlGuc?Tf1$2VvJ1nokF5&JWAzjm=~3!}hrzH*a`*@@AilPxoP* zir37>_D{QmFYZyUBorTuo_i_#9^zCT4PWk_a)_!CN_pIJn?|Akq#o=U_s~=8HZwcG zLk4@4GK*TO%ld}M&=g976OGvD?5Q9U5L7meU`+i6BqV_M?P1z89atp@iKH(GRj?1l z|I-*ilLpC#2efK z3P&OYi|NoqEi1Y6`gH8Ow7$dTW3R@LLfNo8oj4Q8V`c0>>fh$GU5%0Id7s>1r9zMWM2hEnx`Kr+#J5QFLD^y3_a_$P; zhW(i++WHx>N= zFCL4ZET>u@vFT?5d% z2ryR2MR^T5<{kFKCJTloV!)#WpWfvFK{?i(GCq3B`&LRv#wsb*$sA+J36wdmoN^%5 z7bB`ELXIg?xx;29xni9u5|)%wH-shXBVkkw-uJ|5oNXxzV`a`Nr_p0FR%3x5Re7pZ zO~+Iv7zT5~RKr?I^E3ns7nzIh$9%F>FVx1RjmPB~$BQot%3{aMYlJHW>59X~dmG1} z`qj?Y#%)W+Yr^X5sU{jy%j^8bnu*jqU#W*XtN*5-u#cH&?e6HbQTKYM+I27V<(Z}> zmA2Prw0&{H8F|u{LnA|M66toL-z92@Q?cKaWrT`k%x02RP2*dbM(M=F`1}4z!I}vo z`f(TK=~%is8`{|tark1c+B`Pb5+lt5C*usK$coL>$l_!|$W&R;)OtzARxZ6i^7O7o zd+5Pb^}Xg6{`7&~wCeigo}S8@fAL}J^r>FS(fjE>?E1|~<{#Z!m#IuwCCt|cnm3D# zw-UYk-P2vN+6nyH4o=$B{@U55Gr~DD_caMmiww`XnkOyVsQWXW^V%P(XW*#`KpX=y z&Nzrk=cml9m)>mJe?LcJbp*0!wW@Rqx@QYq8nFXZafLe2^|>Ktv&_%howqu_IOp*H zP7wX&!xyR~)K?~xR3xG1B-d1=#L*<>Vxv-&r=galb`^x`&uw4N^_0BqW1mOXn4c%o z?WWQ#mC*g^1lQfnoo8u{VRD^fec<3kmE`_0iBqe~QHsSQq{Zdc#7n$D$iFZnw-8JJ zD*EHA29yOM%~v@n^`d!mVy>cM#2gZm^wI$$G6B;smR{Alyb2*$q&-}av#pY+u22xt zRpOesc&`^7vgr6lFUwS~Ykbk}T#uDWPnD}c`!B67*Q=M*OKMD7Bm(;8&P$Rw`g*o3 z`ae_+O7&lFm6#ls8)^<}4lT`fzcO=WHK!J`%F{D>Sb7uAX*tAVO|56kC8egh-0^l< zy?XhJf`LQavPIr9$qxfpMcE%+%cvBFk{pHu&jxK`hQcN*u0I;QxA;G#(b@eK@k2FC zN?f6DS_y@Z8#14-tZW+IV6J}D%zxin^-0noL{T)FHL%b`K^mQmsO>W2SHO3zB-p;0o|>lMq_8&PYof2?Nc&t!*JWholw z)KcdSvFHAHm4<3q5dOMoisf@2Pl=aMAr42WD^IzrYSQ7_XWR8v{&l+^W7}|J{r78? zhwDjc#`R0BHN@q$W=4%TLJgX0Rf;BNbQ>Q0CL}f+ZA^1fI3``xYG2Guy8o{Kh~C&a zF!{G=g8RqhYk-LdyJ?oBsh*~3eXdEJlj&LXCh?E;zPy~Vp3R|fmPt+S>Aa4f)=gi( z&Cj=+@J8ybSuX0S2i~Qj)dj^Z4%@9Cv1X|OTa#X9MeJJ@wPqXCn`jeT+rPI~Yc{vc zvUj<**ECu7Te%LI$dB|H4m4jKGtr$$vYhI3owvT4W!j!0HaruOzY5U3(5&8YHM-q0 zr{>?uCwNngv_ogMGXy;ZbwOTCpT{gzjmjqd#8N;&BX5=i}4*dOp6hA3)G7@ zQfnBYBK3nM)PxCQbA2;mrEA8{q>F4O@GE+?P1o_sZFqLbGxEvMgcE|^(Y$C{^84!`Gc(u+L2M)k%N?-X`sEGmR%wpswftK4-X;> zPDF{Q2p7EvYkmmRWJS{Y5TtdDl2d)WK4A~6+J~Ol6GR-mCE4|CTYPs}{`);@AUDOw zz;MMPdE7aiT0&T?_eq>EEI$2>2kueqhA8t%M`GWLy!{si$YKf5lr-ngjF=aI%E?Fb zlL*|P$b9qYeAXyC+vGVI00RaZQE#qAKXGSYKA}*q0y?~*s4|_gys%OdSQ*W?@(71C z8geW_*av@b)4TZQJ8+!+7w6g~xHPLp0A{AO%{|E{kR0K;$VBLVTVprHI=`&huK zNQ%Mzh>Z5X>kPZWHT7XI!T zjAH1qJ$2;!g5>C(!tsKF77_UBk3w+8pgK0j4_x397dVwN|7=HkP|*Z*@RKO>0g+e3 zZr59hZ;$gIIknN0~$RBFR?U71iBc}yrCKvV8PtPIakb(9YMApI9v>Yq9>&>$~? zje&t4%~GhmX@1;@CPZcJ;sClcNAUolo`lLbNCn5Gza%4oaGHNGj1M93YqwyBccCBd z7-w9u3Z&7o0r15)8gkj-QJGW-z@U6fwDV5tn8@N)6WjZH{*kv4v$v$*ZsL+c3wM!4 z|A8rZQL)>b<44~YuD+MNx=o1cKWxCg0L$GNd0nYQiQ@%H7~a29_R?{_Asu-jE0@uh zfB)EX?+Xg{e;)^Qge5UX5s0GdS-|xAV3r~z>m{Ii4DJizF+A)K7W|90eQZ*)-Rqx-tC4R>2BK^UpB zY^n09M6lO^9OvL;5%9@Bw{V|~En(+RoZ=BiIkgkY^~eDcWB~wcfa#?FLB^lXb~&w# z;pd5f22yb2@!w=xu3|JWfP_xK>2MAG7KTa6Z$q|gIRGPI(XD}9TLLi@B5yZY0qY=I zKP%p~cTh_(p{fC|QIf(KL6}YuN~bJHi(D!|4%iKOsowumn&$G%;ht4D6q3U4N`YUz zP@zj2=x-!zxda%Jd-uUl`YkwPz0vmit{a9vS30e*PmMluZFampp05@6s@&@K`*|CV z)yiW5d_pGVc6qv%>4qKRn!AXc8-yiNdIvnE70yJ;U|=$xku~hid{$23mK13@U92)> zQJNBS++S(3XYkfEvA)>o@>yw}`Xh3^s~dpDigG}f-SROPq%0K1#hn4J?oFx$9I|qTT*|Y3%Alo>i>N*zXgdxgJ*9H zp&{PCShhki#8y*-z6m`+!<7_`=puH^GU*~QHCHzysiRN62UEC-(nl|pcI^4FG>uxq zMuwjDVBD9&3~_Mk^-P9@&9qTt0}!tapsFcqsgnpry$+MXWBp|VK!8L>6%7)>6!e!W ze5l0wM!^7}C5Mrmiu`}vWeif)Nk)d~1c6voJNDx~JQ@||A3b!k1bsphbFc`RS7cH# zGy;w@)rHqsm2~NUC#E4=(jBFUhhdz`+amFTP<3>9LB-Ze(EdE>?20odS=`qLNvN7< zCuO;6>kg&JmX%By<{?pz#ra4ccG=Etzm8-)r(ge1?EU3eRDT@sdv9uB$e|mCp@tOc zZjdhN?k<&9kY?yEk?s!Z2I&%z2I-Pk5CL_5hbz{)uX~-p;GDzr{bWDbYkk-LeqNvV zQ7#vi3jEy{SurlN`4NF^3?s)7Z8Tw~*g1W^xL_?i6jOa?z{D>WLN15l`56N$%^*!~ z{!Uw~@)A;^}{T61ap*CXvI#q`_bo7jkm^}Sj0R~;c7pq-1 zq+pwY%`odNu#&lPUgz7#@ePMSR)&d+z@OjMO6J4wq$5J60D^2f;@YU5)yfx$cjIPv zs64%#*dG33y7bGa+X7@Ks?Z-C)TpQAKx?k{dz5W@kH4&g5<2pU8qasAcm_cy5|wyh zew**uA`l^QWH>-*w2MtQ7#h~R&46QQg~?Tp3KfkFXCB&;*1Cg`rp&!V@H5C*-z8Bt z%|V4WEb!50gZXZG0I7ZJ_kZtRXq_bZqFjBWR5z0IVtxf3eXI1-m{Q?LMl-;ndsD7y zSxWO~fp8vFKnAskIwMVIb% z7PUNr9j#yGH^a|#-?#(Lal=UyjjtcLxkvPk< zMrp7=&h<4osL7;#DRE5A`S)&23bSd*=-->%b6pmhnt&uI4wn=;F z%DNc5dLi6R$r2GTnP3%VRqOdMlq^S8izu5Po<;h#4Y&NClGBM}b$-^KP$RW!tVh|;{SYbJRU`P0MA!a zL!0<5X<4Pjlm*&b)0v|BEL52qH#dY_@ChV3Irq#%yE4tS}$^0~rvd=*Y#W#QiM> z87U%ZN*TtoV^i5?doespm90kmQ?b9NcBN6$tdW++59RrGKc=bUXWB6n2-K1ZOLip~ zA|9L^kT-{UG1!kQKgGjgk(~)9+X{_XwLFkD95kdwL_Ft&;JvwvqYqL-bgYjPQQr=Y za5a5EGlNiY7(w~D$Kug~hs(d;nThw}%V1e%JXN3c@Q-m&+3?{>~jr z2v$~;6^E~W7`}4X{fxnz`eB2KRcub6NNVwPw%7{cy+JUVoK$9Xc7< z@doqVwtkz|Kz#z8?eEA_A~4aQ>T7;O4&?(*`qT+lcjAx7C7M*hbP zt)hgYEg{e(x1FHd+WqF_=3(2`hDP&_wW41^V6saELz7X)>Tol^6fAuy$*ikbs;j}Q_xOvq_xzfm)Ufr)O3c~Y^l_26Ul6TSZaR3Y;jv^fn>G>m09AmSdo=k(Xm*w zlv#7L*a(){NV3=}mf32s*y)$qnX}m2m)X0sIQWz~1hF_qmN_P{IAxSM<*_)Il{we3 zxU`nJ^s=~)l)28ZxGj~rZL+u@mbqWBc-)qGAXz*?<(~MgugJ<@(XqZ}DSyq)`bMz) zjU=m=V!4+FtG9l+w>hhieYuZ2tFKSFZxE|rWVv4gtA9qhe;#W)Y1yx4o?I zM#|sKum&!b2X3+k9hL`Ou)e=7e~)Ah22}*(!$Zg_Lg?V3EES>L@G!xOFiCj0Vnw(H zJVL)B!W z<=ZdMXJ-24Lk0s;W%;{$*Nh6vh|^oym}?Crk4 zKK@#5@ul}k`rV#9NxvuQ_ayzEq~DYDdy;-n((g(7JxRYO>Gvf4o}}NC^m~$iPtxy6 z`aMa%C+YVj{hp-Xlk|I%eoxZxN%}oWzbEPUB>kSG-;?xvl73Ip?@9VSNxvuQ_ayzE zq~DYDdy;-n((g(7JxRYO>Gvf4o}}NC^m~$iPtxy6`aMa%C+YVj{hp-Xlk|I%emHb$ z?F~Dh5yTwkQ|*m=qe+aad1@U^2a{QRE}K&wpN_s1$i>pBcQ$|jTJf^le7dvcbh*K1 zGEcp$^?bek&FSWJSKH-Qe;5wEMtA#!aCX)qIVf&R?f1pIo+Pdb)mJ zZhuDpzexINpfFV(7sUylz>A|4*(;qA^_`uHQ|+sq95Q{Jzn2w6s$>_@$grPOR?sP) zD3+C-oKzzNYpb-Y8 zr7Lv(Ik6UV#x>44+Fd(ISjl-k-8cV^drJ5>Zq3ZEpJ&&zEvV;7)AFo%RdZN4wKrc? z86~Q}Y8h~`eZ^IF`?VBo-IKIr8r4(2Oz@KHcJ*CKE@Z{AjjMbOtMUAH!)-7yX~XL% zz6|*dv{U2XUiE7Ipv7`3@@dlYru-M%|EvU0ChGDi5|V|mBf(N<)y z<55WtxN~+eX2$n>4O({RYQ5Bj?`bo~{ljvVgS*dpx0L_eRUQ{^|H~l*r~8W}%*&gz zVWF+PAL<-^fr=$USeVkLWiZLH7S9gLs$2L9eB_wT;iNtFEiZ6WhgGXCgAUhlzP zpNCXp-eJAe_3z)ByGX$G<9{HfepITfU@Wx)RPwQYkmywiB(4CRRcQd*_$riQssJQ3 z)(Zq&g+Xx(v0f+*5`DM|zuzmsmJ1yu>%5BKi7Ui)Fsvk92r@vMS}U zVuNU!W2e~?9>A*&RPsOaKK2iTF}Qhx<*kCD#9F%lYmu$Ab~A|*FLBG1y(FLZ9E}nt z$pK2s@$1a#Q#;KdO0|%8(%Mjn5|%L~Kp1BUWrWBS!TZO(StfF?kZBIUu~Cv6OI423 zJ&SNOt43bZ8z_^OE*RY!RUx+k%Bq!yMscF`Sg*<7xUrYPJQ=0YKPW(zktx#QNdgrR z7e_k>ORIgT@FE(@N74GO%11RD|Jo~wu5>~s%4iCxu!M3bk>KFZhstwFLuK&#weWNn z02=SI{}voIJOYL)RSq)aUJu}44F<~(Y(t+bk)WZ^F9Potp;mbPhJ{o>aFIfRu3N79 zo6tptQfUyn@`(=4{6hIjdWE8blSwI+0pkoQ>;6X+JVUBrs}aqOXlxTxrVxmEfwL%zF)37GwEs_W-Vz9b}x zKo1S?M^`pPLDNq{XXZpqX8J+!_RNNacr{vqiyPdJL=_xS@%zpF1176ock&6zfH(2|0x^(uKQ`v1io57g9G8ZY-U3{0L8jL zoJDv5>TR|_?0l~bpc`w4abuALZ->B@tgv+}LP+=k^oMa}k>;X0OO((GQ6Rd`t5o{_M4kX0r^!6cSU94y_a{X4%^AgONRxd ztRVEVJ0;g%1}B5LR$5v#%r`*z)1bxzSxF#-+f)b;Y6q|ipuyaJJ2;`V4gBfjY7Vk* zpkmBr&ts=uaoMOXev>6OQo<~F;Ow|p`nn>dFiUA1aRzG&xuOwiP$Wq=^wzb!1qJfO z|Furrk*kx=Pj&i)(aF87)!(wneX%fJCKYV!tlI(dpI5GEd<^zl3zSszKSLS>fpS_U zd8_K5@_6Ef(Z=vL`2_l;`pM&O3<0wHk6Q}i?0Ao@%SkC3&wSQ!aEuPxbY-v3n6+S; zHhsGin)G};$2UnOO@p+84noAcaDd%h-9bw`Ll@L(+cL;2((sk_7sV){@%BW)pj# zyZtI^k)p|$HxrmYBio}SZdU3#7YGJ_1N}RfMdacZ;QEuUD#=@BMdVz1{>@T;`1e;@ zX*BLqzcya}2Q}18TY80*S_xItZ{SrwvnD+-9Ns$qwJQ7GJIms39LE;)M%aI1z3)#r zkoO%u+P}ztCeV9J{0Q}jF$%<_fZ2G%p5(;AVWylPEKGaGYTya!ofZjrfL z2ct>$W4L)@e)oYKkOD^-=DT`fs8(hx>7hrXLHoO*vnXNdgU%n9;eI^fO$Ka6elGr3 zaQL0~Ntqe46b_VyqsmxBTU)$fhXmFhwZCXVaF&nJv?oy1WbhfndL0q5g%S`h7?9hl1^21@*lj)qfSSD3t7I(bO15RG5`C zI3jR7BWkcR6#+P&u#$~fgqoC%iaa`=QiP3~lA0DwMGsD3_@2lNPI{e@!rqa>s+@E% z#>>ctjOP?d<#)2zyi4IAPF*uh6<0l;4*^C88N=NXH@oQRb^vTkCswU zhHHWuUsf{ebqEW8XElgsGy$`kb-*m5)3m=Q*?ecT0!!IZ!X2VvF5lCfRs}pd7~Lot z-+UK&<&^HL%;eo66pCtqw_g*>8$cQ(L5*7{4h{$G*y=O?wh9y(7q>eMB zJHax)GiPTryi@1lJUrr!SRxU?5|!$i6EZaGpPR54^E z9*!Mr9a9lH0gVnQ_M?i5q+(4x$xAh6NvE>Q{7|0rP?T#d6n`RCSOv|Fu}fy>E>*FV z?5L{gv@Uq46vM8bT&ij|u67z>sidOo_@LUl_PBpVw%)nuSyQ#BOii9u%`|KEUPz75 zKuyk0%^FIr8AC0fOl_uB?NUgsQDN<~f!fra+If^ZJ%&0CnYu))x|xtV?ZP_Nfx6h8 zI$V*ec$E4FSpAqx{cq>`%c^>-kou~@dW_xr8#19j;|5TUY$JOOo(d1zlAc!lCyHqu$hpQqam9to0|GjKFQ5B zv8XmSuQZy$KFP{_!i@PuSoG=6@l(XWClromh*LAy$)`HUMwPeC>ZefYNowss#PVW| zn$>v*Z<$}766>i7Q~YV^scKOYE4HDgFpCwj%xSG*Z#6nCv%{fq5R-BiYvUhp#a@TK z>T03AZp9vNdnjxZPi_lRB@JG$4>R$K>LL$aZ=J|$hkbA7!0v!Qu6dtq=XL7%r`@j3 z(&5|K&Ye^5McrBLTX3`|lMN@0i#dqKNnW`(WxKmBL z>ciXT6|r&Ms^oblp9W6J`nuXiRl7dNa&($N#^3T!=SWO;r7j|KXy#mqhsC;n1oWH; z_nc#NslDyYS54mRqFP-i`mRd6Zqj^&V||%Jb!t+#jYEF!(lSNe_h8u9Jlr?-r+a3% zPkyHhRjuj9sNdyPpINfghasn2T}QPS7|}n0&SiM(p;L6TlBG=l14j}TC)qUzF?Kg; z-w1p_(XmbbJqZ>-L<5k#3y6L_@VQLId|<#ZwhKqBw`ra9D+#c;@4jN|OD6mlb#Cxk z&7i7--%m1NRQEHzny}DRh9+*`e%EIc!dG`p5Yjfyj|&Lywn4?XNFiZQN^&5rl=J0B zaqV~gv>QEo-CdJ^-jfZ#$zdJg6d&;UJB(GTrLi$$LpX?>3;XPc)30?#xg7)0UPN>!icWi-UY*%?K;hJ>t1tc(ijPx)3#b4(SgXlNs{+ z#gOmWpuc!X%&_6X@`U>t*`h0(*VTBaJ|sLzKY=Lndt7$^-_arQ_}6j9RR_a9Q)827 zJ{;u6(Y(fiANxFhe9;&BABn@5*H|-;i9;=YoM7bt(KzfU8+0Y&tL??3O(ZNgg^ih# z^do+X4_z1xO`Faoa6(up0IXWl-VHLkp108jaAU3cwKUzwzTr^UtV;Z1$$M#ES``tJbl za6E1&u~1J2n87WaDF9c*NFdjAqIzIw3s%e^mNy=-N)E&qEE~s@zE$rtrS0F$u}T`V z!g~Hi#_UV`R7AXKG>T_*!t@-n`*r89g=nJ1n`QsUzG0vPc|I3WUoO#mJgDk4nL4f7 zW8V;#3unq*_doJCSAcXQYvBpduepJw1Mx(kbDNu{7nV#-lKWJ~b%q`ecpe0IU#l!{1pn@?7!N+djuHsWr5)v-WdV|!bw{q7!@ZQA0 z!2kYjok(nBb!`5{oz#!ZbNe<2P6)$EfKVRm3Q9wew7_>fvlGtVGtM>8Oe2+~zeC_E zP!JYPgyF#hmXHS780>=03P@&_3eCngVtcSIc5nVp87e(?DN)ml_H;RiiSQFK+`GR` zlcg2F(}BGxE(D;3so0MasRV>RM(3_DXzh2g|LylSezT1|T#?AgoZZfz+hqH?*BH2y z&3W*zo9r=eh;$-Fq4BHr;wF7Y`4V#Zyn&OBUY%mr7ble|}s_bi7V=V5#l) zKjMa-!H;pnsLeyynN62@d8>hORu;%KG^N=8fefDKb@5G8m`x^J)y(HJ4giEQQBbgo7 z*$kbH+g)4r1<;NgC71iYz58+5V;J+Z)H`()hEb;)GyGF86E;3QoQlU%Hak-cD}}qe-Md(t3zPq$vVwv zxU18Q#B9unV*dC^z7ho(a#)e28v(cw6sYtEoRn`-cweo4sCuGsfp`aR~7hdctcAVuSOA zz7s9@6~9toR*>5fz4v+s1Q>q^wF)1y*4od?HqH z5@;hTfI|*~3~6cq@1`H+n^O5~0k_Se?3YIxc@lw0bgCOx^+JVsI)%qjvrd^bvt)!y z1M^&&q8t&8(T{j}LHv5q*aI(2CWgH)((HRA^y3E`);d#}B#cQibaKCV6`qK=bbht; z=nn$PB-GD=chug*ZQ9S#%j} ztSjrlI~f?(h${K=NUq6m_f1}p-;YhdJI~Ml*Ba?6H1>y4ub3wM@yPgB)29r0lPeU< z4$|@LtG(8t0TGn^-NZF>O+#$DL@(KV@2MY~ei8@E^&0m(xcw+42uhF6wyF6(gi`7nM?m${O87K13Ergk!k4$%J1f=sB;}@YU zUi1J1xO1RoDO~cJG)V}Z-x3umLL!MFcx7n(2D%9~EN}W24NY0qubPQ`Y$dS+p#k}Y zk!ckQ0_*_EHq9HD0;CwvGn6pA&=W!-M|BYyA~3`-X`UrVG|lsT?t^{{`q)6;+_Nx( z?_|ILGxzK4>Ng^<5uI3r+`a>`P?l4A;3OhNwZqd_9K9INmqL*jbQEbP&-h^^Yvkb$ z^4vRYV)`Sf113wDpc%a}8>2s(0mwLMTCLH{5ebB!PpVv(EX@~w^4>A=I6BL8k!8v&|W zRQ$Ap_UDd#!~t60IMWIpULVW7CD)A3!_6lZP?3LbOcUd-`;O`td|Q-i-qSp-r1!Du z$M8WX{Q|Fqi)%&IDn=)DW+7Rih3(Gp!^_O^v~tnm@0vOLUyX?LDny^3XcKn6EFI*j zRF^Q+Dy&kh)bP&HYpG(&{-B2@nO;4!=B(QDu$Ud5Uem~bYSbpQRNwR~%Sn&pQv=nq zYN60e++ZtGMZ;@T%Gm0jF(!MTIvJ29IeDm)|Qr9+lJ3=HM@AfUM#is zEtvp}Cyz$BdzFfrEr~80_O!VBv~-zWu#k6s!|?DM7TYWi z%IrQ;@CaBm(Y&r(?zxQcct^Zye!sNb`+NBE_i>H|@^-oJzk~JHDB_l=z5&< z-IgFB;bK%D&v0gOD{KPR0n!oANP&$l9FLXH^q}YdVl>u7nJYuRv_GQtx~<6^1ctdH zU&Yy}%_GUbtc(ba{19{bXhZjVWwdSMM`DDyE$oPAOhNH=N_w0n*0a@d%}8E>92z@z zgVhO-gVXeuZaePvpJQgAH(A5DRcwi?Qx1xJT3@^E1>21J?0nvQJP>zyZl68lJMt!P z=h{x<_v#n9!|QwuiDOF453^B;40g zhh7z5a8IIAj2Fr;nkosZoORneCu;EFHD(g0%#)(|t!3VID0mJxyT;3XhmG|IY_68% zCL=@otWEJfuB04Yx!v|Y&8+9Ho;oIL%QFovEtPJrzG8zLc`WTc5*KK(CWW&szMV&| z?smu~lW&(J^<7bH9)8Qzy+e^0g3Hnj!ej#k?}6~-IX92cD9WveLm}Sp!EyoQ8#{Xk zx1@Qnknqp;pa`CDdHhB-O{tB&z@=LSCfQK`9ylS<9O|f4?@uig6EvM91bf4h)M1)5 zOk7K3(wp1KdASfEN|xPK$s1Ns3MUlV@}CE*pBsuRkX_l#jDu5NQwf@WH*l!=^jR@U z%9EEPAsdB`S0gFjAaL98MOS>fI+}!1IQFNjhcPA?&nI8;bKgGRrovfpv{oFI;#7bTkoJ|u=ViuF=W)z_fJKWzI_Ap{hf`f^^eT0zwN(}9$)%`Zcj7*o=3g^ z%a;>GBDYmGpU8wHu6X~DiTDpD(T(~?>YB12`6mfgmlBHxlCUcmC7mA>3el7naX6VIVR>2!MGbc6DG5I#Sd!+I6)*A#BIGEaruC0;&?<)k> zYCd@*B(xuL7BXDstYFaGU^fIeQp;guK(NmZxsEGvS%D9%=+wfCj+7M;6=b~6iS0~> zubdSf_!%8*;7$vQDr}@|B@}qCbC_`fgnznWHa$F)y0ak`Kx)fdTFLW?zwnml^htyJ z-lRq_AR?1rL_gtC z3cBcax;HeBJFcs9N#OZ$UH=T}$vZ|wy~cfY!R9v#9<~rnZSX%ZfExyla-t=Rw(8XZYQs!~YV03B6ArGVA;z9hxT2TFK$s^7 zXr^~)qHolrluGB=a=-4V0*17qjbG81_s!*ZOe}xI+5VP% zDc=5)&OUa8Gkg5?3v#0mb@4fRj|zsw7>dBGt<9{%n_0iuS)ZC&OtWg7Z-RJkn)qe{ z1jAb0AGCTNzJ#LAEz`_FTFQvHD$m5U-&<>wE*6rMR#W_|Any^NN!PwFnM+xi``9#> zdNxO!+eUw03bkuu_{Gi0Jm0A^j}fTzc*`?i6F1Ld*30hwoFzh@OQ4*sWj^z2zGh(l z2K(jM-+9CRc@FQn=ghUd5-+O)o(Yl8{d)Hm6#td~o2K{yt3>VBJ=13*c-)d^+A`-~ z3tT~I&J{T(~0)}y=5C?svBqlKpz z8Kw(iT)b3Wd>O&|GX0ZYy0oG9;zNm^Q0n4C*P^jofvH}N87aSon~v4Aj^#f->u=h& z0-QF#`0Vtw9qdN*B?O%g7Vm@gOFNgkCiKz1E#;pq^%X5S2P)VreDZMX_at3*U|QCe zGa%zz-ha289kaY-y6iPQ8$kQXpG*HOvgeCWEl;4H#`}Y1(U(HOW=kQof+4v)VT-!q z>RRte`6A=>5#B4c$%g!;E8Z_xV)WwT{|P1r_Qf3-(s3CkMQEnd8Y#%GYMK}kbQwCl zTXl3@#fx2iQL`HU(Fm{0h;d^ze`?kB&uUsAPx3)iUixwYsc|8Xaj3CzqwHFVcTD-e z`Z9Id$_V2>4aO+nM5=yC)}0#^4KLR87?%*O|NXg^B)Wd6x*qjyt%=qI@74MrW0P!* z^|qEt?RXQ69Fv`O6R_KQXNw8nd24T=Za?0}ZyKS&Uq+uLOr_K}y19hL+)OjHHt_5= zUZ-!2M|}0FHZ7YroyMr1r0xCkPZv4MB{`=jK5wSBxVSMRA-gbbu#{`MoX)!vZ@B7a zx+WpCE+D)iVfsy7ZWDuVTU~sYOJ~PhVqf5!_s?(FyymTDn}1!*33JRlYBw7LHyL|2 zA0{@NPtBq0=JyZgHPjXYiyc4pL~qi~55DpK`nR59XTkMm>l$zC;=|Ur_|0DtTfe6* z6gw^C8yqdt0@9wfZHxJF1S{l{K;EjkgYW+r_G~R>;{6>De`(wmu28rU@!|me9zR zXZ0Mkr*dMgFR*83vd2fa1~V7o%@7p1sN%O*5F;}X6`T`{v=pz?mtc{WYPFE5)03v7 zms8Y}^w}$r-WPhgPv^345xf6ZVp}1hPG1E3eSw67@4+D-=@GiA zgBh2@nmQ1ol@)U65S1x^uJ4UIbu_P zPfu{VJ735daZ)0l`*`?0XY+d==tQ}+rGUk`ko%xW@#OB$_Y(V)pVTL1ksNFg)pu>tFzhrxvnE{V^l6zW z)9I&k9gs8{46;YgAYH#8ooA8G6B%ddfi9WqZWnIn+-@$@OO=adtIG+`R>{UkF3v_b z&&Ot5zR|gD;=6Ah(&{*N0g#Z5S6IqP2;;knnAz|bE8(#1aLi+LO@z#zAl?B8IAp;( zVsV_~cAJlMS??8c@`*SM!lDtOIMj^}4B#q6Y2huc z$Y{`{W$;`Noc(-8;I(s0-SAmB9w#Z5x(k4dU4|EtvLeVZgUKC&Dc2^4fzAmv2X z7mB#remNUl`+RZrAOo^ev6$gsVxSno9?6gS!@g?#FajXt$Vbp38(ug9G$?v{sYGe1 zWX;}|`=Oqccp?(-P#Z<${gadF)!t$PUIxBC1hx*pb6zrGX;Jva`l05qc}E4`14;K$ zzP~dm)BVm~nBKq0V!{fHi+=weJL#wJ`<5pZH9`rj#FgWwRo`DqzlLwO|AajgDxIv@Q|@} z;tE3fc9Q|LqZ`CT|8gV<^-GMRcoz!)``N?(hvM7Djm}1JKnLYRR$4T&F%!{L|HpcX zu7Oz0!Z*JG=ho_S+Bz}5yx?vBD*eP--@oxopE{Jh zBTuZ@OuD!)30Z!B0mNTw4FB}XSDiUQ0e>}st9PM5;0mkz`FGT41p4(&#w4^zW#CqF zIW6igC=}~IMvC`4i9uo7`Nj)`%{PRvg?zKF0!0AiMcmCD=Kp`w&lLW6m4Z;P7Kh1S zS;;?6d(xdj=Fnsz{!k>suaaRRjoqNh7Tm}@mBs5YU*mMmGV@W?cj?{uHLF&rwWYKd zgQ8^?f*jo%R|};u2BU5@{WTYFG*v2T##zGyhzb8}+B}UqifL zk(3mnsPc3YpxbSfWLc~_8)z%ExIuMD2}nr81?IVIvm_Z`Dvq`C9)^38y4xQU?%ISI zz$UaY=Crq`swg$g&mRQNR+{`<^Jqo%<;BomSwg$9q`$@y{s0i{;?`(5sITM}xRTmD z)*GIw8mRVku1$M4Im#r2L6Zr?XrU$ z+K-7UYU_ha7HId3mHad)08meqCrn5aJQ{#Ax^ z*?G6t<)OJwH_6?H@|%MPIe>m@!ZTR*ki*pv7IS59!;=#KA%pqy-SdxRHfIe(_uSpj z$8el#>_!>h{B0a(q?nB>Uyk&jGxr&BYzh8O z1;!pP6BRz%#;+oD|Ge6?8C?Vx`>k^YmfzfRT6y9^ppL{E!6GnuO{^PWjZy{*TXQBS zsr)~>iLPyUbL;;{H}UG+RsMf=6C(z@1tMPh(sCa3+6VdP=e$AQM_5Qvlz7VV27TNJ z`tP6McfxTA2w4@*?~*e|O#FWI7uYWb(93biL(o%WHEND*BP0Zg?eb}Vuf0dZNB&0C z6UeuH^E;jPJ!jm+@86D~&%4`2!}u<|pVDU}?voLg!0~X}Wuf&)+|3@vcQbm69pHQ}lo+A(zeX*gupS$gYEI9P8gu|{@H*oG_O%m{ zbrCdmnsbfX-`T2605r-`pX>N_ZNwvddnd83cm=y(4?m7!5>l^D9ZHc2e(~oJXOOAz zZR}tP2#Irb_4~8IQTh*Jp&%o zm>Con`VVZ24!fJ&1>J-of~BL(_IKzT`T8DYN>EV3%}sAcr7-o7&jCPf3}Be2LxX9B z;Bqp`&|xKGX*7gFI-oF=0vY^(t9K!$t8ArwvWPTD80*yLs|1Rk(C%4f4byMZj(#-M zF+YSw_z%d!j56p>N~HPVX!0dj>GozR$@XdpO4w_Vft3!F1u+K3ejSPs?oYQN!2-i{ zP^ChXvWAE9rTejxJN>TXXe;gEgei)MhUB=J=E>wkVTjmnV=me%qx=I!vu?ndO4ykO z1Hme#Lhp6n=DQLAtTc|!odormVnSzDlEI1j!B!lu#D>W}m5hukXu2n&f~A1ocM|4J zp##LQB9OBv34ph4!-qBtWS{~V5aj{PYWtaw6vW7E6fG7_;@5K}WK16**<})hx=Ajw zOgZSQEb^U{nm{-)Y>$NPb7V~Fv&iI1yz~>kgUXSB*5z;~CQ_bXW;#M}eVBD_a`?gk&@&7!adiDJd#|6rI$WMS@Kf zBSi;M<5jKV?c|6<^b#?}Uu8=)rjGXEYp(lZISRne^Z8+Qg+w5GQtjNx!ey;YCAG|v z7E2G!axuhG05GQ2GC;dp?73*IUlJIzaQa!wFOQBFK{{jghJ8aXk{rMd#=?c-e7Oce zdqB}B@)TF!5baQj+{Id%mmG!&h<+n-TY=MgPJeR*wB0yDT4#$UZ4_oG2xQ@v+Kc3@ zzqd2!s-$%TRQ}9|Fx{3`<4L=$2biwxE)`7)LK1ZIc_uzzatu;x2B zBKq0{Rcw!ouVaLfg-;%IW=NZ#J(}L*YA=LE2(E7*_Mux$>?OgRpEc~B{BtNHNwe#? z$lvOp>n7$PjV8Ce-AhvUc;IESLEf$o34*w77*h7osE4L;Bl$i=d{p>*DAKYKf$*K9 z31-15`Ro?U8?ef0%F!p(tBUN^%shQ}WEP7%U;X@$=ADTXtHp!SEGKt*dCYX^esB(F z%RsWbr_#woK*6GZeBQnI#x`;_7mbj=9LL(Rr}be7q03+FeZ2aYDhHa1Fa2J~^uii# z4Jw@BUC#Q)9&^ih;p9-DpY-Q$TeuJR>6v5G*MKB{oyz#fn--H_gXDd)0s?6BGV*!0 z6E3N)+vpx`()N(EVkFsqd1+f4#_j?jtv58Ne(@S({;Wn)Z0&0ua32f{I7 zdu(6)q4NhQ_XW=>vXBEKliAl3BxBnsmPf7A;+xfI!8;Mk!jjjhjKIyoGqM+~BMe2a zPU^ZASjamXt`oc?sBI6p-rr4TswZWOwH>B(-zOF!Z&F3*+-h~b0R-c1Pn-HLR4XD} zRtu(Yc1+4?^s@2@h;QLcF7L}1j*EmBKixUPPf;AdyxrxaUnM9xLlN%spJjXpG}D%N zI*3>L>;7(13Hmi;z+pub^cq30yo<{AZrK0B9l+VUSNvWIkgreK22`}dAFdIm^j=HF z>i+?Vg%aI~Qd{in0m33UcCoO^65$Y`JUY>t`JU6(*2hiuQgamj0^~p*m;aUw#W-SR z^9BXDkO{v)T5T0Ku2Z;SUQy~`ai`4wpam%Ce+GX0`N}dGf$1-wzou^S%X{`$2mN1( z+`kxBTERvKxK=8&76rI5_c!ye?((Z!HaC>8OAWEhNH)osLBoKRzoEn~O+ zCa)o>h`lxZG3ysG4r3pu1wm2wyhE2nBV$FkG2a^@oG3-6y7V{Fx zBiWs2xCI$)d5V|ii}_#A33L(&sO<59l!WYUlog=D=F`GKGlGJ9LKiPYGZ-~K?y1!< ziUp{P`^1aE7{ygaC1#4*jElqfizQV+Qpn=&1)Jv&#jX@3(z`~t%(mVTCb@?wxd)i+ zPc>;t+eAdM0-ddby{*Wr5;wK|HhHFJF}8I{Ok5vIUPRieIPWV4Fsk(Ks_rVQW$dce z+1f3XFof>2x0a|!;w#=Vgdk=k)=G5E?Sumky1eX$5eI*gnHRE4A@#hM`v&SCwUVROzA`wG=p=&v#}nCUZ0SC6i1t zIqM(TH#_U%Sa^3hI~v4Qfj36}AN^6?Fp ziT(14bC${b@<|xW6l%p34(l{g#WWS`41L868|y4j#jFtPoJ7T(0_(h5#k?Ntf=R`K z4eO#y#iBRsQc%TG6zg(g#d0R=N@2xHCF^Qq#cC((+CatH#Cz8Dg^KkJ){Xs&jdRxD z_Z7cktedEnn>cJ+M3q}qY}@pe+iYw*Je4~_Y`YSby9#W3YL$C>Y^BKXI3k=(!pS6@ zOv1?|oJ_*WB%Dmb$t0Xi!pS6@Ov1?|oJ_*WB%Dmb$t0Xi!pS6@Ov1?|oJ_*WB%Dmb z$t0Xi!pS6@Ov1?|oJ_*WB%Dmb$t0Xi!pS6@Ov1?|oJ_*WB%Dmb$t0Xi!pS6@Ov1?| zoJ?Zd!O0|?Ov1?|oJ_*WB%Dmb$t0Xi;xO0~71>iUIM5e4urWCD6gdhpI7t*aDKI#z z6*=oMxR?~V*f6-d6uEjcxCIrtMKQQ17P)6KcoY_SRQ|smM}(6}IGKc#NqA*4*(lL` zKgF!DWIxra@n}EIZh-M1-D$!6Aj56H?=NqA)v zUYUefCgGJycx4h^nS@s+;gv~vWfESQgjXivl}UJI5?+~vS0>?=NqA)vUYUefCgGJy zcx4h^nS@s+;gv~vWfESQgjXivl}UJI5?+~vS0>?=NqA)vUYUefCgGJycx4h^nS@s+ z;gv~vWfESQgjXivl}UJI5?+~vS0>?=NqA-QzR(s%Z--iB2Pczhos8)NCFv8484D#D z8;qIzC7I`pS@$JbFve`u(rg^29HP=3DyCfe(p)yCJf6}#A*OtZ(tHJ`0=3ctJ*GmF z(n1@iBA3!4Z>Hj)(&8wllEl)IOs3Mp($Y$%vc}S~PNwpK(((zWiiOgO4W`Qd(#mtD zs{2xSW%B>C%4G2UpT7oP;o-kz4vx-v23U>^Qr;Y40DIU0O>iu6B(~9-NqU3Qw{NiFXW3^oULy znVxt5nd%vvF*dt+_wcxXd^*3faeRLHJv!~??qPO$y{_Ze$n?U`tdiUN$HUW$uRkJ& zr{=RO8upG(3u>C@SAU!O{T!Z}`@M6JP*4$*Q`*)ya&mE%SWwZ}-M@2iZ1f}Y`tHFq zCf(dW+BP`OKQTMAtge4-rlh`Y<@fgH?qO*|du2=4()!lI+V6_yuF3h8&cU&!o`H+& zTZhnuqq7UY#H`+t$-dF)mS012%NxgMmlN~LJ;M`KE#1x$$rE$S)ry zodaXnw-1YJo0Id)+xtgukttSzv5nmW8UORq=^t^K#dU4#+j|8yExz&D;pqkITYFo3 zNB&7UtDCz+lXDAeo4-aT&n~Z{vrCT8F6=`SitAcW&aWz(x(3E)&#!K_4~`nU`lEA7 z$LE&r9{yfl-)-#dd&g#21jK};73NhpHFWhKoSc_8b+-N*{=Kt*bb1k&Usm7QH?y>s zSXddFnje&$n^agCkzN#(k~cUx7nxb)6Q5b$*f~1AaCLKE+1%ANG@e{kH84I?+uj?N zR*;Zio?qPr{Qu>EU;qM$LaI8u#~<{HNoS}!=T|WJjZC^!O>TcU$vca+p_;tGpAfMy z3hCPX;W+4*Qk~)2g3%<7ZzJi_b%o<;e2&L!!*xZIS;GDplrr_j(|J;HOu8fWC9_3J zc`_L?4W;vC8g&-yBMoJXRR+JpC}kVVm+Q=COLa&8%gQ#{?Tlo|HdU^-x!oMEk2Y2P z?(#vxq>^i{-ue~t3QmUMWO%T>Vid20 zgjsPrEBi*UY*qI$93oz)!)ltm@rl@I9RHWhU_XtN-h^aX{e9>y?sbo z+ZM{JyFMnZt1ykRT%x9-etHSzFv9$=#Dh`;oT*n4W-8mnJ$xc>3$G&WBJwB>H2Sz} z-}>3)=TSWj4GQT^N4a_$P`yYEiIQDM`(PO%p)vZvZaHGYbRcgihsC5MIDO-GC*M4} z4r7}*d`z>_XXyDO{Sx31U(6!Kc;h&t(&~`#$Gm`98GZC=$RRPKyuiyQbX4m2nhD8( z00G0m2MMwXL09TVB$)zG`8E;Ig{3%?md8vb93kLC73A*TQ9ab_BsKK?JX#K4Kc#HM zs8Rq0%VEN)@(X0SeU7JVM&7m-FI^ReX9}`yKEG(jzRz;U})TnMyCOBBQ=C z1GLveh~x<*hI6MQSE}>AJRS)S9L{ev4JcF-ymCnYMS*{zCJ+KRa_~nNAY{zkq zfFwDjz@F_;$m@WLJM2*}a~2VDW|ToGB^7)Sjo&M%FABDSFMeV-a)8R?h~|bv(oZb) z#gT+z3a4wBdt!vi_0;9KT~uBAft)GuH#&AL!!oVo%Yo3-iDmHF@J{XJ548dvNJQGNj{NSdfWo$aZ0IKhS?qTf^13o+257Bj-Ti~tt{w#Y4EhOjveL61~|?9US%49SJ*HxF6Zch^a`jM zF)fD3A0L83;Xo#hEsW`iqJn+KXmifllqnXFb+G2xHzMO%2K>f>UF_FilLA)4dV5ho zeiwj-_FBSI_0~2mxYkwmT7Br6-r1s z?XtI}WJiJeDYWMx46#HsdhN8B!3fJpihy*a8(d0ETL`7&2Q-dnEU(q`&FL`O<(+PW z8oUJm2X2}h1c}QVVo^8!6>ayv_M+d#3KJC*`y&K?K!tQ58J2q9WI{_`aVtwuj;zSu z-bWg?3)>T;MML0GEieCCT&QB-#3DBjN4m2MeIP)FtfK#kFdg zrw8Zj*zr0MWoy7IZ_NPQi z?-3g7fdbV*5z+10Qyb~m3A@%=X87hI;r{f%MaoC@?*PwH63r#pbxz%bcF50*!5J07 zEtJNMIm9t2*bNa+AAv)E`;#6MF~K7*%?CGjZ4xTMB|JVgGzC{5sSxmFlRL7nbLcjr zj(PwenhO>^7&XX%{!l*@(I8gcmvbiYsyF!eRUiemip!M!Ysnya4QH5m2-tPXft?qX z{}M@e6V=Vm5iRB`LiJZ#ldnNgFxh~id$AW`lE2JOaH52n$h0j&w(apE)Ll6A*o3h{ z!_MOp>UQYCcVH-92$g6IMa=mY+WSp3CXhxn>{v7+qtW;MoNpK+^7m*f&rO@MA!vy$7cT$uOAeyHo&Rh`Wg^%*zA8LdYR&-5D6h=z4BWg@iRy=-6Y*I?xW$ITc zETp8Agy@vS!_?&NEYyz_l#djzTd3cpyhD0?O?O1WP(sak1Y>?XOu@QL!Jb0>&YYRQ zgo1mRf;W`<13I%vD1~4P#YcB)u_GpFbBa$T6q4rDvY|}M(i9O+QflrA8s-vT%qg`= znRH1hR8tbZ@+TU#i0ezoF!OVnK9U=1CfYnE+L`-{CnXBiC3a3H+NUIWgi1L*LR|P6 ze+-kmwIl^-COZ-&PxvMW=O(wjO%8fYj+T~)XrYLch9;PkcO|BzwxlFU$9sjo%aA5d z=TFUNv~+a$_jr|Br<_{8oa*P2+7Oi5l$$Ccn&$mAjo&X#EH~}jO^SbS+Tu{jFGflWF=)Zo2Ds`uC9Z6vPZ?(F~5S8Sniv!ePJCMHw@Ejxy-;GFWLct2G67 zTWAh6(`%N4H%S?fG-q_#Jj(1#NGr%?Yjbk>&^-p3RMgku^Mi}y%j z3}_=Xm@@R(VbSPJP+TVZS79-DWKcp3deX31;uUVn5e{;UxYr(OZ!9>d!{X?evi^ng zFkr+puB0)0@UVu(vzIcwE2ZPrqUOiQdCSD};XU<7iyT2R9uYF?Pa`>EWLDf-{IaFl z@?q?f$4QD749ZM&sw)t6nLO!MZp~JRZfV{Z4^C||?r)`Wh9jBArHuMA)RrT()*cXB zi+ocIcKa}Q$JUG!=^|G$2InwZulJB2VFlk)*tf2N~nwk!1A2 zrI0u#+Ju$YNf<>jOwm98W@MDcr+K7j9cSho^A|A16phfOq}rF1##DsmRUK#7{C!vF zL04u`lvkSAU_sX;1L+9+*k&Qn^Ovrx^-X`N*{@@|!PK;2i-Pge(n*Zc7MZMRjI!C4 zccXvJ=TqsHwK7j;Dw10(iV!QWL@J*QD~X_$Hl>yABb7#Bg^=UQG{4Gok*Yt2Rf~*O z-lbI&9u?WcRSoFXN`6)BqSeQS)howUy#CdPJ=MSHtMf~%@iA%?wyT-G*6jJ#T;$aJ zVXPsMsgduku|liuIjZSAPKBn`I_wu;royV2o@zNxL|Mv;=rN1mey`(W7Jc_rK`Wae zSVl@iPA2kX_K}%Ftn8KK390ldr7R|qyyYuJ%=%AH0$(sGlx1J3hm&f4r_?SZ)Wv+I z|A9%>vi#fkBxB}A?vpo$;fdy!#ik!fEtyH}M`LW;$Q|48U7twY(~_Ob$cy6Ye8`(K zM032#GTF#^{nDDlWSK{_nn%%pBG)y?mNf^gHZozf6z?=g)in9_v~ZQQB$KvekCJ3! zk`#=_S-%KZrfpO zCk}6~5NU7LYGKu`F4JxsAa9?QEf|4~l8v3P#I<$sTb3=Z)+C2Fr;K*&KGkk$cg#O_ zl*V)feCa%2O+9#O@A}ZW&D?P%Ter0;a<|&{Fj{x`y=uCw>v^^E-v@@)HiFX=zI)m3 z>+kKi%-#L6DHk7l7}IFb$_dcZ1u)aw2-bSa&3lg1$VfeVAU!oyp1pbKy(kgoxNE%B z&&2f4z5XJ-!Xm#U-}Z7+F!MjZ;$guTTzmCVj)1SdH%qoJt?gG~cwZV`pV-?z^3xOv zxmX#N2Ic2!)^eFI5yWqG`p0|vq|*AcxB8IAdUSO9n9{r0Jo_262ST^{`T7Q6XaiZ) z19%awc5(xzp3UHhe%Cd;eKmR5QIPyhqq}M}6l~`cDQb5jAvdsF?=Z&ZH071cl6hN@fkI>v9Jaq-VntngB;ijjdbo_2}EFv620Nn5RO4ajH zawuple11rAffztc7^%c+_~l6)=lN>z^p(>Xp#kp~L=hJrXZdZn02I8DywhQ0sd4Ig zkCD$~8Ykn4pGy*U1^d5}kPGJE>nj5O71t z2Gy+uO=h=`(l3o7QGc&rB)pF(E|;f@p6|qQzuxTF#JSbnihy3|XT9F`#rI>&TL+73l1M>zpfEpBqC8krSPLr} z#4C)59*xFffMVB86fVdf%GwlJ(W8eDj7%SlqlT~rT5Mril$2jA(hdICu#A7Y41iWb zi$P(vD1$I;fXYrog#&O>US-W$|2;Mtbw-#N63R*hu=6ZS=q^h~f=L$~NT&?%JXhVG z>XgrX>9e7N9P2V9Ksb2fGLmF1W3ojsL2Mt|rZIOU2tJGqs|oqmNdj~)jgM6jd&vhp z_k+S_K(mp42%Dg1$}OGM-yY$A!gQ6dB+slt|(nilMYPk_5%#1Aoqhs&o=*c;j2ztZHrSGYRhKov(eOM~YSgA?kw3sL)|3 z)aYh(EMj*uHbn zlI6g<<_IHav$z5=q4&fr=9q=+D6Hf78&r~NM$RzrnWOh4ue#)fwa&-}csmm96u@2$7!t&y$<4CTt>gz-a(_x&d+q zfRK5KzB}*>``_u`%2rkOe)Zq2Y?A}U#bLgY^FX#;B#m8ys2!rAT|LRYFfNeN4o#z& z#peYxSF1;Sy&n;{qlI`W{+@;@kj zU{FTrR-&YIN|(~gwnL%-W0-aWF1UT(wpR}VfAMYp`r2QUYP2FZ-esaX=+ZaUIHb5=rG&8vG|Z z!|k+R|C+)*uR5s1nxOx8JGA$q80XK&8uyGOXjal62ArpAAuw5`pN$#V`sHtx>n2DL zENQ2l54rC9`4>PC-W2vj!6w3rzT6ZI!lo1okg^l*4Zy}2GTYt_?Fl6iMD?Ko_e#bh z&;W-ToJKuR5h1A*(Soo9W^^Ee<>+d+8ySO$!>qfz2PqBzBR&k*vG!8=wd zRjttLPgOlptJF=Cxg%3M)u=Td&*a8j$kqzLn0Ami&w-GKStA$H9t~upg}vt6$I4dU zObbAvxt2d{f`kXK;NeXTyjjsd_Rlu^ruwB-k&m#elpQ|bP7I-Wd>AIqDNWZOYbVW+6);nB5!D_g1LCIzMYVc6g$(#r z3xrey+uiJM{Yfyp-}*x^g*n$`J{zL?Tkyg9v0@2?Yloo^P70G~J;)HOus)KS_TYAv ziFW@1$Qx?T5k9UiKXDE=A3Pysp8!1k(rhS)NH!E%2<_TY<%{BarHYEWF?Smyl7`g$ zF@PeB6SluuOD&FxEv)RHnr((1;zBs&t7O_2ElOs=!9z_>#EFog0{u*<$gJI;$fDVX z6p#7=Dfw%J4k^w3xE|?ye;Tf!g!t@NP|+L+0n`Jsh!5r5nzOFkYx-Srf5&U!JKM_B z?niu@7!}Y<>6+tUP6u5NScse(^V^Vz>iIckCykOb_4oAon`zKd6P5=$8zfXAYJAX| z&6bJ`60u5B*T+QUp*Ca=n#?vqf`R8djK)>DP~w!W-Hi*96gzMP?Y<%#O(>;nr8`-=jF%Ze3y^A@!=-nX`$UQpg2MZ-7h3@1VmTWE#s3Pz3HswhgXs9Ob%%ARM-8a!kwSvOYGC|H8vX}Q zmE*iT!j6DBatix-a@?u!zV|2WmM^Ct4!Zy{P*yI2dPk?nBXz_N?frkwn`3O`==<#Y-pi&2>{|B&g$1mFMni*W48Hlk-w zDGh!6Nox;b#Y4nl0;9dV?ZLJBl8cG`e;qyrydkrINM%dm1Jyz5@c_~1B{3uwzz>qn zYAg7>hVzfB*LR7Dx><(0MJ?&Q?=B1Q;X@8lxN|wndtuG7+@U%rH!%SI>tSJGYBX9t;R!j|n9+?kuoSUrh!6eI5A3%>?Mb`<>5Z%u`>&3J`YFB(EicQSLt{ zkBS$mrKTvjsP!kG86CXeDyeV`n@}ofQxfG2;MP#M(ZRCM2;+c!SXov`ZQaSZ@L>?} zM$C3Y=cj@l^DBl)SmzS<7r)1(pNznX$fKNx(q;6ChyD4fPG_GhOcf-KL{m+>hYTPg zY<9Kf&b%guX=e@pTl=w}mqKKGKtn#*0!;i0zo?to)DtP!Wbto1hZXc%F z{#B)Esh>T_KEn99NO&q4%zdqrFZszbVIoznQPjBD`poe2mc?|#1b3xi12gAdDr`}| zGpx$B;zVD*PQ51#zbX)$&Ja&qx{GbWJM0sS5#~do-pGW{-k@U5ZJzFJnlZ-#&B23 ztF}#O^L_mU{5bKza@TM{c|%V3Tv*rjL`Ud}Ah3#Hsn(4$aOP|K^c&$FNsp%erN3^0 z0s3rQ3lL@J{Z7a5=5z8dg;fqWu{CwvA4|RTR5qc?p39h3ZtveHl!xg)55tHiNxV55 zYjE`&zEM3a4Sqy*hz=Amq9I-$^3i-7F?S7x(Nor`Pc&6Sf@=87a5 z%(Bug)S6c2t2$qo7z$cyEv_smbUIf$cUbD(EY5VGx>N@Wo;EzEE)7b!)atWZ8uP9$ zPwLgye|eFY;B*kx^{3*+cMo@;{t1HtDA9gZQm2T z$m&hoco=Z)ly0~1dRYDauduikLCDUJINjix$E}yJ^V0QA`W9}mTi=0|ZK(R%Hu3Ao z?zf%xQKQ;BlxXfl{V(=0No%`v^pC@;oep1%()ZYd-CLgo98(wD_ume>Pas%3W(>pWi=j(Nw#+Wq*^IpSU;jFa?44BIh9s@KThoMm~WsuFaNNzrH%G|>BF5s?~{RLaqj*FLhQ$-#7Se9&C1WFMd?<{k~yx>n0YO56EKP z#_sx~#H`okZR)v;aPHRlS?@Y2seW&|)P2lVZ`$JLC%dI?Iv6Qz3)csP%)x)*zJN=1 zo6FE)eO!I9uqbpGGUz9n`b`vPx*Hsv4Wjuf=dw!tdOM&A?~_coA_t=%jW$W=Rlz@( zA!c)=4Cx^zzM=0zsXjDcBZKxY8BGq+UepQEs0TpQUEQdlvf7Nnar7j$GOy#2i! zr@j@{Ga7n{999fWHwzk=el z5JIj)_f@NdlB@U1q31k1kS{w#_a0$G7U;iuosYU4am*9uSj|6=p zyDft0Z$-uX#M^6yRr(~H`q`5#SXQ zxyO)9m-xgKXpLDc<}*{c(ajQgx;P?bRWrK zdOrxcY!89_7J=f{8zt$G>=;Si{sJ_vPcDadKxgU%p)%YO*)>wXo z?5}oGKkzG}FzG?_2oj4|SP^j<{_-Ev#+T%(#&)^7@(Dj;0K&1o>jd)eC_);zh?0W(@j{iPvvv|UMvyiJpwo-5>qi-A zRCOECzbi0#Ks$v|Ca+&Z7HMM$W)Oew1I4WLo0$&j zIT67cDQ%UM4=T{_DiYk4q77xzV+ZQW6Bi|;H-GN)h4qM$3o6nhY%J!4`3cmV_ zpRh|{nVXk-!-#-K0_%5}^Z55WNiV_?>lXo^aaF&&MSH@fyKQwvZVf~EC4cLlV8Qwz zO4ZQ4>c9^52xqYT?o!k^r)%I+*tq&ny5(3p&S-4S<@_Z!uH{5$O)9bF_%qq?NWMtA zcWEf<>8u%+;TB(gky*eNSczQUOVwR} z`M7bmE`ze+{Y%%9aAWH(YWHkrTTp0Ub>lQu=dht+r$X!`Lv!cX2Jf2Qa6`wryx66x zVrRj|AvXQNUeC3&&K=rYKF*eBc*z9|?`KxRbWD<=jp@MCrhvlM*`d~J8cHky!mTzhHrQ+ao)L}%%VU6w~ zbETP+*Wo)5#Dr%2hGxRKW*pU#M1ye>OgP2ce4Ev50n}bC z*mV84yb+_AXQ2v}w?>G+E|afT?Vz$zwSHhBAJtO8;Y9h{i9&>>Y^o*q7fYK_%jlC6 z@4$mrw)w7oC4VBT5<#od^%Ltir;oCyef`I6L`P*omcyA=(cV_bt1Jz8P@TuR@9N!`ekS4qi3ld*3&O%2^(jl z-q_D^kYQ?2eF&io_& zWyZ;c61Uylg8E;o%je8;;{? zSMdsLdxeK~`Lbabm1!T$bJhIa4x@{LAWNOF$eQTFo*37G!MlM6)Mp+ zZSWyEaXH;b`$@(?^m+nJ6d&nqkT!>`-x9LaCi0s@WYA@R;!-G+VhCQh1FIs4t?QIw z(vGj{D(Bsj`qH)U9|Y#$z`7ohL*-E4>KmRxN5R2s6K;o&t^V+#kVuUXGh~b$NLZk- zL~=BGYBf4nmxG_d4PfUu@aekM-$BMwqYWKE=g8GA21zjFzh1&sYDT~T1->%?)&bx% zud}c4-JRhrZ_(9+$jn*X5ZX0pmm|c*lhGICr11JSV9D{(+}5A9V^&ts5(}6W>+n5{ zOb-F%)E(u!ZnSQ%#vXkYpyXtHeppsYwq1p!cqo1(4-Ow60;YuZV3MEw3exe{8A97* zD3)WWs6jza%E1A6q~IvKLvm=u-#*DD%O+BI}`5{d$WE zIF${d>+TBN#F_-KUp?dZ;R5|hClo&(sVPPQ=x9?PCG2ueA-MQ&8JcU3zMI8$XYFvp z?1g(5F{nA|dn?+k-33L4T!@m!b07y8+0flL`vs_e8DaQ7`Iv@pF*f8r))x@+>j5;v z;K@(yE!5i!xOEYP!H!Hls)%1^V*i3Wv-tmn2sOV1X2;oHh4egl{{(()e!Oiv7`uhY z!=%RV-2Yv>hiv?N*}rhsKX}uL3v>)V!O%beB8msd;PO{@03w>)TQj@R-Vl6-&*f%U zGy@T2C}eAgS8s-*X(VG=%&%!j;+fQ$PKU1Plq^a1P2j|48)- zx2e9JIiwK&Bsz}D{~a~5rFLym`P*m|lU7dpI3gtUy{fnqqj(Mn(( z^tZ@pVxF5|EcEpp3LKJ%m|wWM&A!3H-%u~}g-uX>_N(l@QrYtJ!z@Z7)${_)#Y31Z zAZ;WqY3yAuy$!ZSx_tG4FwuPI;AmL`D&&N$Djoqx1#KL;$*Day1BFPDYe)uPl#{~hymIoio^n~L4Nh>6J7wAPX!!I>h%Xf zYXHGYKxq)cv)pMe@BXEDN_8U;ZyITjth*Ap4Xc~@{7;a3H%9ihc{ia<`Y}dbyYq2R z@LQ(ICOWQAl`F=)SCg>&#mntMdYcgEY}F_%cHeeE=)*Z#!}<1E%Twj~MNb`7+hzYr zXIpd!IlI6$l&K5$d@(Ne(aU4zi|yl$gvpPWlZDsKf)DB6Ukg3PMe29XZZiB3`s?{h zzx3~!;&|ut-J8eGm+9Fmz30ca3x3#haN7%dwGSh8HiF3f#{+5(Up35ZMDjyn328e& zqA@8H_T&~U9#da3EJ8H>ogQ2lrT|)j9CX#s8K?w4mI`j71q7%lzQWx`sG&ZG_3y+2 z%g>NLCnFM;8U!-a0swbCH4a)VfWqQ~fc@VlCzVp48-Di6$N= z9$>FDjWCkSCZ#muj8|3;=BhUY>_BhoPwgO@e7P0=}9TayNe3pFXI<+Ye?nG(-&=`CN&? z38v{$%=+eC8bP}}#C&SCiFD1SQ$EN^Oc|o5y(qde`It++!k}CZfZY=TYrRKZ6uJri zKet51P+MdH9RSGyLl_l|&iSd*ILgd0kI|4$noo^07Ng}`#qH39?=zm7A1$pGR*4{+ zP;}OmVLqlIiJUB%eda!w6eXIUGz23i1m)9LQPCrDsEmDfQTtaSUg&6KZ9pO<^b5&h z{KT|UzTIkiNH&%zs+eY9KF}N|BC#p!8*PC6BX!#!{~P#s`AnW8b&)m9LDq;=9H#ju za7r#1RgMWKj%I*Msxh`@%tYuNAdq{&Rpvf!Mb(h@8_QG?p*h!|3^~KkaYsykLBYAR zE)F$@K^*0?;@R4}jFo9q4gOMfq8z9K7ss!FY=ZZGEO*7P9-~D>#owE0fy6LG5P}sj zeDL}Dke_Z%KMwv)@(q}SILBH^V`6Fr=5qney5*{G5NClQCkS^(iIFoIkXfl%?nTJN z7A_hF^vCA5BWSJ{RqQ_w?g zK~fPFPtLbZ(#Kca!34O~&6Z*?v?59SiYPfQi(9z1r3Hcwkc6o(neLikzG7AY!RqHd zy&(vx49Ez3hWY^`pcb{J-1)6#+g}Uhe40I5)oJqPnM{}NE?sL&bBkF(1t@w*V6}E< zFg&eorehw!Dp>MKsM8w6evz;EWN7@Yh9n;#wLelroJt7sqyr4?FPxC75$#tRMb_@v zg5pkoKS>0%BXCp&+oyx?CK5Yh124?)myJ*!xx1c>?LO)J)d%B6bw_=&Gnzi#1caL# zSvzkepb>a7B|X&U*>AO6Sd3X$8wQZfeMG)qe%qsY4}?X9U}4Pw!XHYsOwZz>ghI%Dxbiaq7>g)D_uds3-?(s zo}nxe%0qHX4MRVh+q_9~JU3a|8HD8eR^|$2Im?B`^i2CsY??#!@Wu6l^Q&CdaY7q% z_cZBD=h`IJtAh1~-z}Pv_2{c7)6#t-8VYp|E$LqYpr|7^M+Cds%3pRdb?DxZ8&Z847Gjz8LamEl794&r7Zz6OzwiC|WsQr7+7WvJ)*m8ay z)@QDe$$h$#p>S`9jbX|nFX*9O#vt?<+E?j5g+swvm$~oN`H8_i0P)Fngq-rsYQj@= z1?J-0CkS8;;I8L*JP=00pg$EcemmD${x0pj{)NDEjpp!2B+Zins{S}7)^&G`cE&zH zV`1mg_E)57^$D?sNTs2l)z&v0hHsuIA|P8Y7cOG7?*HuLUmtoKLg_ZO z)^|gp`V_C06Obi5w9yX;XFU&}t*f7RsP4cDM(?Omme60LBZZQU2n@gpO z=&#GaMk>iV?R_S2(0?J!65V`lf27~!If`EzQ70T;uY`F_4RL184vSp&jo%2Y*d%o^oUYeH zHPJk+89PPqLtDu-iZlRDGc%5|`wX{==>`{^BAEzNohb}wy>jrb!K=;KYeSKi;5FOj z(52|eBnK{0d}8I6hY-eVhG#CNEKrOR_5S z01e*um-3;nW4m~Q65n3E7iW{8W=Hj5AK2n$(iYaE{cf}?6OktYo8#eBlA8I%?=a4f zVMM!-i`%+GH;_lqvn%VhEf|(7gn|4K)#szuu4FBVAWj14RiUJUK!58`fl`v!#g@QXqI#C^1_J<00=Ba%V`Eo0rN)vxsQ zpTULS!oGczpqGQt8)?uRQzCu{S4w!kz~RW$SdX6~17 zT3M((P-rys-=@gE^@5_M!;a-lf%QJUrVYKF-o7mkgD@F`29c@tExq0O{w`k;jwpk} z#-vkNjKc`3<9?yj=RKEm17`#fqZuh}~`` z2iCm@o_~$KKVy5Z6j?1Wcz@0JJU8vbGy9BF>`Yedkz3?9gX70zrrjG8pa2b2D-P6y z2ALEG*+7F`ih~uPUNEoXkSJ(qVsU6DG_0`rhgMKnV{v#VG-9AQVgVxnXDVU?8ns^> zbq*~Lfc}I*qftwuZJ+>lNemTZESY&E8)F<#Nt_U4yhKU70%L+&NrE0@qDe`j4P%l^ zNs>2Xa!^Tf6k|$aNlGSTYGFxgC1YA+37ia<57@8_x|9!kvkV254@I#ICzcOqvWyg# zk5saZHkOZevWyLsk4>&4Rb5fBU(;7zv$5asRNV-%-%3>7DzM+FRo&^a-EUu`G)u9o^X2K! z&B^b{uC9Oo095Fv4>FP2rZ0%Tc+(Gy=Wx>>ECJmLAW$>g3M4Tp-U^~{Iot|{1VOh$ zXcNu0L!pJm+hHt?huh&C1JIoat_8E5NWT5zohX6(!=0bPsEoVO;zZ`VF;es;yRmXS zN4s%K5{!HCDr)9?2^uCPdx<(OM|(*IL5%zVOD;Mmgue7JH-hK*FfUqy=_o(`zvqa8 zWRudP!gQD8qoV8}rsLxLM2q8+;=u|^$yw885c7HSZldLR%VA;J zdFyE=ad+G00P{ur?a1nR$G3&Di_V+vlZ&Kh)b@)mWLxwLi5H^s%Xl=)_{(1Khh;kn zTuCeY*jL}UuG)xQt&9eUttos4X))1jKS8o|u1B~_<&;M#>R9R`*%Xm)hTa{pd>h9{ zkEojvE*o+b7ece<3KJ7kxt*5#nOy(tEiY?Bu;LeryEzS0jfMer(=+Zs?clY$MWc@- zJR{$dDjNMv)#vV4>`opU$IS<=U40xMbRJ;qo;OLn)88Lh|9Jgiru?%RGOGSZES%w- z&n=Rd;BhD3lJ`+GNxhQaIfY^FaX{w@dq6RbN&;t+beU9|o8^5?+T>-mC#{NM9m%xnNnsvA+_=Z}{U z3;%E!IsuYPUvNY=@@#N7GLfb4$6x743`0FQ9+&<@W!Wgf^BmsXmxg!mbHp|p+F?+| zfHzob=xFrO1Pjr6Oz~@|aRuGFnln-Eb7eEYx;;(EAZL&6Z3QDddkm2tqW zosQ}vSYcO{;GI--8sVhgdn@W6dP{vQ7Ng-9DPP+ihQLHjlVOP6xulMP5|h%?A=k`# zX=v{9q$Hw7W8McCtrtUms<4Fh zkfA;ZI6gl9w899O2Es@rn?7i?0Ckbv9+URth_5ij01uF*VJ_DA1A=|XoyM2~)hj(Bpc{ol z*vHk_2SVVJgv!(Hi|qvH&BF+!1b%Z*dTiY2K2n6BZQl9TTE(R)Mx>yJl1xYiT}2*v zs=r4;M05)jhS1oV020D}|1*xdC>3UX_m?fogCHLPY%YTOx6&_mFB`O;$b0oiJ{aZ@ zt1V&z(Em3z>K;W#%QUVinpCE`(S}6Z){p?3J_w!eTd4mscUz%t=^ZPw>jEw?6 zU%u{Kd9NfSPBAa)&eYFFVwwECwPFn$dmf%TLpgscI zM|Kc#b|}`mcAyVt(V@bDX%0R0uk&HGJxET zu)IW<*>RFd$*rQHHPZRyTWA~4&WdU-VvDbYeYAgmXLvF4G{P4I$lMK)c*ljPg@rnE z;(~*Et#bv7qAS2oWuTHLc-bTDIprT6w%K)oap{AZK7%yL+iXv9?q#~K`+~EJCTz!m zjf{`%hHeO=An8Th3|#hg`lI_A=PKm4>Nc9CdUJG!o&8PtS_Xaq=#t4Vl$(kD4Mh(` zWYfOg(=)n$hL`0&;q5Gw&bLfN0R2)1QAFGhk*+!$fkmkoKiLP&q)j@iweJwKIBfBaY>#w9Z9t+mi`%smEKtwixU@VqcW+!8kcvz(rJX>q%Cu?;u;Vm1UF89*ik3*#bfhOql@HA#Li;y)}?XXs=(`=BD~(Od~xE@XwWaQ`=%~hA=K>Y$H+wRMC;XT5h;%(WHJ3? zL+g{}tBSRv-dzzg>O~P)K<4bWf5xY8>8TKk4%cKss=uxdf_dQEr>7xZFY-G;LKi~O z#2Xz!8qjw>1d3tCF1Z6_Iu34At2WARKt4#{+L3<~&)9v2uLUaSzd($tuzye~&{{|_ ztPVe|*65I8p7O%<9H-tR%_R%t(mLqyU=JxM@!j$RQ>W1SWhETZ55|oFKYEyunCx;@)4Tfgvr~()7gb}#1wR-^+be%g zWnGNrUpqp)YcyOhBz?YGK*k9Gr%P`{LZ6m5KEEY&ZWlgs^!ha$2OMwty`1rI2G~Dv z_~&c*XG%g!ZrREXeCZE7K|*?P@#;27YR@iu(#(tFBQ>EVGgmk{F&M{H65hq%&C|la z$ilfh#NJy25_roN92O`p1qm;5hXWaapaxX*`WGVloPIaHxXRPCSNs!nwvs)10%O{BUy!Qg{qN<29Zy1 zB7Z1HwWfY3m-+-}WGCVej|V|EpGNlGG@MU`=zlcRYBZ~J_gB1OQ>Mec3**#dU>znT zAGIXEaHqOnWV)BKG9t9f=cfMM%miw&3cRuMIi!OB!h~XF`4n#TN6Kl?UHVGu`K%|u zwWLDxU?N(w#ITBcar6-fg_R_N3{RSzK#Pi6nu*bhjFyL-UYd%T5ytd#gomuf8hMH8 zH3}0CBN;0rIr|YOCCWSD2(C9C&)@p?qDw4%L}UU)R7Su*A?5LDRxW+g8HRp+(bmPt)VU&}a3k^eBCZk!660W=uML zgi&;AgnpugW{#0zeu;X)gJubKPrp(^y(Uew!I(MILceA8ETZLhO6d1SGLDv*PfC0a zw3sd;=&w=Y&UhGpS<&C4e7-9AeA~kOTPxrX5d(;q9x*Zw9+d%^m>w-M@rj2CW zk#9!nUPtCIMtX3`=ELoFhfE;6Pnf(908 z<`rd{7jYjK!59l;dW&FWBE^j;#XwN8m2t6ZZ}Bx;6bQrQ=gGF+>&2-Fg)k}~w2 zvLw{5|v1x0GsN^8C!)f`0D#P-%)TGhb) z!$mvp=R(I|)HJdLOeA%$PWV`uYwwn7yI$7uw$=4q7rp&mBdAl!twY5An^?TeLv)2i zG749Aj99LXT;T*?NfuWnidYRTR5-m%%Z5jqq*_m>hTf~xAj;B2r`G6qh0Y1Jh7Gw* zI=t;O|(FiW=eD_VS*EN{^mVZjPvg%?>>8Qxpk z`kb<_DK>4TI&E`UZIL}~oF#2LOfB7GiDk^;15qs{vhVxQ$U374C&m(nm`Uo&8j?wB zW?&>Fb6z5eZ5_N`v{SO}VsJ5KG2Yfy8Q&op+z7JmxVN!FC~rsdPPy>vVI(QQ z%CN>6@5GBHB_!>wDCv0`lOR9s9;NJM;!mUTZp78?X0YucVc|v9B?j~3p|i-pMDKlb z+AhG-Bv?+&Ff+ba#l+chL*P@#|O%89%l2gpvl5>~O$>De)FZ5L^R5d(%n zIm17Z**~E>jqT!n_AXCfHBTZXwmHT7jSD<|`v91EQ@ID{+m7Z%LxfT^L~rpbSlnu& ziBjG-e6j7-q5Mck3o%boZs3eLa`)^&kM53kwQdS5_a5hoAEy9K@={JZwU1-0;wdz% zehTwlKalE--It%lGZQh}9SCd`d5P2@Ih6TLa z@wfNy>t9R|J+?E1qFZKLb2d5bXaA+{zP{}n3WRl}l;Nb~C2qq>kZKprEkJfAG^k>YydYMT@ zZ}(3ZO*G-~KV3A(g#F34*qS*3tZ!OZQ`HvVkoBe`Rwp%5bjJ|cUx&{Lt_={A%>PzK ze)DPc8ATV0v$tq|_n2s+^`4}Uo|H+_KM|ksvzTzgn2IOU-)V5xnVGifS=bc+E21w0 z!HLfz8u~v)w51$QO$UzkC%g{~hOWbgc+eO)vam4zB?q!8xcD%T;$p4McMj0J>VZon zz^=ow%&MuW3gZAcqE;(y))JLgG;<>|nvFq@a~&N~k{GMfKGV6}E+pnti=Xm7Qa4zS_OWFoe5_ga?TT5o}K?Ovfo#62p1-MEU+T@ZdPTo_1*er zJJzn%%iW)OfU_P1rP&|;YWD(r&n9<=Jz)Rs%tr3-!844lYh#3007{7B64+=fUJ>$H zaUZ4}v$vYN|E6c3?Bu`)w1cCz-XjP3C4k~Nd0?Txr;L82^EebG*Jdw&2z|LLYI&g5 z}GTgTY9kLi5^ZM+W*pi06+lV+1XQTg@h^~`74qfXV))`8Y??{Y3qR2f$ zb^4TF0rwDiVi|DE&UQpnd2Bm=Oss=)X^c`Se~Ms)EIAEY)dYeZQ9c7m#_Gr8=bJme zgn{d+-IWA$5h$0vhr_z(zPYC_oz8pG&pm1~o<(#aEy%&0=tm6ppRD~!a{Qxb5$(8k z6GJd?1ipep7{r)CF(3n7VE>fIqxpx3PVKBe75D>&s$tfNIEGPgxyJ&K;RK=}- zx@bbBZLvr^3RF@{r5%Y-cn%~>MIi|sdIgB*;~f^NFqlyfDI5Uy#*&b~BHTmGP?MO{ zD`|k~AA3Woh&T+I-8mq5#Lppr_f@F8d?EI||=pu3YW1ce78V!s;}F^mdkLwI!`|5 zj(|`JW6-o79bzn;RV|H5vbX+Tp(m^Rw4Aq*sL3YuMpvcSDD~9`it$=L+Sr_SM0`Y{ z+}<%%T*ntl9KtsXi*pqQLs?|Du4ii7v!ozFXi@g!!dX8Wf=y6a>j5?2cmZ=CWHE**#VPOcc5v(Pu3 zi6ilbkwV@J(c(p`&U{eUsG_w|yXei|ngj|7MKwZ0@d$EXbBKs)>Z9?3sBtkxKwpvj zSwYk|^7HsQKDTNU+P;4f7vKDNw2RZ>MSyG44H*u3?JqtduCey|g|$YG8^)}#zMexh zE;24oo)KPv>hp}bzd|L0!C5Z?6eIeZqGrFV3EQDYKwy%KaZoCT;kVm3n4S9!u7re| zSz@fjl4X91d0K9OTnxuJFB0pwt&AP!@#zp^yx|ZjxA~SF8N}nBut4v_TotVTH4ybS zU>F2PjA<;Mqb_65>kyLI8DrLguw7=9vdSE8w9Mh`@P3eHkhgY(sjXagk{=D=^hWv4 zcb#zmz5UuhTm1(=AIG;#lVmf@^!>nd&6oc8L&IBPY^&Wni{DUC;ixG?Hx0vIaJ*7n zrO=)-Jja7`+)DyEgN+bJuM^`wOi3r{zfGRQu@va}gKE2fCRlp$?llQlxZod5I7mK7 zg^6SSxG0RG_jac!+jIQD;KVW7HvOW2-|G;Z>rwbtz=e0O_*?Yq{QMlD~_Oco(Zts-A)YW>CpE- zHZfcYDW_=}nS>Vmr0yK?IIi~nXwWwwbe;PHSH-~G#X_Xx)5wD57!k~z;b8e31bj|^ zL>WyuoXFyaKq!b>8t5k0SAx@&GJ1ib2m%KhzHL8)81j^(joH)2=^~z4YjRQw+u{Qm z0jv?g=9ejK1_&~ZjTWKP_q`l*Ntqwjp-KJuiJqy_^5%%KnX2=&U)9S3r#B5ZP*W%{ zP^6UUc6H&T7bvilYXIGHC=t$ZyXweGe4l8AYy>loH!!&OM)-9s>73@TGU;T@tQ|kg zekPumXdV_t!UlBF{1;568D*2sY^~6Q5X(~w8c`4ex=hVq&s!zCRL*7E3GefzOTYIZ zugl!TB0D0qYE@_JcYG29pJ)by7Dr+}0{v8gGkx6JuX8szlq@C?2S3$Bg~HGB=S#^n zrI_Kj+RLIl|=#jb)MD#Y-x`LFI$+PirKJq&{xaNW^x z!e15SN>v-_k}6I(k9AxR)mz9TN?gxK^{!B1f*t2?QmcQQVE!i7)T&6T{z-Cbl%A|P zu#8pxN&HlgvJ7uf{`=?9XBSPIz7+i~xh}2j)JXKV)SN=Zjh4Rbv_4dG&jzHH7FN2`am>413?-vIYRVN;l&AsvlMc4;;H@F>1115Sc9mMZuj9(#SE(q`QgHhu25sdmbPh zz5F7!xs~c|O}C8qGA3X10HZp4bkzMe?Ds79m$yh9F=nbsX|^X=xVY0oY?^h3s; zxA|KW=26$d4_Rki7VmDCru-yovvgc7gb9|X!z6wNqGVc1a4pZo##}~H3RwN!8u~-; zXTh5eD|xqvHh~+LVsQa$Wu3Qk1rn~MY8}TknQ8M?p|0g-6Zjfa%io&@T`N7xZS-%K z7rH*OKD%gJV*-+{!Dknp)Ny+L>e)qyeypcJx3mfW2+o5^(TbXj{E`cG16{v>Y#CY}&kl=bUUnYiHy3Z6$rMkF8Ps=LsENYrkM8 z?Ocr)Uda5Ff7q5=kk>CUD7@R5eccC#_^$$dymx4`&w43%eZx|D0Cfe-4)nUbL>Fdunw!S_J`=FUe5 zP^&tuF0Rr9OOgV_is(Fe2S*WV-&^d*x>V&`%a0=bws6rT!M{?>okQ77k zJaZ3De~_8anLp9?I3G&OZNGNN@-s;*U)SPt!{uUD^IMguDCMNW%bH zngS?p6>e}Zn^;5pSHT^jXj)Q16K4^2u|BCbVP6!{b;3RtQxTH)eLP}4Z&(^$=lAg^ z^6}BU;s4erNW=e*^o<}we++!9sF;|bY@?WIzr<;aNa9P$#D3}3TJijT+5Y~QLH+Dw z{qjG>m}>eJa0irFYUSR)6tQI&&gWPA_F9!wJZwkgzl=w)dz0FZ zxNbSM%u01JI3k`QqEs0rnJ_lBx+ATbDPtPtc@I$zBqmn~6X1@_*NiN5M@>qLEDi56 zRB13k7#ypuHxetk{7oJ`{mD#MGQd$H5RCbybTCB-bI%YHiXt2xj!A4hzz?Gya{kt= zL(1mzEe&lX&gb*HKp;NkD(ee(e28LvfM-16m-sKdaewX5eSAm;DbN9I&IjH9 zrf1ygbbKPCW|@<3m4zA56zX>ws|@T37RsG>A${{@oRBz@C~czZo7_sf;Ixf=$kJEf zkeU?%NPRCI>@SNa0&W$fYHLR`+xjB)W0XBw{@}6x1HVF$aH?wU^N%{Ypg5V*#IcoJ zS{*8|E-Ik+1ETLtW*|bJUtZTOHuW7k?RWn^D3v%_cewPi>y8C%J4=V$AYGeF4G57m z7?CtB$%4%4;8_&~c@)}prnHGNgVFsltfn8z3pa2X7AT7szho}wG6icE1C|UMpe($C zVt^s*M|&R@#!L&gau>5wpA_RFZg@(o{GbaX+^d`vZdegrM<${tN`|%)uvh{dmgJ1T ze?g`^$*epeG6FoWB0`m<#Q^9ACQGdIpze7LX?aY&Qo%qO+e03Qr(zIy86d^XULePT zp|U|dCxkAZi~CL3u1rL&UGzy=9D^OQMj&k`BB3TK^@~lW;k9hYEBSd|g@JGFGpg9K z-(*PClo00?&C*oJ>Q&9y)%Dag)aJhi%rYjH)#J#}>~4b4^c zQfduR)`hRCQ!ZxpA2PqW+ARopX-Hyx^K|9)gq?|-Bxv~DYxop2dx>1Q_f$EoPQ-IzNiqg&{@A2^GlPqZ!sFN?GtTP?3<+oyxKTCE#D8C zDK=X637S5iv>@qAFMO7g-VAk@ExlRMvOm)zXw$O&tz}N8jlir;!MCg>x9m#2bcUv# zfe~A9_O0*@PsxC4*+6|!!`pH-)k+_=3N^m!5bYXV9mDHo1eTQ=#PRxH4RsA1O&Che z1L~z@JT2l1Z5?dwdmN2wD@W5S47)nbXsexSFI&x;yUetELsi04tEvzQ* ztS6S(AiLROz}ohG(ucBbQ?toX>BG3`8Vw0PZttrYQ-m6Ov>L-_ZBwzeGT}?GOBk|A z7U!Peig7uX5(GMP#@nT$3GEHfD&GkI;hBYbLtzP_{4zT=O! zJIHLxL$e{6yeT>zbh=UQ|!7c7G%oOX?ioU%bLIIcVhZx-E@q^Ob*TL z72BQ&pBZ2@FwV9W#m`@$;%RKBCpjjZ*nW?ZI%#t1G@mm<` znVZY+OWPml`dV1%9}LS`sKO@9OU4e|@n?L#_jvl&dy(@7#Hjg&as|@y`R{9msA~l6 zTYPu5%r!f7e|FL0mKbH0Vr_>RE0$(z`(YBM-6xi|NJqx@`!q3!pD}9^>^tH^c~azG zyQ?1^i0vh+bETT|WSr+j)0w4b9id%YStsC$sj~JJ#_%4*z70 zV`J_8)>^^*XsYbEHS-v2T3NAj!ow_=^^I&Jt|U6}gaH}kRPC-d00J$kkd)TeiEPWzLN`qfX%3wMSw z=Z7YZJnd~q*Bff=tzhGw+B1{Olc8F(=i1+3+H>n~C(aGN-)PKB=q%oxhB%%9;-||u z?8}{M>zFzl-%S$n&bNFcrfAQ1@au@Ep8^|ekR)$#W=`vI(Ro&Kb>C$ z7F5}q)XHyMo@@BVeiz1MU5M3S8z#lH>k08$xDDMv_+y&?PI|mR3FjhGS zG&^Hj^Fp{BX(=q%eG!@2!zsd@H91IZoXOJ|!nq}{d8)1%H_osZNR4q(K69Xi3`-Ok zq82HJrw>PDJ}+?7oJ!addW13LxkGg0P5~=EcE=>ZUMwth(VVh9SPh52!(ZuuEuL1 zJ}?<21J6!i8jJi2D_~j@NR=Y2kRr;(3iNkXqW?v);^J|Dv8tjHT6B{bj$%CJ!YlYu z=+>N0(r9xKF?u)z4g%I2P81>zsjRsRT67OMyo;T}btiBMVed;q_fJOfuW3nqKQrR! z8TsXrI7IUnI1F&4aQh?U-of)?JE0rM>CR*C+$oz2WN_CKyn6_^LW-pzUJOa}4@^PL z{}}s1xtbxa#WTrJxuolt@I{fml|o>%Liu<>adc`Z_dOtW4*(vyO-^|Zv>g0)yF-)`@_=);?{f44Td+FKB3_F}7B&#~{%r&)phy}n^cY+G*t_9aN741RUNEB8ci~T5wT0xY!pCLFG#;slcf(J? z#W)W4;9i11u~5G)0_S6P->w#LCocR`Y#ua$|Cho7hP+6^n-Rh^_9hJhGi|?WCoe&AtTt7 zk}eDZBlHH-5>{1wuujf;nQe}OdWAQsPo zvHv@*gU)v8+sdIb_gmjp&p3%JQ8X-+pJ+h!W?(Rx$g^st4v)&cQ+{XF^lE=Rjq5|9 zXUl5?7PNzMraLJFkv=M`M9iGt+{3_pxvxlTT2*J|%^xh(J}FLG24LccrY>^(!w1OW zSAs@3yQcz$J+7bL>m8h*s5bSo7DHWcqc%QCp5EQ$>7FH3lsR0$1RfJlcjkW9Dq;gP zGZZg$7uBdqaHl!2m=PNS<9raein2|9&Lm|9xlRz|%65`TND8Y&Q%<9x<#NPhq6t8! ziO_OE%C?|!{BA2;V*>vubveQvnN>W~V02g37Zt&sJ}yyJJHkv@TZ9KE*dY+NC%V*cHyjP1cK0CCMo;%5zTv-Y zyF`s<>1eL+Jf+S~u@+Ai%RnBCXG}@2J0?zxl=MS>L61S^Z2F^9tr30$)sA?&kTy9!3=V z-toz2+MMy8wYUX)MK_+neoMB)3-TxQ;$*j76chVBo{sUQ!uYTI`6vW_oy!^c>`j00 z6}YJwlP|wnB5!DL>8IW!!Cy+NjmqS+fVrqEklu)2zXzFPJ7YvQ}#%? zlbv(s0EQoWaX1TJF@O=^m~^BNNWYU2%kSDz#P#A9D`(XZWu!_ul{;IYIIFW#aE%HzG5pPdrn+PDtC!=5se3GzNiocDxgZp7HS$Q7V6^sC zDT3CJ0En0opnnHPI6PMsp=d}+ya*t_oel_r)TSV}07&Dw{^&H$!7p2PMOITsFW)Q2 zBxh`iU22vIwBk_uqfbH6JmN+1UnDzgn>w(~_7V)nrGAb!!QSwgCP&%|6DBpriq%x0 zu%LLDpLo7!6H@qwE2L z)xfc8>YFszh+!dW7prhw&r(HGU2YEFR7uG|vw z)g15*my&y)(GoO02RzpMWgs5&v?Pw1ll@991r>6roKzP%)0Bczt^bbi4sxqQ=UIl| z)U`|my1Xs`02|@{()`+oU%sn8(uK3tkT?A|`4hBj&Zx7b-;C9$`>u}E5=`_0@^he7 zBjp4RWna26-vTgVCI`orbfqL-u^Nz}ttH}V946lG^I2dkEWv32Xf{Gq*D8JO(v8O5 z8=;QN?{0QHsS^nFeMZ?R;{Tt|o4r>X6{tVUe|9eC?cTjA&guM!e9 z2>@EGh>ZSHioD4{qByk$ija1B)EZEplTkHZaRflu1LNF!_wj0D$Ud(F<+uIkwDR62 zItB|r=Q8}sY79}(wxP`K^&~Gj0u>f?k&wH4zyXc`&1pI+@@8*i!^=F@I-^lj84NV( zpjdWg)BV5}^#pq%VdJ>nePdoA?Rz*n>a4$%inNY8-ANu%g$X$U4U3)LaQ+KsV_9lb zRuD|cSt{{8eqByTtxDx9gWIqjQVWkU&|$3+#VZ>FXVY=B?{$tFvMZbl?i05Ij(K%t zpN$rzh77EJWmH8P&n~sHw%DJ4PUnxOmn6z$N)_I0mLu{vE|`g>a}_qOIF$)InEkR| z@5uLb6cNk|eD!_P`ku@dZB&Q$i?J)9D`4sa57aQF*H<`A=;IcpFDTx)a-+f7+S;`3 zDtLWJ4xmnVRB4@Lal2{x`e{FTY=ND#IH2Cn@fiG;pZ3ec$9^p~8(*B}@3x@kG0?OV z{Vnm<#ra{9(xh!LcPlhbf;;|*|2&FXY*R|IW(#xRbB5%bXy$Vkhjsn~ zyO@XNI&_zaKD||E_SSfK!}Cuzrbj3Ct!-OA_w_{`2lOp-79FIU6&5^J;oD2HxtTxb zVT_7F&Q5mTbwMGk=uMF>PbW)k7E58Nhh!yuNA!Vi5V?gFT^B~(7~a0287a3{qC%=rKJ>Ba#&JwUdBdN_xlT!;2em|C5&kD5>M=k zjCfyM%CKS0@1?;i#^Uvt@ExoEpFI8Rh}s)ZdN(0hj}7FAvjcI6fVPnyusRButGYvT zg{H^(J;*^wv*LsS~ym%c2+cpB?_d;^#c#FKV%DkBG6ida>w4wHt5PW zE^5J>6CliLLIx#o?S{g)Mi3*j2jCdunbRx!Xq@*soMq$K}>mKM`At{e{Wpax0qg(v&?SGy(XPIYH<~SeTS_G1*9^ z=ybffy0p0x?eE%#6^Y#~P1^V=}HDA=n2G-A}vX8 z4ha*Kly{TVI-5F;l*ZRYZq?{9*hET-YBBuNs$CwNHkI!9_KFMD+M=A@d+Nxuh^3t8 zl-VbAs$eF31ZHgNsd-B3OtrDi^on3A5%OHo%{+2O8j(xm@kc5V1QP(=ggVmX5i4JU zE{;bXk>?|gxi^h!@UBV@HErb%tw=tLbKdGWHACZ$SajaIG-E;3enBK5A@h8xj|9>; zyTy()utyrjQUs;_U}^k4J<@c^1*h`8u6@2l)lsbbAOhFf*;~g5drF-S3zNH?&VcA=z<3 z^kaeHAc9e2upW7#EDfCr=DtZIt%k(Do;{`6k5Ci+LQhk3H8yj5_d@f}2o|G5mha50 zLJRFO3Y7y3C5h>*nbOQU_sxq7ZLN{);Am~u2kmZl?I)!jKJGev-`7Vd;@+pTAS`mU zMsRxf$%fA2lC$VT@~AT}mGknx3vAOhjn+k?XwR13O+w~lt-h=Ipu2>H`)HJ#Z_#oI z{dL9xbt}DRt%YlTk?U-cXK#@=RiTfsg-0c_uQiGHjfFGJ!uRdIuXBA^4WA!q5OEAM4v>3dt=_l~7s zqP$<8Wk9`rK%ZsM{68-G{|_#j_W$Uj(TA$hv+aeRQS^Us^naq!|A|He|1Y2aM58Gb zI@|C6gQNdHz|rLR|3@5s&n9_;U(S()?C=*y3ocdv#nCmNaV!w3gh&ido#Kg1zBvt1 zq@bG)6U2|d9Hnd0r5?j8LH8eLTVSCc#~pcJH^JW&ek}%vJbgXQ0%K8{7Nh@^H-km_ z9F3-abyodNQA2=op4i0h*LMu-%-RLrFdyjR%LLY&B~Thh{jz0K2gQn9-`UOTuaT$e zNtc7nM%XmnR>kecQcMjX}W;@z8qrz^Y}BUs`K7EPht8=tH$7&=cE4v zN1tE4@bj465W;lF`-AsS98DiCfJ8MdkE%( zd+}SRLugoXGw24Z5NF3ipJsD()EBc42NXkLj(J<%oOjipTaIC%IQF_3M z<90{Qeq7>^u*a)hyi71%hKEy-a1ZHCoyH2=5XEPOThr|-JBfm zW-0aA7{wME-&Z9gLQb!oviLKp!>C5f{~yV8)A$~n*ZtT($ut_HtjF`@VoY3VdA^o* zM3TmLSvVX9Fd~ys6{=!4bmerP3(@(#FYPt+n5lVoPPi18@~bo{T~m#6A^;88gd>DO zyW3s~K~TG8;Yl{Tk$8bBC)EDz3%Ft-ln1sT%zpUG2O+K5l1YJ@gxK>8V=4^BiCV>L zrl0jiLP9_l1T2QIirx*D;(%aBZ|dPO(8+8x%qDko0xwy?VjHwdwTkt5C@%Yu*D|l# z1AZ`4G{{IHE5o^e5rWeD6QH67!nq3orOE}RYOcgH5pQe13cWG9T5d_sS2rtxlkRC# z<$xe3CYD_|`wOi;uq9xd7J=eU^xBT+o(IS>O$IEr_P`xgEO^-u=-vOFOfLfb-=Xms z-KMvrDplW|lKj+Cv`R!2{wJAMg4qF@Hjo7*pfLkONMY#5+;pg2y$YjU`(HAxdQ*!y za%vunrZv*5)|BPCuH;k3u_;5F&shx8gEtIn?0nPYxmKx1fy&vwi1^O4;j6gR)F6Fn=zpDBh2cP6?Z3+AnXq}jMe;b& zVEyoE?0BR$vju1IpV8?094&eUq3<43*(CLO1QUl6d}-4kO!Gala4d}D2jfUVJ5tKfjTv=xaWK*ZUDqQDXExPyr3OoaoiglaUQVTVAyg-}&; zMDWTTLkyBX7#!eAak!4i8sLjH*JPNnMg>~q3GiwC@g*_J=1O$z`v;lsf#*1PJ7NBU zMsX`tyLsu()4csN(vACIPcGyHE&UPmS2PUHm*w*T{W2p@Iew#}{sSsP1*c(2#>~l; zn^Vso@{vd+ygxj8FccO3vX`Lya+R6lXEun;QW)8J(fj=MZbD=HNYtBOeHg1Ah+!#G zh}cN(5dlZq7U4+^WFLd01JEz1M2Y&}9R!T47Q90Cmo?IUkC;$jDR$%*S^AEpbK&e5 zZup_C5fdOz{Y$3%#>Oh+YBtiZkp4-ghj4Q zjEH|uNxPTyT>moVo9Kag1apG)ZHm2D4j$I7_wjCYG;DxHribFL@}J$jPu|LYpXcj9 z`gZ|b=Y%DS~I&g#;(#lz)zuw8UI*F{~|K+5A)4X*gc(A2k~YS z($N_6?{}3vH^@{v%cJD2h%xBF zf?j{BKx45$?{ZdeAjOxfH?S=*IN{n~#K@FW2>IDZ(+~!{;r8Mr^hhZ3Qg1fU3Nd&< zH24wnK{(!@J}%WGi8A z9%^n~7^MmZ3~tzr2BXXFsAdS6f2Uezzm>T^qh_e*~f39TPrDS_6K`TZ_6&_P3lqj3~ zWcOzrO_ao_nKFHtGV7k=#giJ0l5FOd*#Z^9+MwTqAzoc#%rz!WQ z>u#qf!ewB;PJbDt0c!fFvoK{XQ(KBk1=-xE|+*D$ILj_EiYF&f|*pCo?@9(aVlxF8lH4IrJuE0GYpn9j2<#fh%?Q2Gc8)P z6_&HDS{d}166}^UogOkj5NEmaX4#~%I+P~3rDgfFX8A2=c|0(}ywcbM9;icF-NKj{ zB9^<2HSgPBY3aTARY8eW$_G^n2-T6JRmL*a!_HMmfz^<_YHOx+q?2;E-&t5_B^3|V zgT2-8fi-%sYkpbPq#oBSqt^Ni)g&|3?zdK9>eMidF%j#)2%GL}IY=zUWNJ07YrSyl zxYO%;Ue~=%7v%IJ<|U~Y;p5{^uccb9`#w|Kom*diQ&-qi|FlzIW>wD+SubJLkQ3QZ z#ng}wYS7$jXa_YqFQsUoBHDHQPKvI_ZtJwA_un=mN;~44UnT+Eh>-N!<56~+Oa`g-< zZw*SE_Spw_7?2V=zQ=KkR<+jc(H&QE8SjU=j`w)+6MERX;@eR``4ZrLee!n&B zvN8l_!M}d{{>J?MMx&?NB^$)i=bFmtj!w270iTU@xCb;M6ELdeH2eV_pM;*B?7(iH zGsLlZ1T;N@$Y7tv!VX>Fi{!^H9mnn|7wL*7ERW6r;{m7zE*NS)Z&L#rqsQtqAaW_1 zkGo@qrv!a0{R58#E33Fe`~?mgDsV5|xYgdD7W*}fj||;?(s6SGap<4SO+c?E7>uUM z#irPpM=aa%Qj0v`dOSc7!=u$n05XA8F`0AArZB+&aEf)e%Jrgy04o!BD`Ns{D`+z* z3RMmQ_6hkx=xvk4i}Q(t_H3H40!D`S376mrk1|!4T64OEg?+Z&@lIpnqE>SeeV8PD z_N~XP|IDmDrGJCC|9#WgPvyA>=eb|b{xoNEo;9=G=-=EZ=QaAL!ZYyLH9X=o zuYFpGGkD?@efBs*Z$&(q!S1_V!1rf8EmbjwpagCdXYU?fP&`ZUStAIT!25G*@IX6f zBmglK2*V>ZxOip2r#BGBw3Pjip7gVxj{K{qb^cpV8X}pQS)ctpSkr;$#bD$!Y=l=G z6AF78Ph^0UWCoCR7-HNkPm`>e6&e1u({U@IdRl*D(pL)_8LPOT<||I|a=9b<@Bsny z<+O~&qO(c(fJjgrh}nGbH1qYko)@b5Up>8x0erq?i&AU_krNzePCcy*T*^gX7)R@4 z%r109X{1Jjs-v&HSJebIv5F0&0rpREn>>WiS+q?m`=l2!1Y>J>b~iDO_+j4!Vv#>> z)D1^HFCLD?SYgk?s+9}bdScrV2$|!8pm+QDlI=KPZHc_xNkQ6!fU?Ey6`u8U;}ctR z#qRBpUzs>W?paS8uJV^RE1wRjuC9s3V2R7KqsC3c*94Fa?_N3Y%V+Gv%J{Zy&j;cr z@SS|O{=(_FHKdyDzi|4J%~M`N-M+&CHs||p#4d(Z6SlVa=@7AI6U2cMeSTeHe~=gaTDGQ z>fI27ubhQ5fr+c?TNluYUnW2C8#_iT2kxQvG#U5kEBOGf@3GbR3B*$G7H0# zWe;GoA5l>Ne+6}%U0UvsPZ?KxStnW(ICJWD3;Wmhc1wg@?2sb%=Lqz3NawkqbA|-S zv9n(x0ZFlU;Z=*E-*dd#3aqlUjEsVj{z(vrqD{b6x{W&|8xitm-xFX0=LS!_u)`mx+H45-9HN^^doFZzW!M z=-sjz6rIm?gjB$et?45WVJ|10EGBtemoIHK5)8w5X;D==e{W|&lmB3EWM8s$b;-NC zgW}wWUjSixYnfRglYSomi@m#is_NnYf4}HWZ&JFuK|or%ySuv^q@=sMyBnmWyStH) zln?|&5Jk3U`|(pPD05tb9h`)o(&>gmVc zN+(7+fCUVShQh&-u;|_t4~GAVMiZ!+kHVm`(kQ-Dog0irVweBcd?PWE2qPlk*y=hb z2~c7tDxR5|MTfJ&@$K8Dn8t=Nfyl7rVi6Ter4p14eKpV3E1}Wo2%-#I^%||5Oti(~ z;CMRa!em2&2a5C%@Ms}A7zWU8vBZ%^{wg+&%cNCr2o;wsADZov=~SD8#o!Pz$c|Yj zGyk#Gx)GP@_LkEbtS006dLC<2dBSfYh@|@8&PogLs61_Rzb&QGBem*n($Sl|LU$Tg zoP8w<&5~l^Q~32z#)Ywxbn{J`cE|zH=rmtfC^R~4R+TNUVdtf>whhJ6D$V}BWsYO! z@00VIw)?tQ8rQBeO*0?N-<)~9U1Wzgrx&%0MTOgFvV(Hu67EdFxX#dUg~{FsNyq(Sf>4~A5@=Gmg_01%9vE#l4yL3;DHcUV z#b)3>6Q_ux`N|y`%c52V)z#*dNbVH25`gXF5+ydmG3<0yH*iStU)AYceaGm~h`-fo zU53FEHg^a{H^3#zRf=|Z{7&UHC+=4jF(g`USyb{59%78hq0}Ax^xa(Y1!P}YgZXp= z?79vU73RkyG_y-eh?F^xSP&u=+f=n)DrgN$!GJ6%Ice@e>f8vPtR<+@)=X_{T2&R=+;(+iyatObXse4vD)K15YsHIK!(_S!(CA z_=rVQJ99u;7Zee$s(Tg^t)M#@Zi~#zXO)2|{l+TGq~B2}e8@ioQ2@g)`!I?d5!w;Q zgbZ&Q`63-YQY4`+Qy#m!P~ao6l9rlf6e5aXTi5C3>ZwH_O`jDf?ANXBn7T#S?gAh1 zo^~U@Rb)}*xxxw>0lp}MRcUqo0xo?pWBx7!zrCAXTw(&+G4z(^)}}qY*lah#3?F%} zN?-^cipc^fCZotQ@hA^T@w+hrUIv0%3T+Jg2>U^u1${ABGeOyoE{Qg$+pRI|7WI9u zj)E>A-U0L;NRP{#KP}a0zhBGxuJPtm5xefEOv0T-47!4V?$Zww(n6(z-DvwWobHb$ zsIPAL()>e1b!DR|`3MffBHZI2k#1fR*hc_{Z>)kz#C1aolo4o7#avVo&@j6o0-nj3 zyKF2}?s->=o?zS>kcPd&WSn_=GNIL&2GY<{E!b8Ro7Xm+R?_Sa#u6~T=_^6$5jnZR@ZrgQc z-x<7;6>jIF`r(Yl!)1DrL*>I&!p(`OX{2~Mu*8>f48xmY!-ZWVFq7m`on1FaSb|(B z{YgNE;lW`jqeEzcHxj28ClaC2`|$FnVsN^};j|o-N$zj}HhwBRP=A0&8ytcAun6D< zQ-HEH3W&?1q;;HF4Uf91(CMrCLbB1Fu-}nx+k!gR_Z3Wjb>}ffK=>(nF;=qoLXJ2y zrbxBf(qzX-l;)g2aYW;(*qS2eNd(~s7t1wLN}&!efl}MTqGxjf)7-2=ItE*Tl>!;N zQ^6Ct9LxEYLiCtZ;n!&k3%FlgTMRA97tX;G2!Q(rE`AGJ*84exV%S*2)l-aN32$DF zq8COeuQ|Jy1}UdYNtDW@#pD-~)K%!$9hSuk%b_KW_&zmCDAiSipO3ZMpdPP38zLWa9V@?Xc!m-8*%lX)3)S}kXpA>iUH=j z;j*J41h*8jLZ)&h0_ru5_oa$nbxhktI%TsNTpslnIA5Y6O8r19Ew*Qp34)xg1eJP9 zK)xY0IpLI?_Se+LrDHL^oOQlsuLke-dclKSJqGj4ci`Jgo8P$lOFt9ZD!iyWnd0=< zYckqX_^%u^7`Mxz(P&!DE2k2h?d7l9ophd8E+<5W2hQA`V+i>!uj>qtQ={I`DUrFA z)UBQ>zv5o2VD@ehB)W3WQi1yMy+LB*nfT6{PqggTi+RS#4Ox9m9@qXQ*e1!#I{iqg zUjoPSOrHB!`ky1{-#$H=052m35sc?Tund>h*mNV%y*X?VNDf{pXAgf+zllgmH$&F} z4U;}_L|2WOVd+GU(i)dVsLdMT4SXME2)d2EeKLa(62BbB?Y~tsFtos5$(}%*xlJ0t zIYz+Q8W+U>Dw2|aY{Ql_rTx-9q>N>jQLt-TC9^rHC4QLsW9N+hFRtK`-V<=zR!yyx z#~&R1Pc-@ujux`nb$m1Xv+rfjouhT#A{0j>dKUkQMlWp5M@avTM!(8s5Afb9{DY%q zmX`iTqwU%>i6)i*;OIaV<-gJBe3=ARxh7~d8j7P8cI@?_(df=`9#6Z1zc{*)wL0Vv zj^5t%#eZnY=ySAwWzg2+?cG)ZjYeyLKCF%Z6OEoT{2PrPW5sewf<~jIU$xH^{E0?y z@Aesg?>T|uXdQvQ`#(6k@6i7*j?PN^i=zj={Ke5G-hXlQ{89KnIGQhu{11-aIht&E zoRAW6PeponOfU0hx{ugBqjTqk{hD*uO2i|VIOBu|8jbc+{*rJF#nDK9Y3(GQr7w2R z&_tj(y5F<>nOCij(Vj-9-+DX7CrzK-&nCZru8)a4Xoc=x+Q>YWPW5|t zFZFrzA35NyN@st*0lKT_krF2 zVHG{_%B$&a8>#2M2MMz2?{c?;^zo5x!jI+aNThqt#6PBb{@2ry4*A8DNzmP{MwA7{ z$Dbcx+#k1qGhqunB)B<7De*(2sWr%dU9Q3T+z97V`Xg0HIuBXyuBa9w<)Fw?2AkAZ&5K z>}x-|q!;Cc71mDWS2#Se4Uz19T zr-bz|+=NF|16N>iq`%GSY)C)N=x}~mk3J}l(jCP3hLL)9m@}Whek8aV3?B_h=q$HT z(~P`w?5crkYF((N26*z*Im)?6!be1oJ8Iqy{@PFAnWdXMlz1&UY7ZxgN;oQHIl`hrXkU*p*f}n-=lW?QagN1m!wTI zeN4YiO3Fj(WzU$=u@raNm@)jgspUJv)t9Qce6L1%)kaw@XryP<$Ftr@`^S#&nvYv^ z_t{%E*`?DvS&})oN!N^we^ckEUqorVLFpGjeP{-^yHft30Cgp!b~mH;4krED!~_7e zAqun+(fB%);4z48JhG>t7wUw|sIX;to0}(Q9g(34D( zB~9{6aan^q=`h9Qufrh~t888v64z12N=g+j%%d}R@ zw#msl`#GtvAzv;@SGmI$!6F$slw-de#LlW(DQJIO&;EG)p0_3<8<)l(7lxZro z1=J1YvvrKp0B5wiOR)8MJ^n;=uoYKR$c-X!QIkSP2q}r14DPVDwGCEX%!9|{7 zMvN9%B$>Y@S(H-^ggd_9m|FSNEK z+}A8Z%KE*WPi0P8bxkwjvpU_8ruxaUT0*nN6^=G7r4H+qy4IQv&e}$(mVNq~TF;uE zR;&@8fWD%ZaYn2D+^C^2uSq+%1>U-Y<~otY`ntWgKlQqmQls5&k1c73jgpFe2D=k2 zodW`=3$2*EX@>bEcQ4eELf%y+gcoeZKs8|a`JVm)v3u^3i9uWbYlJ}-}J@hxOXE=lP@7KQnil_XbLwHtYi z<`Ej_cKO$Kx7NLkA}Wl0(u{f=cFFp7y=QjcMC|Sc7JdxWSw}ZMFd{pA9z8M=I3bld z9n<-wC2%$-egQ@5QpO)zjXOUWUtR59Dk+>-y#K;#bc^sYunLxC5?svt2FCXFX_T9Ekev$4UK7ag`FaWD;dhfpPDrkxj zWV&dvpOv?N(y)J4(T6tAf*JW5%r=XfxC7cV-Q+rOf%<4+voA^quLBNz3=XdI%{}O#!pc0 zPEwAnMAuK?$v#=3eY$1+1S9fE$LN!Q@+TARWNTgu`$9`Q=Me=ubH|4!n>|UF#0}d| zpUUBFj96`ka8BL!Ha!bRJwEX`@Cx~Uk@ms2^20ZN15q~iuha`{Gzy5+R@AoPY&&+s zIFnxg^!?6eK;dja?=1PyX2a?1+1%#X-*!I1w(q^IChM64Szo;Lr-V5=Uz#)6q08>!m-S@d%OZ4mN?GLgCgf==y_%Xy`%DyOUJ zz^j^stJ<;4-n^^&zN-e>vo*T&u*&0|2mSp*!v*NKwTG*r#;e0GS_kWfhuY3DB44JI zznmiWp3`+LvpHN8+I+Sa`qb~pq5RuBT0+vQ z{iEaB$npAV{aQc%`uX8nqyG9g{!QDAOJGk&B*Xyz)Y;?i%RJjPg3ZoPURThIPQ7hHApM^rvmYk#*^-bye zoA87d+izm`o!G|5*r>^gA%^%7UyyHpTz6Moudb&sd$bH@u&hgi+=Q9n$GjD2XL_*A zpg2XRs)F1X>pwfwKHT1xkITqgGsG@_xClkb4!$l^&}Qjq#@FOAnAl_DFn z0ix3|k#or11mN3$Mh%LSj00`nOJ92_$vBvA{ML$i6Z$Sxa@?;og zfELR@(a^{=-(y7aqv`htmnOV#WkW#o(4E4-y@zJnYmg%n;N${0S4kHv5JNq62SB5r z`iKcei5~Rt^RcBHcx-S}u&2sR{6SCw10ZLB$}xco%;4gtr#e~XPV#iuXUL~k(AC66=cfZbk%pL7oE7E2*A zE-Qs|zxcnMEwc(1vAviX#|L zOcg_$J4qHs-+w$NnhFGuhLFID7D+p*ib_a8>Org1Vk{`fRPnG=)l^!T*flz_GKG>B zuAU(7F#^N_4loM(ImaR#VgVUm0vO(IQ+sPvxzb%fFxT|TiL zU%5pvAwf>ALe3U_aR|zX#iB5KXnz{E4@?V~qlJe=L~;JN{xlE?P}DM%C8EIBl(1Lm z*~>+g3Q+qZu5l(4AVK@nqQZ}^(Ec5?3MiBcFe6s`Mh-mDA@=prY zt-BAOo7#vtx3JoYupH`>so!a~&hl&rY;;z54{1r1lT0dfzi90lXQmyb8Y4rm2E@Ug zu+8sug?|UUe8-RK=U(Gz94^(1jv)3q9}24@3UR(tG<6;45(lH6?KyfC>Dm;yOE7z^ za!HW*@0^usrd__;50OCV+>g+q^(l@#5g0aSUGA$S=zcuIH- zyiqf0@*rO%FTjHI_?@WefYMz@EW2`N{$f!0cdlN>QII&3Y!7$F--mvi^ zM!~OhP34eZDYJ0)K3BRC;ZG|(FR)T$Cs_0!PS^$H!KpGf@QP=1_b6VgwVU zq3>oKVGrB;wKQj9wO+2_bO8#;Dg-^a(=y>qB!sA#1S2mZ!QtG!lwOX}BS-I(LtgG2 zta;j2lfh!?y=I}p7IPn^NsWmHLvP%|KqIu$DYBaN=6FqKxX3)kKoXQ!YgRS_qC*s5 zf+JBXa9dn@3uWO`Fm9!21e5Lo3NkQAxI_T(kkP=P=mKy=g8-7ye&QMq2nGdOp_YX> zztOkEz-{prqr_lJO?9NAWv`h!wff4hp9b2%n38^Z;g;l(E=!D=8X=Smoi9431{i>j zIL%<#()4I}y8TII#FVVrgVGmyfHY@qT|zxc8PRLTWKFW;1h;$((raHuuOVz82)>*G z*>3V$mL?_6@fZ@oFX!gW6?)7xcE z!K;@+p&nfySYE;&oT)rnK~|uuNYA{sR(qTxZ-$Ldg$*!FY1GG@Fv)b#B(sIU`vcjj zqP3%7T+^BkfMG~fF?g!Gb~4qa=0YoBrnRM#xen>p9vJ*!aFNLa*a%1KZ`tp3j<3be zA{0BAJmLAEurzg@)M>joP!76FHp5UjiX!Q&9!>hRLE@awBoMHdE?|LH*c8W~x^<>B zYCKkU1kpt0+Z*UuD}E%%$)bpDyO2*Z6em2k}OF=tai}jE|aD}0LQpU-~=z(mUF}Kp@*Q81ml@% zTF-mUOp~!BgMRyVKL>IG93%kxw)Yg$IftPci#bt7wh-6cM$tB`!PaueBF=bP6=CT% zaMQ6=Jl>LsK70f`W=l`vMZ4qtI??k8pX7w-Z7IR0;-sL2&;9ah%b`8|TmWB8&-;bF zC1E$Y2%dtWH)v?&r{Wfe!6Stw{-ljBDPTfA+UX!7YY%(#$pVfTaIf@`xQsvbR@bBm z`0^EHAumf*f^W)Bg!>Ahp>Pi)S|&#njZQE)$C=4pM=Ual(OxHX+$J6`miFw@8F5L- z&*QE{?ufDBn8(#HP=Ajx*f?-?gQ8-)DUstVk$QzwY}#wF6zS8!Wt5R&BnWKb|7ao? zkv56)-yvr68T%Y?E7a+~kR|dsRXd`>D3m-5u@><#x^(38TEDAj_k^hBii~tNt7L~M+ z-;+v?qT!F}qK(_4t=f$afh30^EQ%wb(V3-5OcGhdeUMQGc?_S4=kv$ODP0{slXN4~ zhmg4kLdnL<>F@3GkI18sIU8*`McGThPkv*>NQyMC@FzS|2~#o&!>M0R#;3bQF`~tA z7>j3X5mpF*wcU32>b?Rxd{4FdmZ2opgYkR9(GA0Btmp&;>>*KHm>)j~UzCQ!cf3Hj zz`KUYzd$yXaNG~{+8?uwCnQ1}WSs#5B<@N z`yg-% zl}`+nKRG6%lfh%7NkXuX53t55WW1F2G7jjqkJvI-iR8nXf8vwOr%KKq;E;urqQH|8 z9c&C88h)b`3MoxRFinFArc_oOqoD%fmw|Xok;O~hs@F%($pKLKsl75_w|ZhGkPNTWh!$sIW(?94_xiOjJ{Ts#wmU zf6QZk%;{Xt<#!y%S9X9vD{xh=-3_n0H?HGdVc=?I5MH56rYu)T`+ytSpWw6%6+M>(~PF_l#i9dbmatpJ^!__7tRwSDH4J-)R=CY|ZVE9&U_{m4Up_=lOKlSgRH=eE1mac+q*{EJr z_21Yi|D+F`MhHfs30gl59zP6O*AErg4@I;!8n^MlXPD#bkalhpJ?>5tuz8- z3jROQXu6tIwwgGu|BOc0bWc|QR{f7?wDDxJ_rIdiN%Oe>M5E7h^#2`={x^>P|4KAk z{r?h2FL0o5G^2myz&LHjxaPq8-i-Mh3XEF7n4DNITCm7DvFTf|**S4uwctQ+W2*iw zsn@nY+JydFQvX|0|KEhvz`rH+za{nmTbXG#-2YQa{r}I*^!uJDoyIqBvY7v5reA;O z7cXN!z55@TX||sJ5)<8Su}=C||H@1cB9Z%F;eS$2zMbe}9{k_UO#dUPSE*G30uJF+ zMck&tpqc5*zmodn^N*uW9g*kZ3ijWSU*E5xl6sX4a#25Aq2C#ZJrNtE)&0#}r9&h|YUSz-c}!jbPV!36&@mf))q z67&$;eqQIOq+e4dl)tl!ME&LyG4GC?!0*YWE>co}iv!vXklZpWmtgv85-sN&3MGNj zl&&WlijQ5r|Htv^{~@Vo807RQG~^r8kW$K>#NYp)O6pI++;WrN>q@!pC6(I$4<)rS z-QjFZMEtR!)*I3{))9pdxFFCz9&AW-a2^Z+3^Jm4C{}MB?3mDbkLI*`79voI5OUT- zBaa`e{q6N7uDNtcwwj7FwtGEpnU1JH^8XT_Rx7aAYRX-SR_2b8d1gEamyt!KTZ7IG zGXm;2Y;eJtP$1uKv1m_$52&A&E}Y18%)}JA+<~{W=pHPXjcI+@s9_#_z2| zKyn-EA)o+HAOfw3DUJZc_C`U_eJlyOE!12pdck(D?Kv zG(O$S)7X8&>~s55)%Ui&xA2+Sc0_--%&3z|5n&KrH8zaI^4>_3HX5S~1*kdfq<9K^ zq3tze(DK;Pr|ZwIb%+{FIv9sUCuN5jzyT)zwqHRNebYl{c!2tmdjvkSk)$ThG>Ord z2@L`RevpF;frl{`CxAtYyn*qp@TOo7(uub*Jo4G)8@(uC^H->UhocZN1W>^C#s*uY zPtSm4IAp>3B0f7J7bT$ zrpt{z*vuKdyH@{>cpG?(hlOB_wqhhD+f~AjRG%+*WT<~6_0Oeb<=qmg99yXh-eQlI1D+I4jRdi%mE)TeC1mzDAOZRhR%eyzckmrhyn#KyW^fEWf@u=|98 z$&{tH>jYyAf| z#v*-`%+NSr2#J3Py7QwuM!ON0kRW&s{*6d60M}9*jPskVUEtnGl@w(yLi?-3kH97U z@5rhDNa~Qg#25YrLwi5|k<{70EU~lCB?BssG-#h!(Bo3*7Y4RKUFG)SE zVDjH2H90Uhcj+;fpc`=U5{PH*PfjxNb6_N|skxrISOc244PP5?A-Nw_y-wa*&%A=- zXvnF4v)9|}P?^~1qI_-}<;{GgJ05Gj~f#=phqUy>SzAZVH=2ua5fx!Q;0 zFt|1})EPcR@IM%Jt4|1*?>~&%CS*wqe1u>WkYTiqz`j=zL~U(PUm98+8tye3DiHEV zQb$Jl9_#qO>J2QGDGZ0{Esx2yx`||U_+?3C#c*W(csPH^ zA5u*a9TE2;7>c$3l4`AJPnQWZSTi#M?J$f7HVBx`kM5DmnU5(!mlRSMTzEqC(GK-N7~tiT?r-C!A=2-F1-xw z!@lu3y6i^`;M4y`swt!sovp2HE3F+7<8wiP*#nyeT|(R$)y5+u3?b>3EZK^0_!=K8 z95N{aKN*r873vft);S3}BN?V16;2H!;S>oTA=wK#D&iPM${G?KegW zA98v|DrP+hBWI2fs~tHzA=OKMMt(gK+8?B^kf{U-8O8WXgwIJ||Dcrk!5~LSBDF;- zBgex?$f|%$qBKRSvPG#e#h`aito5E$XNuCGhQVx#*eqP!`c0-S<7*4K6g6a4hZ0C>MkDj`O7mWe=lhuF)6nNTJ?2h_=KD|NCm-f}QWeC53gqny zCd3N>NK8ROX@T2e0WeXZ&saDLTc{;dXdY8IY+hJim0vzw=mcA|dRCZNT{uKl1d=N% z4K1=CE+ViiiaIQ^r7C8qDJl{FW2pI%iz7>mEf0%jr-~z>&xUx3E@Mf!d5LLh3Gr~r zZ@c2H!xH_lk}#@LL-W!OiPF%}QvKo5s>;%2nyD5sAB4}4(lGo>hnp>>DD^>s3M<-c2{89yVN4HYUI~irY0RiZ?!%G}1>m zDhxM{T{I@bHc^!~EHE|g#xzCMHqF>KRZcaL!!@fhHAjm#!OJvbhc%3#m{_jkW^F*HBg=SU>#BP*n1y`)2LsDu5WBMqi=nX*$$tdrTS zGbyCgQLe2$mcnnF;B8!1Ku?`zUT1_sOH^L|0)JN_UAxP47i_4ss^I%{Vh+6AuDHDS zOPcTVx8H}~S7&cGCOfD}pS-VBc%LQM9e~}X5+WT$-2JwyTLq=3^`N^#vWJ(s$8We> z*{nw@u4ksI=gn}B(m_w)Q|)jZ{pbwtxI)(yap8gk{Y($;Twe7OWV=wJ?tP7CUnyL# z>{y=%SD(CEU&`k`ean8-=>DGfYJQ&GUj*M*)%O3W>C0d3zxE%HAs*P@u6!~eKNi${ zBp&Ro8Q5a(mi8L#+#Zl)8URlX*4z#pqGDrR;^QdhqQrMSNw7?1Pw6sg$^U&stQ$!PQr-XA(W_J>aUR{PdpPS-d_>16Ak(t8=H%@ivR zFXa<<_fGW&Od8&LbJK!7d^E;rl4caa6Fc!I)!NV)>~TBZqT>Yqukl5}anad%+}j9) z_BTIe<^hg*9^HARd(AeXxgwT@M#e>F$wgDN1^pd7VFKd;f_b=-g{gcn8ePEX_gSC- zXU&lZakndyWC2uwM6TxKi=3Bz1yEDGa8bTft(TPl;bR*wh}ET76M4112`v z{p+Sx*P0#wS2z7JAD<(zLvNR`w0^OV9_;63>}xdpBYQ!kZ{bl_<-?ef#O89?CB9)F zyO-+no;Enb)!>_XysPj=I@ShE!z#br!p||2{rClNK~%kMq)3&=h2j>ES$2$(Kes6; z3Sf^0HW5+~-i-kdEBJXU_H?n4 zz>9SpZ(|o9>aXblcH#Y9*pdjCW{{WI9-G;IRl?rLE}n)o`>gEp?eorihIrYBco=X( zMZ&62$cHT>?>~AP`WopP25nCxIPax|>~pJanA}?5GuZe{?j*4s40SC$5dhEG2T=_l zNgHFfpV@W`rhn1@(bL`~hdyzK*+Yl(Jx7i$A0H&)-YkB&{`x^YG4OdpA71VF<}0YL z;W)DH03l(^bPxZ>^RcioJBsMqA3e}jrNG0LZLBAp3rgo@66%KiAN zjo=Inz`yGcppGU3JR0$38?jp;+espyLuMy7uTJlT&k%=VuBrajo*w>wk+ypd|Kps| z`15oSzK!yQUE{3zGuvr40#h;jcp`pB5cYP^{%qo9_0}b$S@s`BO>wBhmWc3Ag!=P; zM5sLwKOZ_1?CxQg829g!y@-rK&Q_lLZcOlF9{WkTJD~9opzfrF3Ciw(Qz1YoIv#E~ zHFf)ln}Y1UckSwy^~X@F?q+b_Qi(yn9zm|mIsY-#q934!n&2(oLJ&Ur021Op;U;urytcZ##||(1!~uzuc6_ZhTUF?{&2|mZx)V+)sY~fIy;qV>%pR22qOkEjAxv z4wF}$j5N!OGKA~8?ONPND$e9Yg#=hM1M+h)d_I9uLyPIEVU}{2ej#6=zriHmm=o`JhCF!f+Wt|v-aiW?007p zP~uc84P;6Vf%1u=4LA&TeVL?=YRZ$OkGkJpk*#iqm}Jj4hE|R%x-`d4kD#djv=2{# z7CG9?2|WV51g#{FQ;bk>O+T(KBuWyn2V;4{2Zv*!)dH-1Vy2)HIo66c9h0b|dmXbV zC&xKp+A>X2?Zng;LqMkWoyH3>`_K{|<=D((!@PV>1tNQfNeW_7E|?5W0(IJD%NVQg zjiyH<>4-9L+2-*!Qqxc$d-LrKEpl-Xe>Gg$6cmxDYI+vpuV6X}FaOc$m3fR&sIPe( zdt=;y*KJ%DM%YE)tMULTrAd=8KzWTj3B)_OAMPppxJ9f#1~Zvtt6M?kl{D6M`hyo@ zt+vWdpiXU>Ed7wK?*OOGQ{oD@=vBN-viw3N7Pk4!tT^yfx5GfkgMed;6>PWpK1YLv zhTV51{-O3Cr0uJKp(vhy2$K04lt~jnnY1n5!5%5WAqJF5?=w(pquE=Xwvel!UE)Y( z%u-B$lbRN-xn93vfV(G2u**=>NZ{Ex%WvoaoL6#fCQYul95-#UbS*aMzpo||*tF#w z&+;|tmkUOs6;J+)N$+=@hliT}Wzukw0=?gn4qxuu{wI?b^O99bFL>Zyd8NDxpc8>T z7T)^wdz7H%HxGBvdft?w!c8XsA{eGLX;BG8YDwFk{%MF$fM>ye`o^oO*|mQqoiw3)mNK+#hBa`oA*Pd7|hT$7-!xv%0 zQ|=eTx^YO5{{nZx!C<=3tHPoZ4Z_m0gdiK{XNo2dCer|>=uHeTEalBnh}8hR*nZwo zxvn6cJBuBhS*BP%o={IpT*6y5A6@GA~`hNO8qamd} z+)B2XVCH^ynS=BxyN@BJiBzQ3H) z<&|6$jT4>`T&3Y+B`5xJa)Kd7usUJ5bH1YN9&B@G|1&FqXG)!qXp@Y=^)m0nXq8b{ zj!IB#dG2%mClMI=IqUV)*WGC;Vz%FSJ-N7PMyRn76SI0xv^b(+Lkh*pWrRNy!u$8E zl4W7rEQDmH)4}rC$y58NJmYFsAW5DpoF1zCirqv!;KaTVvzub0qd_IMloy6cW{;0m zWuW0c5LLAW<8`D~a7A3mmkDS+bbYPSG%{6e`T4HyFp*Mc_7I=l7q26wGlK&d4}9D_^_wVpn_H}zEzR8P z7Vlzpr?lJaG9vOVIEi`ZoOxqY?pZDcdbXA#GbJl{8pc%f^zTD5+hZ#(9dugtw}zuS z+VR$%+yu8~zGUil^RT!EqSkL>bheD~IEzH&?Z{JRy?1i|;?YTHbnfl+e(nB)SIcL% z3wfQMZCYEGA%DZ$M4k7$JlFpH3TyY3I&4tT>bFE}LO-0<56O3Nzw-Z>b(u9V%6k3Q z?%V|CE#tsAt!s!{swo0$2lUHUb`2vp8^f z1^2zDwCn$p)CssE@0b_F@s9#6@yQIB=uCFM*%c5z5eOP0yHxnB=O-)Mn+&crr)!2TL3Dl z{Z>zQJZp6V6~*4(Pc`&=H7;m>&KZYhrpfM_ECisL>8JjMFaKnw@0B#tTC8HETjjH z)oW&+WEi+p7({3jO@Hbk<^qYHVIkM|3k`~dEsAh`9zf+Dvj5yevdsIr1Me34X#&T44lu1^IT?i_v(J*RO zMwKkvoQ_6S;K!;)M#)jf)VZa2?neJe>illCHqJkiI-vEhq-OFM)1i_4SSqRcPO^D> z%uun$IKIHtkjp%r(E@i|Qd4?MT-w2JoYG<3YPHKmXx#1+3-}OI_=wyi9(%Tlc@d0} z6pT_+j8Zok`{f4X1^}ADsI45RZJ;v16t$B;H2K}QLY%aH8>{1NcK}3)IFG2Vk|EX= zmm>5V;}sa?i>hoTfO$)S$r3UI$R>$ww+9|i;N8irV7L4ZP6@Y<-jmBE;m>{dHO1-z zL>W^}Etg9Brj9-)m9Zw3*{pi?06T7#Cw_MFcyY@6T-Ib6H*7!M&7QjOVz`Slqx+x& zQ@u)u5TsXvXYhu`kU!e^d}`wTbOC&`#ExtfHt5Y1ZRxMlxNe#>WFWnU#tjz8LNFzL-XC&p^pk zAjV%1HcBK#Ij^rUf8@xvncq?*G%bq~EN3n;|7|FVV0PG0zFl&*)Dh$Y^CFUgc0yC> z7GCAOfl_bTEL%BDQppP=d6jou@`ArA($42X2rIK<2rWwq(;bT;xDwAhD!bm=Mq=ItF>#=dt-wJU`U22NxElMMV{tS(b*g0)du;hchwkDgycz4 z)D9@gj>O1L%*cN9G60j+z-INud$K098epI77YjrgrD7?TxE&omC2v_djDfjajJXJw zsT|ByDz08;4l4h-Sb-8;d002myTlaH`znHi1)+{^vD9(2IEzF!QkI#Ei<(=VnwLnS zE47ZlwoFi-N%)YO@m`rJVrAW3b2v?dxNlN6P;;qu)pte{bz5^icS#|zNx48$jrEl} zdV>nWT28Jeg2dWSF0Bs#HBHuWt%Md`geL7i0>g|oNUPSyXRXU+Eup71ql9eJzHYPj z8Tkq=bE|QyD^ANmHVam5TdVb*QtjZ>bxTie_1<;+2sQb!4o99g=X>n{c%30?of(A< z_ku;I6HT8JZnx(KFRKlUhz**u4X>GvYDnsa-&}JbIz#ZiX2|`T|NVv-_a-~FZld9) znd4^Ib90oDh`y$F^jJfX7LBKpE_#M;Tmoji5^b!PM$+6&0%?zGHQPG z>20i;K=9uEYBx!_Gm#V8*FZPbS1^@!+^=acfnn4AjIa-zX_`v459&8f^D~9C?LQcp z!hG4ECNevD-bcqz!wzD>i`>JJJ^-PbsaTi=dL6tlZX@{8M#!c|Jg!ZWs6+0|Ly9Ot zxxPyDzp-~$O>u>f-lkX6xHiGvf_oqYcXxtAaCdiW+$|8?-90!2cZVQ>5G;7GpdoaI z{P*5d?>k3xFjF;EldApz>uA-gr=RP0kML6GiNDm+rs?IS<$;OQ?+enk@-ozkF$o(n zmhm$4h_Rj-QChxcYZc|tV&rs`WS=p7wQtNtZp5;0l452SC}B3NZnho2Yx#ML=T-`} zcY|;9EC1Q{n|(v!Is=hFNin+D;&sMC5k?Yu?>H>-uU;CE6(i)N+oP%?`Mzwe*3E!gcXjN`tm(k1964Ctrz zyj!-|+Oh}>-!rD$SJ^Z(=Gh-0w4~Os47IbIjkO#{@3oP(9B@P^IA`g(r$gS`pB6bwSt^Qz;9 zZVH67zEvEtvb7Wp#XkshR0`hL3XCv|qSK97*7Ei|G%P;s8a|AptBJqWkJb`MiqMIT z&`4f3e=n?)k|v!>XYt`yJ55+$_4aT!f=PVlSa&M zEoXYIj&03l{O$Y19WdLE(kCv6!kvcvJtKs@c{W|bha*4j6g}+vq|*kZ`)l{D2c--8 z@wJAe-;Cb!jpu2N3BQ?G=9?ndp4{XcM%0|n(}vBEznQD!TWHmq$A7b!$M^Ycru+6( z!QzKgsm+L^O?N`iswdwD&&pbv!$7OU>Y~F3G)Hu0OWe)1U1>)Fn&Umovt9D`{Rqcg zvaZ82$IR)PCc|FhG5N1dFrGejrN?z0OzC)JI!D`}_7N5^Kvm0~*WJ86e+@lHAx zcK4f(w}$5xnzp|;&o!pbTgjbZt;Y|WlYf?1fxC0qnI0Ia^ES{yy7L_Vyc4P39^S|q zK}H)<<@8sXb3TjRBYqd=H+!^MXLKiLjB=h3@Fj@AxrELci|!KV&E=5vrM3EV&v^y; z(*;V9%L~s7@;enWb{BFhCrqR(JeV`73ap(tvXw-{^^?LCJ-Zp*LDpLxF>Se*!5Q!o z4G0I<{~L?0Z*YBP(JV+%);CdXSf{6NUG4B(iRfKdeGu3vqA1#3b+)nD-B?tR-(Uf}cSj6Pm$l&4;leT2 zP6YHLY4TseD4_r8O}AqL93Cj59-3IzG?8TM=9sK_$Wf9pR~J#ITa>|+*D7z^Loa^r zR{d-o@A-PtRBu4J)MqvFyO*YDf z{mu;wAcDoYO|aT0F3l$?MqQu*jD;_lIgz8`fe$R?G-5AkOc6* z6;UPtLV3ViUMG0MOC0Tm5MDC$&g0b`VVFh~R`#EUUI;oATjSTsq_B`CX=tBEu6e(`fpZJD!xW=lOR0gR(FM9=p?{P*DN`i|@WYZ;}jU6?c?s zfq&9{5+vCt_~How0%wB)>I!rANtI4nlmK8l1?pdT=-+GQGRNKr?j{hC6s19k{_GU9 zoGv|jkj2LvBa9rFWSr`Qjp~a8Toa()Xv2CV1J-aM!S_mND9XUJOXHkqH&?{N-P?;VKokLm`Q$z4JAnI& zlsZb5R&G3%l{ts6p-dte9z&SzYeVJHQk8bI z9&^s?gFJb8%S~<^rcch#|A;_;gYHuZ;N{?e7u&&zeQv0YVjv9E##gG$$auVS!6?gb z3e=BW4wEA(e3vLO+|i#|G*a$!3k3B@bPkM^D+VFPMtL6chk>@}sC^qQk&B=rjzgRO z<)XDeTD^Ra?t|YKf*L?z2<)P)?S9a;?f9-D=E^uv$ccU}9s@*)K@c+M2H-%+W+jLq0cTFT_f1VEQ#~kMGLx{ z07Oi(71D+wUot9+nU=Q1D|oKWQ~T%l*AvPjj*DwPej%o;ZDV_hCib87bjGUzV}JPX zAkpk$e&>F%Zp^(Cu|CvlJJXK00@k(3f78>e-;-1!@F<+{ND}^{5OkEU*yNamamj;N z2JOM4xu%Gs`(l2GbMzlW^z4{h*DNg;VSSLs2}pUK<0`vk>8sxyLza9jb_5KJlJef& z5Pf@KwC++Kr9rk)2FwJ73>5{67NdHN>ZGN1LPGD$#gu})IPj(fp`i;d?Xm%gRrpwJ72KRqEf z@Rv-9mCdj8Dy9xgNevpw_H868a_Ej>bprqS)7hrL1$JZauk(JA^Yg($ickJhe_lP` z8Lb_baO%Di*AfxBScvr&y6v|6CUk!sKoNMj;UpsbkXxKs{qxA{Q}5$tI^w6_df9)r zpKiRAf`T4SK6yXF=taL@I6-@vjsHNb`wkJDHDLN%AS#CbT?Xe6%$hA9a_fFQlO!nF zhVd@(^OaKJ@1ZYW<{`6Z4B(tOg8-%QuJVvz1)E^_$T46oK&QkYFLTG5>vw=`qyp5+CgyJ1T3iBS4}FD%Yd zviN4JomO#yGri|GZ5kqOCYtl4e#_K^n6+q#rW%_oczd9YcmcuFgc4qj5K7PsApR1K zroyF+LgeWS#&CyHCTrllVuuFvBT$0V6!XZ=c_oF&Q&QE@X(@v$lEm@RlJ6yDX?DSK za{FQLwPVU{ypM2|&Ke?T1Wh4-h{gc)7gS~TJ2=JOvrMg5AKqP46H@R)^z)Lv`vfah zAYW1t!$E4JacEoww{IhLY$?s>Qv0(qlcX@r;U@)=QKUI4IfP|k+@JxQ9UIVZ_22rxil;CBz_aDNT<#Et>OvK|6EqT>4-w|l3P&ZR?5zEG# zmaB)=SW~jfBcmFJDc7b#Dd~7C-W{ZWNorUsE&g1iXtbV`g}7DL&~vQpwXYrq?@`f& z098w#DE>?>U8vw<+g8Bz`KyM9YvXHEtx`FqdP}$LS8FVy{fx@4S#D(xWMldkV;aLu zY3(%c^@x#+BEBhOblEwKc_J?4uE%`f2Vz#vT9(MM$<`LGcritSg+ zq%{t=)dU)|SI%Ew1N`x+3dv;S?)AR}=V*0b;5ysr2_#9N>gNbcdd4jL zPyx-Y0~*i@1T;3&@#@_bXJk$Lf>;BT-H7mZ-Z4I+CL_eR&}dvDzzapx5WguMxVEVM zhVfi9dVWDkAod)yawdPB+`30J?!^|qbgvqmei9!2^hxYTq=<&`Scp#(R=ABgDf%{k zm)8KE@K`uFY5TyQ7a${NOZQTg`H3lKYfC9h9H$6*X>`|tQ|b;zd;zBGdb0>xy%sm; zNJ5nTWq7o3^^x$a^(xigD7bQxA)M4w!7Xkf2!_)4o_67R>QR?Uz3z%*g)fQaKu3E- z6SZnVAnE3+t*6EEMtscPQdnfASH|F{(^qt3EauL2Q8{i?)z|6TD;*2gj;-R3WP}D? z=_|h53YD51U{e80F?Ou z?pa6MtplG&v_47?VVJvTd-uOra0QlsT!uk6R;aN`x|N8vKh$r`C$V_|3>a>lD|%a5 z``2z*QuCRK8^o9Z#p!^SyV70)xRC*wdc3 zD(+kGevTOYvJosI1Zi@9Y{#EG$jqbyM$6e1JfRNumob*WOv1 zHg@c7g2~#i-0I-bZ(BGS0nH8X_$TrOEH2|9qaqZ*@<{zbqr^ilPRRk5_ESQv3bupL zYe3DSw;9Cd1=Pe=pM|7%&!OG3O17g9wWm&Ypoa|#jbeq#AWBAgJLKP5Y@UMp3gZZ2 zj5_!8sWEGtnbCME2+(5Dm=f4r#yKAP1xDBfm0r%x>gD{}om?J_lU$tl8xmXCChbtH zqS3dfuQx7Hzx(qK;R_`dHGnysWsj*V+U-Wji@BCjRHjWgvap$PWc(pzlnp@q^+Y#jj+ zh#uY|n#jBVDu>jh0}I}oiQ5vp$U}i?q5k^(h+^U+wo()8C2U2#f~*h?{jE2`%^vLi$aq{M~vaDB7a>ZETAjj@ODV$|MQ zZ;Lupp(&Fgq=gX@tHTZg$T6sgh+CCt5V3oxQ*<9k zBl$NcjlqV8Z*pq-OGv-5uXyt!{@e4s|L+~KzW9x~_^(?SoV}(jMFv%wyDn=*0{ifS z;=6)$lI)1_!dg_b@Gr#)%>c?>^7m%HiAtoYk@%U0dp!0`{P)zt_I!!3<-eE0(3hmxJxqIG6Mwl&YGBsof&0k(cVdq*aHT zdMj+9n^9t?TB;FZuF)EyX-NB)msWd1Q7h0w+xNSweW?y2&VDW}ZxtO26Azb*1z1rnB~)d;VF{rCPtTur-vlOxthkCzFU#`aad?92WtlSM7RfRsxU(>ozrxh7z^@+i8!-EsRhX~R}7E=li^Hs@|g zUujNn23Wc3S$Tw%e~B*lOtA3rr1uF__N^oLLbURGd*GXArQ3Vp>U$74WYtz%9&k(- zIAJ9}f8e!q5V%)@KOA_1e~d4|ddj{$mB7D~;K6!t#ckRigdBEpd&(z7D+ zZ)Q58BFd2AGQJ`@k0GY4BBqWZwv{2&Gb(nZB5sD^ucXFD3m2Y^KV$eWNuA(Jm4x{p zNgZ++N%kzM8B>^S5`-C3r7KgF89!)MelYwWN$pvg9{AsqIy0^EKa#pKtL~qq{wJyb zzaptw{%=d_Yee{ewdsFGI`I8JBmK`v_l2TSD0jDC?vAA}8_jfg{5+T|R>)WG>AX2v zZGJw{>gl>W-x`F){xj15PZ{afle4ai5$5ym>t(z1p8Ngk^WNV(_T!=ZIx4+ERpnToHol|ZTwHssp|x* z87UXQ^vV8b#B24EXKj2JXEKBHgA_U|X@uM&DNay(9VR0)Gq3r_MPXP*{Fk;pBs(A9qg-raeCXL-yQ3{ zcaVg}{Z^EWSGz1JQprsxR$o#!}koUx`+K7ud|1P0xwv*TMDyAXINo*-GA4n z>k~IOj*#auw?Dz{)%~AF`fqKT!0Gqp7=8Wk=ci`x{?XKo7$COzCaUY_s#X2d?SG8) zq&9_+?GBnoZ^+93X{5*UMTBh*CKHW+T^!W^HPRy8Pe0L=p5TzU{t#V2krj>a0K&dm zbZ2X}fqXc6*?v^Lq+pEGDX`H?G0=6S7va>FB@bagaD5iqg;t2nB_W=indHT=l#8nE zor&L65z0CB72QUMh@=iV680NJ1@iGGNn@PyN06ZIPaW$gIAe>1TcyILH5+=lFcl-y zO$~40JwRFJ9Hm~OgqL119BrW%W9(LRRuDD9!B1!9+?_S|WtD>ROeRX-eb;d(Lnb7{ zKEW6_nXKa#5R6>_Ao2omnC}4u7AOegc?^&|2?*o9N>0u(r$vGbE|&sWyqCe=N%r8(Y*Wk>-vRDj zPO((QT9)QaI2Z`jCr$~$9(x7QQ1**HukHnD8mGX1YyX9y0BH;5!EbH;@g`+Ye6an_oyjs?mB_l4h5&;EWb)1K5CdvRyZg4|L zaKn}nD{mAUY#0d6c@5aS9@7KQEmz9Bm%Yk4&{W|XiFZt`R??uQLc4_{gp`2(#Po}q zU(_Qa!#9FdYs3gifYC3n0UR;~sXM0Z-lD5GkKLodUfT~AsEP<&lwO?pt)`aHC{Jm;!RrCpJbg{CdY0V(Dq%R zK*@kOq^I9j|D~b(3aF7UJ|Vu_0t;~WU(`C_1}PXJeMyhI4>0w*6G)-}#Im>{vJikS zjLO*wftrmNt z)NPJj?!atqh*YxI`8Kh7bm^g}xDJIID?m~94iQsi=3qEnNC65w`)Ul57~r?TZ!_TV zs*J;#HC)rtPD(}DP~_y^Hc>7Kn^P0$;wt`0T3Huw{U$Gj>wtugMnD<$>Cdo(JM(D@ z7z=1adXEr_gx-fqpV8^W$DxP%&ZMs9O}1T$lb**r$KUw!I@wPWRcIY40RQ@s&ZlO!?8WdVldEsdo^pE)b^99&~QjOhoA1vSPS{P~1xhdbq!dbIW`a6>JS1?20j>iQTvZFm4UQtzqFkBb^wF%bMk49X084oh>mB|*#Epmg4lnmhKoa%hVtWcs!K+t=@g z5je)a2k^AIztLhNN4EAv!u6Ix@>}s*EBB?p4+$AHLR9nqm{s4JaS1WcvELploLCF;iW29fUqY_Nssz2$~9Zwk6FWhgU^ zVt|k%n)=-bkRC*?z(u9tM+hf7g8=9AHyl33(HE^8^<&PysvN$&ej@ayvWOh=%h5u& zW`!A{TQV`rrZG!YQH&;fq76v1BS_cFF>qY5?G;f7H1TlT4&qQS9t6p94k-{YS>(0U zU$!v9w`^>W()6_G=QR-^^cvD(9jUOX@TSl|)I67Ey<{L8V<5jl=K8_Q_E5q5)0*N* zmKwCii1a}ENJx&rM~%|Kh{Y!W)}_E;l)d9+#U3X`Lm|hDRwQ6#B|_oDk)t4!Q=uSY zea6xx4`j3tRE#!^?9nh%<|8uJBPvcg#y2*kTx(>nQQpy`us&mHfpIdSaVjw)Mj1X* zi4HQUXfBZl7CA;zGIKEv-49x8!fHNoDn~53D5UB>AO6;+D+LWI6ZO|vERINw`2JIy zW{fMoPuzK*R;*#`&a#*2PYy@J^O2TsD+C zTR=Qp$}~G5B%8M=TYMnfcPHB=nz=8Uey}4rJUVqWlVx}k-{{rqB2T!|piU!Fc%hBZi|&x*tc0108uIS9yqx`Ela; zRw4QL54q2^X^WkFy7Bx1xB@fr0v?R(TLC|4Apm-r> zbYXu{q4Z#36iU&jokD!^B9LBIFMUzCX_3xAkz#RC*iMlab#b{(VV-!gMo4iFVsU6u z@!Or^<-y_*xDr+I5;W5iypR&5qLMqBlHh?71-Mc~>e9B|k`D1wJ+soFkW!g}Qn;N` zbht7}>M|SiV&uxw(TK9;$})fPvYzp>4V3avjO9%`Wge2{L(%08rsYDV<(>oOklpe# z#tN7_Tt&THg|%sgu5H;xRK>$lg-cO|Aa&)PSfx6+veLBjrm)f?rl@A15(cUo9IHs8 zt_qN^B8;vyH?1lzttua=O4zS*fUBO$d|szuY$2xUkhg7%VeI-M+2fnv6q7f2oHI;Z zIGRQGNl&~#t6)5+K0}MVLB44YyNMyYsZpW^XB}2d zH<`{v()@~S)CJ3Q|S_WoCY)CX+9$(1>i%nmhGciT7I5zkKXK zX&dU7;qq(qe&jxsZwqE>15Dd|NZLat+kQ5-3ZJy)9_xp8wfl6nMG2HA`jwMfv@?ix z1e%RWg)osU98{6D#S3jCfF`%FrN7BRPN86^~HUz6CnMG4s z=;~om=vg7jS;*{;ne5ri&e~k>4*%7o^RcU0p!C?T@lb&Nvmfr-iOl&r;m=9@2NKdp z1>73}$P+Wy<$3{_wDL}$y+Bsb{B(fvLA zwsQE|ZX^nO z;UGG|OHmwMKAGr~8TbD_!ikRm4HwwvcHb-Uzlj`+IgMRfRa_?k7KbL9x(7%7JI1Go zGTz~2P2pLzslp|DVt$m{&Im(zo-!bvu!@>~cOWAiL9-+KK z!wyuR(bSQMaz7)eA*V`lw0SR!ICMrowTeBB7!=Ozha0Y(&Rp2f9a#H*yJ6q9nBt4? z^gmgt`cG0C2t`gafan6c|65YJ;8Sev$B$2Q@dlHIRFUw~k(gSbEy9%^!Icj^OGy1@ z-h@D;!^gIOnfw3`!7^k3){Ic@pzI`t02U>%HF&We-^%pVZxkGzMQ8?cUL1%I8Bv-m zC7tcPj~*g5z1!GOecX^9Gou4IgjB!6^@shX(eqzvKwC`x%la)5Yh{5;-_nu8o zG63Uws^^wnhi==S?DJfY$HEi)64}JXGmwS^cv5Xqnd}K0>@XWps`lU)2zfu}rAwaJ z%P{t)34)@fAQG4yiK6TD31qT)%imbHl^g^Fe@0lH056-4K{#~{l`c3TX{RWv+Ef46;azG90B{1!rq%sX_& zJc{Ey*bv&!sl&I(!&ljy4(*LFl+pe#BkjU=Tv$h#r~Cq*yp8W{PvC4P-QgHKANA*d zjC9-Gaa8R=FyTqE+DTCLDVXhu#PR#QEabT}jcRsk&3W=-_cXEpG+MvkNeu-sLz$o1 z`Y#>*<$rXvHR8!wV9d{%Mla?4jl4alU=$$qC^!3DAN?X1^Y~^{7w*pyf)n<$kxr!r zImzzCCge(Y?-_yq0_l6dil>g^wV{q{464!nt(*KO~KO_CmNdGg^|BUoMBmK`v|1;A6jPySv{m)4MGt&Qz z^gkp0&q)6>(*KO~KO_CmNdGg^|BUoMBmK`vYgLsRGL>0Yl{qq%dsdYPGF3!WRU|M~ zrd3tuF;$gSRn;+7w^mj6GS!S!)yy!}E?3oVGS%%@)txcb-&WPbm>LkP8!(w0@v9rj znVaaUVNGnz%{Bq0>CubR;s~KQp z8RV%M6lNKct{GBh8P=*9{%55Be`KU%2ILQpf0zWuIYhjV%q*_&?Atp$IX%DX8JSEe zs`iLYH-{#?FRJbtp7cq`>>L`m3{F_x+?iZhu?|gY>>jwfzMWhC5}sa^SJSe0czS(v zUr^I>@$;sj?qgO(G@?sUd8q8eRXTkkBgt(!xM|E8<`aiUhx^DGmGxA>CRE9 zZZT=TN!b(gpM4Uu{NLwJEw0?$J?tN!e*Us~e0JfNl>PJOZgK5vbI;(!{BmM`<@N2u z;pw?)P~7<3=Yrag-;Yj98{7YNq&Ii>{~783yFwcH*OC5bq)-0eG}5;x=l^Y_3G6TW zk?Eg}H2Ry@w4Zk=0YosIV+V-;*HaZR~%Ii9hOVTkf zkDkK6cAj7k&g7r+E($mPc-$t3o|Pd{dY&53Vs;O7pBy}1)}vAITpE$g{_YDPY4Z|Kd&uqk#*AKA<-7}!J%_MqXn#&(4@zUNtI7eU@=N}cw?0O z`-%g>hJayz;gmjjRPkWc>l!#*4p}e-p;+)eyEX7T20+r`xH3Qp1~mWx8x#b$#R7&e z6rJI20Abn}fcdHmL^Yzg@H-(9yeZqFf=SI-sTQFyQql~hS~ziRRCstkv|v%mtv((kL*a*vwxgy!TfLi_MVFjl3Cg zNiaO!#)?fBctt!Fry*7>`WDLdw}UJ>mGtV7lbwuC;qM8MuqbtX8#_1cdR082UdaZJM`kxN6GyZc2 z8L+~DjB$Wf6+@p1{dkQ9FumI*l8*nc^ z#svgKZ0nPRElNay0Tdg`B+5NSWQnalh;UM~G3HPOuSC_`%owin9gTvMDO#1raRt!* zt1x&f@tK&5CAzbz|8$V2s<>LnCEt@`#LBeEv*+_$lmMdQGw($q*g2voEY<*8Y6CnS zFq;Uv>b!}8W!|P?h{K}U`uYp{Hi9p#zP=~=+rWzWfKcMO*5t-M|6RwN zgI;%ne&Jr0Rmc2vooCym!IH9eHD!~dPs94xtE{{3L!mETD8$s4Rp!~xqwVNfTVeEs z=Gg+FAqanvfZxZ8pAe$OA;Og5jH-pGTJ0fEY{)I>sPI9T*+x&OAx77gi2+hnY%vui zY?vxzJ&c$2GY!t5kSIbc!17`i@ZJFcZ%SR&#u;U%-8??;5W&!b=%BJb^iOHh0KI3L4@Odt|^Jrjovyxxh6m*{AT<~Lw6MGLcnaJGgB8@%X-qr~7-53TF(gy`P+tf1J4 z&n!diq~5&92XgmXe3Zrj!i5EqyyPaSQhRd|^RLLJJaReH5jh`Cz6iR7iq*uQ=N{=( zI`!#-NC%vNRIapx)B1dgXs)+KkJCIMZz{g@G@FOsNnDXfH-AoQ=Dyaq`qO)y3iHFi zvf$yGe@h-U9v?lGxQm`4jqMrz62=&V!`;Tst~w&MW6!(lx51!tP}LZp1Vy66guiR; zSFxGV?cCVdba&HQt3HeUHn9)x@Axdx@-vB7ACoT|JXc-oZiOSc&b#Y5H{Pw{{`OVg zoy3SkdkryeaGk=w5*@7>@$$X*tffh(12or}slPixqss$CFIK9Ynjx8fs9gA3-v z*p?>5lKG;4%~W>(%socj?uNo(*xkz}vnyq{+v>u%p%7v#Hc{?1T`WL)R)dl?z~)3D zra1*s;OnawJ!OLV9&-ee_W*T|%$#-POLo4SZe`j2Y2_pVbDv4Gv3{&h*cPH-+ykX5 z22>;ci^d_=%L<7np&`34e?@Ggb2OVzL8;%8@sXfIH0QeHy&~@UKPX0gx43!<9L=>f z>_2chS_Fcrw0I@7#0!0BsDsi>-NZs6FUBaYN3qx8;r%#_{Glcfqg;Pvpux9XGz<{9 z|0R?BMk*xoMmzYmPWb1b`EqUEL2WE#e@@rnRPkU@vtYk+Dk2>+2m`e!FXIm@L4^zo z8Cf#9RYNHTW~Fuyl_&}|UNUt;Lrp?vZEJrZDg3T6d|^JE@GiXJMT8_n1gUAnd~gK0 zctqkr1d>?f4JdMsD)L=8PTQfubW()kRVH z2N5Jik+c1gP7Kji;?cua(b9)ebqLX#NHJPt(K!*}71mbIl2jO(#(R|^ufnUWLci8p zsQ#Y1ag3pvH=_EGvb>ppfH&^>_10D4_Q{&5$2;y4J8t+sZjLbCX)q2f9v{^dH$F!B zJnHs$^4dD;G(El~B>p4eJA<3}!;FL>>v+&WLWFoiwpYS2Z{qbm-`PFIoh-uzVepks zBJ4gfHYM?iDk-EXQ9i>EIWq}Wj@wf^A&4OXeLD=2Nr|SLjBk^SvBr!j7f!I2OulA7 zG|o)IXoa)pL(AtvzZStX&ICVB&x*p3s16J6UFB*ybbN7?ly~*swMT!J(3eOQ& zOZ)qjjQ5!XDFHhvBI+r4NU2IbDbd!cXY?QF7$a15ql3LaNJXbqgru@n#%Q4!)-I;% z5`B1AX`|7>sMist@g|L5A~iQ7?ZeIoKXHBmi*#|m6lb~jR+VwCKB=a4WJR$xRtPJ1Ll)8GaAZmeI^<(exQ>kSv>w$TQa!xICK1Ao#b$rN^%N>F(_H=ZA7Q=r*lxFg4m z>|229n~B5Efc>RlA~P3Vo|V9tmW-H=0yTrAGnO6!kIJHM zok9e;;!e0?wUA={qGE(!1TsnJ$0hF6 zrF`2>Wv?en&*jRDP|Bxv%7jeI zWkSk>ipu#1$|ZNo-Kt8B8OmW0`HF8g6}a-{lW-MOMA=dN6*0dO68W=JekCPmm3{bC zlF3vt+*;{2P=Pj4ndV!xnpt`QSGDb3`BJ{hrLrm^q^jVk62w&P0#}`ST;)_%STm8{ z>08zECHIqWMY|qLE3tpSFF8eK%>=4}!`m7W@0$I_ng#ya^3OGMs6{LC$gnmgZt~hZ`WV) z)&!Qrb z`>NMO*TsD>-bh~6^u-01LjTyr!OYFb-1Jkfd0eK6GrO68vT1Upnf17N#U-1>u6bL& zrBJVB&Zk-Wgql)7U(}9FT%buIyH3TgRK1HrZ9PFVHctB_M_*sB--l9Zoz%=O!2m7X z#E#OUi_}ga%BnitX7VE!b5#a@8~Cx6vI{zHU4Ldjg>i0-SC<-c~ODRwF_U?<#r-J1M~V+ntSWP+-x_@Ny7eY*^c5*fn?< zFT2lBOaf#qVVx%N7~vgJKEzQ2MQXGx3KLiN?-M*7$tiqpwT^mW59#z<>%N2}jY$2b z38f(jfB_9dN^wKb-=knL8&IE$lYjpS+Gw`es3U0H!(>z&auz(6`=bkb}6D9nXeha5d$FKlGoq> z+{G3b9zP@4P3vO^?#gI_j5P(n&V&2smsWfa2>>Ed4KkKh6}1J)H*e{ZxP+2cVhMm) zj`1|1`d1EpJn`8^jaot}(7KKB1Pty!k=p2l0A~A`^fbPEt#4csSA5cnH35)7`K5H4 z3`(|0lG7Qb85$c7AvPGX|1nL+JInvvkruRGcNN+&v|6aJT;UB}k z!@0d-tRLHY@H<$=pFy%>JeTs*S6G?rkR)U$mn*UF^Xk{8?_~2wwI82)2r`r$Zp(ot zL5Osu`*tnYqru`qTnoMbB5L=hZSp!Y!(WNqY!CTF_P5r|`*X|IWpg)fW>jd)`03lc z;L4XD8+mb%d?6Gn;ho=P+i8AZa&)&>p74LvLJ~26`Zo&C5}BGDc_A?GxYc*nJK9h4h)}g3B-vpN@Qm zFK_4EZrer;h0hEH=A-mYz%2wYMv|EWG5-%mj?>&Rt?P_GBQ}W-P7K7gk3r#+*bNXk zD&ainCE1dXJ+Ksm3%*c%LFt#?fAk@KpWx(3Pi*bkA;+8SSRNzugW)+Gh$aT51?dgrz?mN) z9%BSgW0Y3o->)HzEGC#r-|#&L5gJjF`cS0jP#{|<`CG;!R3~F~{R(W`$ESNDCPDY< z3k=IYm~Vd|V10hQ><2Vl2)LOc$x87rnZA8C$dvLAw79?Oj%&Kk3psz>Deh;GT%aAm z{A0~6#Clg56D=gBEesJYO>bv_tzqLh2@s{kB+J@Cn__`8m=uC))dw*Dz#(y(dFnm+ zvw0$#Y*n#xV58(GCcGE9?~M>Vn$S9GFti$lE|&uM8NNg%KEE`Xy<}FtT>xFt&zxA0 z;}-JRf>dpl>sM?I#=w_r@o)UZ-`IIdLfWN$Y7gu{fPFFGXYPP2<&22pio<&2rga2oIWya9snG#_*QL z$YsVDL1$RE!q}}M_T<11%n-%k+gX;|1hy-8IVX|G3lPMW>CZH(@Man;|E_dsX7F@| z@7x(sMO820Qa47mQALq(xtFE7pq0K*dG{!@VJbmk24@Z16qdlAmBN`dLtDb_%by+i z)F6@4!r$mZb}%%N{{UQq`b0y(aHNt^a~S=INM?{QLYD%hFgO|>^b6IZxKIp4;^%-3 zLR=JXL6~4vc$nmWI?_aLl;WAM9X5wD)en^OgaV{X9@Gz2l0Ym#dw~U-I1(Q!wIC{V zL_Q4{OD{|(HFh!007^O(OeL8LGVFy$TfYXhqHrO$t9>RCNMX2n$YNj6!Su$i&SEtGV|3^ zy*#ek_7-v#AREW4Lj`i2rG!N22&a1c|9b97AMjE934}d8;dG;y?r}V_SMMXg2N&|K z{&ZwL!Az|{30qD&`WQv(&CXi3T3m>Tj@491i=+A+c-BPCk>kVFHc#fn(~mpk53#;y zg))v9L+H>j6l+VlAmYUX$JG2FDqL!DP$7~ld;xrzB6Obi>G=y$p4s5#g*+2F#ZUjI{(lPF-0@xiMB=C;sNRwW9tDe%9}6te-L!^gTQp{ zTf>Iaue26URbwhex@sp3=QwA2Vp~+7-0*@Z(h2iWL<9p^TV<<`c$@Av+LwKhS2NTVIEDKU&E31ZtBkHJ{qR>s{ z`cuAy$iqQj8#03M8E>sc5g;Ly%U{CO4>E7=JC!a95NNH`7dBjK-NmU=kc=0VT||&I z?gch9qB={2ukq$Y;JJ^X60CcF~AIg+01va#qc))ZuKrL|hJ2-j`3g`y9cfbNAY z(GWbS3EqhgsG{$3sHG-!$sxFS-2^{&QG(SI`xVc%DWTbb6lWP~EUE&=VA{f`$axiN zxlqDk7W}k0hZ-|+^tCa0&!$ud2*7fp&{F5!`wIWc*oxbnIvgx5Mf^T4UJ;l2PjOdR z4y!}jHW{!*SO8ooJGu{=ja{cfdUX>hp#o7`h$wPeFZPpb!)O%=i4<6S->223mIS>+ z5?Gs0@XbIkb%(-Gu)l#+yob09IX;XE9*C*N%4|(sR=fYmp6d(pzOQ7MZMOW43;ngxoamrJ~?>85de5aBSJ629k&?uyRU0Es2 zKl`EVnwQnX=CxUtYR1ep=j+$>$_~Utxo0g>LN_+EP-2aDhN%?~Vn=HF85*S#4i!pI zE9!;B%4N#0rKCSr$yaA-hRS`YF26d~?rHg48KGIj&v~Ld9i{n^=~b=6hZnkqzqHyD z)apE>@C+`0!4|vDJdy*1stliqRr@ft$|5waOtAgbhkt1_#NOzdQK1!&D&Go!7-qIa zt6b}MU2c-KII-$s)Sbuw*piI#!^S{L@AK7Yb8YFAxP^fJm*wTwwqXZHk1qYqThF%g z00&E5wDn2M^!A!72iFf>@Ai3CI%dP!oC^gEjCkN2KqF;ueC|#&8zfbLCaU_e8U!hJJP4C9QA8|JJLk?q*nYZYcn_we>>7v!sYC< z0f_De2ts`#SYPHMrQL(}bDlfWS@W@;?j^L-R2JQ`qZAZSLb($AHQK)`d`ms zja?*6PTnhBBi9iOT|auxWlp+!@Atj>RM4HFFWzk-{b}eII(72 zfPZ2xk>G9>CIV1Her>!Smij-~y9=(W+qKc#e|pm0-Hmj2OG$T^w19NUBqu4|EnNZv z($d|HbazUt)0g|c*LwDP#(2NL9(#R^>pain`k6Y!SQ+o;RLc<1i@T>``t0i~4#TVE zk&qDWV1cCiG4wXv^JufT+1yd3mFlFpm|>}nrk|$#yF6HB0^qbHhgmQprMWVJm(;S~ zaAudMEbAHuqU11MfY6T49T%USjD@phmJ%3j_A;qP{0zR z(Tah79%74dO<%;AChFYg!U{fMJA&1=bG(X1RP(4c+^2sIylPc>XV?!z9eM>^ zT3r5YMBRLHE&aN(BviZcpcw1@A?QAp|xXVvH+=LWOi zm+9p{i39u}MZPUQ41EjO&HVs<__lDz$ngia8z!LkH*GhZtmG-I(K9trXXT9}~VFD~y^@wucEURqI>b zU>^(%A!qanp_WEwA_9Sy%RmV^6e*z1CxAHvmZcn)wI$>Z==H>r4p9UU^Z`UWD1hi1 zjHLfj83ll40^kIL>uGrj(CUa|rI0my?v!OHWRaC|N)xW603T^J9BCzCh+u5C5L%S& zOy3wp8Yl?XxDjpl=?hB$GC!4t8TIiv(edC_$~EQ`>wg05qS3QZo_Z*2%nKn`DF5m? zOXguZ#C(Osw3f#hj-+>Ck#oayzI3Pm1P|1P$V$Kl9|}T_Kt&o(qz61S7m751KFtjk zV*v!_{m2m$vZivD6Ggqkrn)6LCVO03XFmfbSD4fH6<5zDnOMYdt2ud zFqGh~fS5Dn@ywxcDIoOkN$(T{1xXEKXbp$&mHXy= zjYP{T%p3;F6;<05$IMA0hjRjAv*L~*QT4G|rZMNZ_#+wH?qVx}n_Y3k{V zTZ+qDIlk99)GCl^n9(rn*M*H8@KsXA_W6KMeo6n3>Du6PYf5=X0vhoEI1B}l2EkY= z)bJ|Rt~J+;e{H*^2GvuM_E0r64y#yqx%?V*>d1DBh2WqB<0fI_pCqexB&Eobk2H?4 z_l|*|m9DZ=jT_}u#)nFHY3QC6uC|gHNI+In1W+4`wB$X`(dzN08>MuWPZ1WMCS!?u zM3seZ`h|ChK3a^53WJikh*N|>sXg+NC_s9qa!SYek_Xk2%Bz(QG=bO=HBE-9HFC%! z-B?{w_xKQam~@PZ-bl6tP%p9V=RERI%X63v8XXVy$z9GQ=O3Tk-0OX&gIJ>EZ8PWX zGApO+=N-@S&NRX;Z&Ze+EN#cwe%>td1Y zBAJe^nRA1Uji&v+ww(>P!@7o(GpqA&HWz%2cYHloVtlS8>h24gjwamiP2PAmv3Q|t zxj8Rl1nBzE3wgvX?G!BqjV-A|-!F}x>2a>=ssGfgC0p)pSfXXsPgT*EMAvT?S@t&> zi9l$MWN!!$REU|7j9TZ7jgyPV=Z~i6{wOAsXrhyV&YdJDl~STps%3!cv|_rTui|e2 zqb4x1n&$SB3zvm(F7S?DN^BE3k7z)@JzVSAOOs*a0#8%8L9_F!uZ=-{s!@ON zs@JGdcGGG*Uu@?@MOO(|x13n7m_$!5SKol>fU`t@D%YT@=Mw*wVS`i%zx#Y!FN$3scHY5Fyl=z=M6R2&Nhd!-GXa3Kdsq9%bUk!_=0g^ zijBB!$7{hwYaz6{^~2;Pwzj<-w|yLFL6^IYQf1*WwvE+pfp%`OwZ6@yYGM0x`#bs$ ztgt1VxCN%}R+=)@(#d~EnA}o0#?roON1lBLsom0U)e<{rXM4hO=G^iP`Yrfx8N^R(GAd^g$IuE}w-7EXCrt7;J?k2Kl6$HN_9iW%-R{ z(uPEJdE|rm6uXR}I@Wcm*7PODl7n0DizW(-d&`x3mu=Q%==-JQHgnATdMY*rV*5w8 z)~Kd75NDg!^Sw757E%(;wLJ9eDZM zTFcq)k?+|NEZW>z3y1e?(_{Kqs7)~;k6U4$yralb`if*Pwi>x;%QguSyJ4Y zS>P#jXtA!3e`ad3-n`w3Z{y4c*O@o>Y$3vGS$=mCYB-tZEb+;ikJp(@=6q4!W)|^$ z9Xhjw;k3ZvV)NtN|9)q+bYQJZd7ENw+Uvp;;bJcD;UQ2?EriUQQ z@QPdTv`6rutFSi^>2nIqOGMyG9CUqPu_N!aDt@sdpQ{IY7xD-`k3g_A7|pIn6WzOf zx_<{mzPmkk9&MH)bAl!Jh+?kpWgYKjXX~XB?4>jAWq=1B4qP77E`fq~Y_%>MT`t6G zx%S8a@>Pk^5rmxV68s1g3;a9D+${r`yAe`?h{{NaKfjw`AQw@Is-T5JBpYKJP;a;+FB43>f;U^^~Vs$Gzg-GJYExi zyyjcFsgb$?6kAWuZn-d#sf%xL{#>$}UCq9}I8-AymVBu)2Zv6F-#|JwmQ%Gpf^;Q7 zdXaZGpj(wgV)>o{U|P;%57&|mWEED#{%gS09$Eb530n3Z@vD;^x@dNv5MqT;FDlUY z^G#IwE!DSMrf`?qLa<4&%tn-$gc+(P7MLs)Q#%CnUeR4>P&gUXE;hi(KHpc>EU zz5}N30Enmk!=0H#LMv);8*AIA_DPA5A8+-%B^iCj4`MTsl=r5(kQ6m~!geumZgSCo0Dd>9F(A_101AQ@Se zLccP6p34b;E_39Dmx;7m`TWH5t&6lMy3EAN$bQ-KWB}dpaDh?S%!#3b*dbd1k1wOj z$n9h#(jgc^VA!v6?b)M;Ec3`e?D6N&SF3sCj-K{=G#pXqL$AveT!`JT@${dwV4(-> z6u<}m54;Kll%hcmIUpQ6{0Lpl_v_gltP98wb{Ydio-z~zr_2JgU-^Wt+zKDkMU}n& zMGaY#fUHwK@9UAhk_5d50J=J&Y5)QQgJ=ktUlmC4TBP4VE~dV=%oUagCPuP6ad_Yu zs`PodIX``PwbjjYhr&VTt`ZA=RK$##8cW61{&?i$N64f#Kbtul_-OI6X_Q)9 z%*R%6O_4J;y20A=zn&lrM!j1n#!vZZi(gSpf44kc;@C8xVaFbSuV138LBdi|lJz`O zURK#wnOh~EURjk0M(C&D=Iud(rHpb7!C~X=4#838+}6O80)b@^+%je&Db*{8fo!B! z;+Nl!C6FmSaYgR@h;hhz-il0j^yQDk;{#B+g)g)y{0{V+H=w9=U#LXwu}x;Wv7g9EApaTgC9)D90rK}RcQMtV?^C^ zsgna5%*fL#xkuUi8r@3R+C|@w@U8}Mj|-f3)Q$WY?ckXP?f*KOl0p(|oO!(&)i^6a zsLDI1I!ET2@`WA!({e$>Hl7Cjvl@xA^qoe;kO`xex@wVld)7wiH(0JNk z`kEIAd7!kVxv0+!;u~Va*IPX0Nx%f z(UA(k4M=o)PKSQ3+5ojicAhrhjv?*DlYpHuO+`lpe&-cQj-^fqZ_P&QHwj698KqHSm~Y=RX!YVsyF*xi zK~Ryni-;!cA_V&Bq&)<&D4ww(aM+e?Fy^v!EQtxfrT0VghRdk$6+DpEG|5UJ32Y=N zA6-Qugg@a1nWC=)Cwb|F_rr#7&mf4l)5uovURZe0L$Gy#;Q4UsJjD z=feO;Qt-l9MJjjzA~{Gp=6O6hYp4*e5Z%a1X~|Exff~Q_$QTtdIL>Q6xd2TPLAF&p z(Osub;rCe_h&7L*9!%q0z!0?7omdTh1yu44lOk#YN!F>!Ju6@6U(5Kh4tesnelD%Mr#LJqd z!!h1jJ@EQUqT7Qecwl|BkS_f5{Bwkfvgtw4BNeJkod^BTgLqLv0DFTX$W+pT=-XJe z8k>uB@tPsV>2jYDY`s&Hu}x?O(Ez#zSB!*DKe%K0i%J*o>p`?+iV+Lu-SbLogaa!o z1)U-p4)?;3WXdG-=EMBuoSnbc@R?AvhN7Y9O*NPyHgd|%GbX0j>3!AKs3OPXaM!Q$ zwAv5k7)iTb#5q3;alb{9(eLvsr7Ha*R$)0u#JH1tQ=_%4AJ(l?Tas4c7s@>ywXyX^ zFql4YjLp_pByuhf@u9&D{fNRSwSQdv&J%gmK@U@8F>8bO<0sLCxgFB^9q4fF?{!Cx zvgNS}f~vZw>hrj7(W}8}6BacAF1D!EMFUYh3jA3w3kJk5-93{SOzuqOGa`kA7hY=f zBvZyBIrR^suSQ9eT*5#$pQ)X{a%`J4Wexp2_<7OjEzWMvzdA?zDXk?z#L@aQO2-18 zZ_}Vq*LCO@cQIbRX7i-mYw1*HPw;E7h!xQYC7AKr^efr#z6P0`SJ_>Bbs( zl^^-~Yi~zC!;jT*Qocl&<)Cy@x2gEB4CaSd8v`2f2($TD&RW;oLqJ}hEV1kjOmu;H z{ttBcTQEgE-|M@mgn8%Ot_4bk4ig|2@-VTExU=|9vFR8X^}gfc*N6+QzOA74)u)4-|hBU`X;kN5czr4AG`MGlXQ5rzy~*n@BGsfbIm zGlWW#MU0bAAV!T*gsIO)i7B36;%3ndrl#YD(A|d9$wUi;9fbbrn1D$-WtX$W)f}fS5SFwaU-RrD=iCTH3Ji4Gv zYmaI=W&VD}L2KV}Yu;YEf#p4(6FQ|EYp!QHRp~eCG_>lvyXsxV%JB*sCp(%HCH%rA zyS)3wboAQ2yOO%}j_UNf(JQ*PMY{6)db%arNmhCUgZgRoyhZyQ5hY4_^mJ`DrrkCK zqa}vXC`Q6idbKQilkXd*d9r5iYi5h|vK#vv2POPC2kOugi$QC16b8i`Ol$d4Yc&QN z-BKG<23y-wTNj46@};+)40aKvcJU1MX{GjgrItmd4z&!9&83cA31yR z3@(EVCz4ojb)@5&qSF4eBV8WT z#T5HL9qA3G_=EEJe|Mx45G(%Gk)~iyV)(lw&0mrH-;VVEokrS(eSNWJeS>}Dpl0KO zee=F%6Ux4YSi6P6u}x6BO~J9lP`ksyvCCh(E6%YeU%RKqv9DXZZ_06CTYKQbap+Zh z7{qZDQF|26ahz6roX2reT6?daK`E5&@+HQy>G2NBP6khJLe1-1%8} zKTkCvb3(K+1u4YMiiT%L5Ux}M8emcs_GWAk!LUU!7CqAQozd>GC|@JCn-dXZ)uuBmJ(>RL)BB zmUQI%nI+F#7B1-F9FR)4!ILUd_{E0*K*Q8RQKL|{UZkTl${t7Z zn_o`0-vW2vNI(kQ4q#w4?VnGr6&wcE)eF9^*f22D8k;1LlEozXi zlK+sx{|gE){{@A~1A839o^ANPNmO1c#=uGLL_e@$eoJqis)J%$i9M>^t}wjUSjpn~ zO7h`ldqivyPV7`Q}!rL6z#vqAQ@g?#_4c_tl@Lx4#+xHxAza@Gl%(5?KE? z4n9-x$Br&uj;{3)s$34s738RIA+LUnZpny&XvOFV#_aUQtR$NL zrHb`=Ed@N}4`c8&W5<_cCwyX0`Fth?G2sf);jhpU8ZZ$f(~(xtkux(Pw<%SOgFgd}_QCKD?rm+mBc(4@SQP7$(9aSKUdD@w^J zPi6(BT!B)HdsAGbQ<*JOg^1&-LsCl^Q`dS^za69&!KT?ur_COv)LEvzElQ(iN-OM5 zJ32~Bg-vIbPPej5mtsoK4@v)Co}S#Bo_3JF2%BNRl#wHyv1ON$5R&n>BDJDCLnA89 z5tIpfote>_;hD*Y1__jV%{S|LmI))S87h zlSN68{UItlu@$?q6|0$<`Wtb0TPAa5rm{Ox4pvBxgeSVUA zt`uC}<1ypqan@~X@^x$e@k)N+P5xKnf=EbqacBX`+k(iQ0{ij;f|&xWHb$JR9K!ER za7mku9l#!`MAq7KU%R!QneCYRaPGI!=PrP zvUbR!Ht?vnqp&6*u@=dqx>vYn=X=@SbHP$py4vf{+ikT^-)n!P>nyGtyhStMn zv(TIp(D^s;8hycKrC4h#!)k935ve6Hs>e2p6flYkgf}KVZD2wDB7+(&X;dqv{8sK~ zHKtLu>dyx1_Qp+^I_Aixjh>n<;U>+*IB zx#O1%qXs?hmP?k_-KWoz*{wy6_1Vg;X!dQ37OkJ!+o}!Q@*J6RvI#0<+5}|UpRwEb z!0m6j+CPsqcAnC-#e8WtG7P9{i4^FFeQr0b?C?Nsn>=l-MXi$f*>M-$Q4TF^ug>l) zZns!OCGSA(OfTu&A+0PN=?EPAGQZj}#?^J^U$Jl0JV@Fh3hrEQC%GBJe-I(q9Q%A~ z^sO@Sn;}fMMg6xE(yoKk_Dhk@qxSA!j@_17-EsyUuN_;E)`($6zd?=22!G+j2XtXn ze6M7{Ryn6#xrpx3&-N4T(8r>FOkwMPrJYh=4uK&nsEqR(Ka#}vlmnaARHpV^=; zf*>4B+z`(zU5n!{;^tD{@YkA{$jAg^@rB3#4UXr%;u*1|$pG22_Z+(Ye}Utke$4Ss z)qoCqrw;vpYvU_KZveoO2DC=bkV=gH6z*MLFcU)(tUg&X$;;}iM= z(*tJJ0|~!|;i&)8#zq!{R5^nqsNZnO`b@#z-rA0Mkwac*1LbVs7it`MHj+s_%tbw> zA~mLEF|42H`IHivrh=8!G1`d+tlvAE^o-=A_H?86S+(Q;Vo-w~3|p@8B(GWGmJPuU z^@MfwuaJ>6SL3ad;kN|flOL*3dXJjt@XY<Zrp)L{fALHbzmacu3Y zWS_~!$hMvE+j5-$&|!Tc^!}p)9YOB#yuI}t_%-v&cv=`dEvbbxlk;zC3>QSkJ|_m6 zQ?DNXtvHI!r!kE-oft5rv_6Is&VzP0O81L^7u}iH92A+r1DT$OPed5&2clfz=n?>5 z08SS`a?+TRD_m?+neVIeWgYP4(}6*?oAu}zP_7v@{_V>^zd*T0pmXjMoxo#Mw*+j# z)XM(VKz0(ti#wliL7!*F4(R)v8o#cY?HZrY${i|>2!Kg|k;R|WIwt_fIsQeB&6nT5 zP~(JZ={VAlxp>rp_>K!a2TM~*xwCUafj+50Fm*xMWUE5IX3E5{{-Va_%i1s07+6g* z3G0WRlQsq7L+*lKtTCg>kZ;TLqg zAF5M{?0v&-8$6NnFVxr|j>l+yJx*8?|7hd6Z3pZfBI6Bu!5swS9YHnR zq0U)11*{q|WG?Ytl#Sg^$lmSs*3HAVHrKYitUn>yhB{|`7`Z{D}F*cG8Zl)l~%uiT4+*^gk~f{Ne=;f6>Oi@u&CW1n~ttl3R0Wg{ORlX9APmXsez7faBo5 z!11Y`#kjr3*M(wkVP6Y!UB7a(uKlX0%dmg2wxZ|dZ+u{5&R{Es z3AmsQ3E~0V))R$+0b}t0ZXYMiwR8MXl=^{Nc*oImH|BC7?)EnJ>!DYiuc+C6xUDw= zcsRCs*kpbskrG`CL?e&-#xv3 zxgH!|*m2{acVd|%Ot<4FNnf|~t$?W~AG7b^r>6^x9~>4=!x22A2S2{&KF;tvFGTp# zn%sY1T-+({_`-1L?C*zN1z&mYZ{M3&x(mCeEkD8Xs`A9)u**3gF!i0ED#D$qJ5-ZBq%1&Hu9x>Djt>{qRqoO(Njve z9(&7q)i+#;{h7jvic@~98un{68mal2A~7tf`rRXJgd&PMhb47=W0_`W;BP3xIHBuQ z<(pS_E8Npk7-8X%SGu5#)Rp=?2&Nz|5Zb~Kur68Lv$m|a^>*?uz8G0cnBF?A!3(fCpbjOM$ zp=jV?COD}ZS)86CKpuhy;K*Z@hrrkVzz73NKVH)RQIh47!;chplOr?>n_)V*al~#z zz)Z3#5Ry!pW&`SZDx$!P>dZZHWJEK(1Cqssh;#@Ig>)|>*@j9-yP8X$J#y^k8>xN4 zs~3#CrO}SeE>c&_gDCxJmI4ZYKBV^q?2s-HWw>oe0_t|yr%1Z9LWZ_(|2Zcd7 zc#1rM+MKG0g`Z;sc`QN*5MKqu4#IiU{(zNyM|THn{_zu>b02#!enzUUdGec!&(QiqdaVauXlc zbw3rx9b^%naIT!Vm8MEy)N1ev$F4G`rWfU~7Ehk3rYV^GwM)`>l&zX3;-u5*h9N|< z@894UMX%BcZ7^a`r$t#XKh4>!(GFpcN@IRJlT*|S3#m(>rj3WJi2x9y7lK@SKMWq| z(`~(~N0M;SJ%MjE(8-ksKf4N{QW!QVx|x**hrKe&QF*Udp3^`ak7F^$OI(jQc?67AicMAi2owU zY{hkvh~)shl-<%dXu(^-{R%r>A)MiOCxx%Sd}HW3QMx}*S*Cm%=Iud;9(j@0YXh7MGKsD%K%O+H9NwLg zBEFKR6c!KNQBY2QJt11pg8;3*Wgtf}F=q67$E9(g#-wQ?kY7eI6yA~prR$vuGJJRY z4&P_L+&ZvX|L(iq3>)RKxad^m6!l5t)$Z>Wb zcd39RhJ+Hnb9>k*5=OUg;E7c}{(>+*_>SaZ2I@r_}nDo(_z4z;sc3ut@1^+I)T)5`sp#y0L* zhR5!uYK`_}haX41yKZYfX3&B2e;vJ*_(hLP{S#O5PtM4w^L?`5`t4iEx3J1!O^s{> z@|W|$lipAc-UxKha<;d{(~vfdB7D^mIW88aI2R9J@;fHNm&=-jX0&2@x#8CuCp4+G z9yaWr%rXija|pe>#r!45D6g~TUhSlmY26;b3CEp}#?dJsI^`kr+NUZ+-1lb#wNr0F(Y^jAC6BO7ghANV?%3RY>V z(m&0DF5!%%W(Dm#N?(&KXPLQ@_aV7Si@^*mE}ATeO$Pir8pcVgx7UrAL- z`!e@Cv1!3->8W0+`-otBYdn{--JfU&cs6{^u}7r)?_rW*72RV&{wyo5S+SY2pY zjW^rES_V2G@(MO5s29XoBbdk^KXOwq~*6G-Z^~)G|74erUHii;TE&u)Tr*D=i z`NQ9;c+24*RjiO!5taCtDqb03*}G0I5w&5_d&<%sbWdyQu#rX295X|FpE00fLjQ4P z{OyY>-aWD5`}(4ayWCQ?MPF30Z>4+l`@Fl3!?>NysSk)A1%=0Nr3hbCaV=XmcIS&K zZYvJ^OBIXRQ>SOnrVo0Q5~A3vdVinGm#-|65_8Z@|K6F#@A;yNPimvH7CuLKRu}f! z8!UZa{8V~Zzh8=_ZXAi0wzVf$nszgI(Qpsn?*)s?A>iii?1X9vA(s_8+m zW_(9y7w^?o=z>?vKuw9QOw-z~ym#4D&AcbHY<0cUt0{W*w~HT---bk|cjq1ZQNUs2 z=1;_yyg%e~V5GGzSB@5~-9Xofw<6n2fj)io6bFz^k8Ru`pL*7dnYg!WyIL25@-k4j zq*uOs*kZmTIuv^;@1A#9BU>wt;-@o*)(*I9TP5EIz0Vu_xz7h0vTFJ$ax9{5rDo!_F6s5=`L9i5g07CM?61WZNqy?oK{yED1_0$MTr z`sic`9#;Z;j>);Vx7UyWXE?ap($l;w1sQP`u6=j?isX-P?3sBmSVbyFmXMGZaTd}` zxpC96(ZUAejzJkTF@8^|xGtCVIF=5DPT=R~N&?$56f;zq)`XB1g^ylyOVC;D&pi}~ znh1tUdtP^cy*h8>s*Qm;8Cq9lBF+0T)a~ zQj|PRMk`$uTAobbiz|i=5|5JgtCsgCYmDmPiD{I8sm2Glq`G?0y?<6fo23fvC&u(6 z!#2dSK@QfTCJw->_bVP=?Hw+i9aLL!&;!) zEvR=f?|LcDHDp47QUpG=5p2pEF3MXC%KJ>^WJuXlMgGs@j=1hJV7d&&MhJainhs7C zBaVlBg5_dOqY!I0O+|{Tsgj0#HeX#cURra~VU{fbI!kYp$26cy*~G;v#>axr#=eg8 z%9)yTLY`xSm207rxrB|UhL@XNi?@c8EtiWAfnC66ZmCc!GHLE`WNx!#PB>gz(56N# zl}(bKQ|eBO`*enuejebNmofPwXVNP!_v-bXfRg9DgZ=zWh&I8PHskuda$JcTf{a|r z;2Q*;4Q?G0!k& z7SlI3(nkwic0bn>iP1l=)^BgqKXlOlfIb&hBKWc7ODwrc;=)ASfM~+L{%@+4Eop-= z$CVTv-QYk20i%_SYJ-M0gP~Ca$F&uz+!g*)10^&==g#)RCh1RsO3CYd#q`ppVk~9h ztmWiV73=l+Iy{xKRjNESosysL-jpox)x}9ROsLm)@_k{KY-$p0G!dx{UnvYR zVzF8+j$5tqTzykz*7^w3`Xm9&L)ZeCJZs_ z=(+2C?5(R}t7~$t-}!{Ln#8y7))!e!{OLD#JgesRzwHfhZ?KCUt?L{%aUVB{o_5Ng z)Nr5iiC&;fotGG0>6ljHm{I=N*tFTW#$Q}#-((aq+fy}r?QfPIV|Ev}`0UyERML9i zv`NsnDL=Q#y0-}xivo1%;V_usFN6>#OJSN#kQlZU#5NkOwz8|XV8YDl+P5-Rx2D22 zL3ta0n!cjx>S1k2Vw*N%Kuz)Zx4UR8a{MivoVW4w%xko^N$y)n)uajXwl!?bC??m4 z5G}|rRH-L5s4lh*cr4XSb|`6~J0JabSfh8~Tr7X)S{799P_*wvty&VFSV}%yMxgG- z%UMoO>|B#uv9Rr~idgNd?)ExZk@;H%XInK!?^2rV(uv0lFV2ZfYD(mph}UXLMr?~N zT5(YCVd7ddtL@F0SjRZ*5&BzuXIuAHSig$59_!rG<*|O6upU^q7CGNjMBR5~wMi4Q z5v16cS^V@SOyh zM@?$pTzZ84Zn$l9*D+1=ac%0c!^Lr~T4sT5bAE(g5rKm}w*!-j!!PNR;t1rdAnb~? zx8=5bWu?Z|7;kHu9sYFM<$XHQMs-A(J+2KZFICfOym(v7?NB zFPyC|K8juJxF{FZo-Z@J3pic+abUficCi+5u@Qf{FMoNS_wJ1U@=`7DYVh*f>zxMl zoyXie+LDXg#fzU8E^q>7H5>@*?O1}a!LNxxMpuf7{|S^I`w-tKfYM#T1+Ls)E>A9( z+iC&{f#Jvs5K329eLF(%ZB|S|9|7YF<#hvnuDH9`=jQEWkd#RV^-Hn!%c%4x7C>c0 z`enp^VPSo^iX*xPnA}EoTsTNw|AbKlz3^nLG9%X*-s-E+M{wi+@MJ7Gj)$92;714c zd)!y92Qca|s&SLlAYDAVzBcAXXneqJUdv$`bOjUKK_%W1<(441lM@(T=+` z^l2$5ksSy@jzeDN9jC%(dCqjSfaDPB2$okrM3!vGoflafiWy9C<)MD*W@$z|ge9_! z3asot)U%4X!UN_n@A{AT&k+xy=s$JofdxI-T|?2d!}_8xP1SvxKca24iC9whIIZ- zRQr^F|D{fC(9?8`Z$@OmfzflHnSc0)JgmAL;3)G2BKu26F<0P#TX4dz0>L2Y_R!vp zH~Gr7fA=P6M+nlc9W_PyqLTx)5ezl9?#-^r>3oc6*?ru_p_hP;r2)&Suvg4`Q(;) z{zVlJYAfAUYP>?FhmnMaZ~^LIAvpb`;Rx8csA`mE>GCEjz0VT$v(DceI82kgf83x8 zHM2>Rc%Y~e(_ZyU6Kv*moL+@i$}6o_dY&HS-3RWxwIO9Q7#9c4wB zB|kC4xEzoF%9hNz{nO!UoA-~4^Y-__n*l@pOpm>s02eA(0td)vHyWrlMIXktL;#0~ zMv*Gic2K?FE|Q5!SL*7R|AuqQh8LgOqHU;0B*!G!EUoV8z?~xip&I<XCR@o++%fViO z&CB-ft^BK|?c@UM8;gMg%kRI{2y7_*_)WVOC}YyR6(0Hcbz2yzOJFXBvwnCI{ZgzrC+jlK~&HIJZ)`@0eob@{MR)M-A8p;6t-?jI5fel;JeBN zSxFc~vV_|2U#BjDF2KF7$j+}xvs-^Zy@LFC_i7Qo>M2dH>;8pVe5QIpE31a%qe#*Ne12KbO z3;Z`xHy=lrxU&l01fIpr{R-NZ`i;&4k!{S!&MwMBrL%vn>VRPYFAayo%W6r71`y^A zCvw;!!%;(efsQK#&fETI(!y@(e`Rq{>#6X@++onH83E#Ds-XzQbUY6DU=h(R;7erh zwyG>R!C?#e|6}j2W8(Z5c+U?$_&{-YclYA1g;FRk#ogWAio3gead&rjcP|B6=yYj+ z=bW5-?`E^v>`iu){y)hi^UpKS^L$^QHyW7;-h1#(0N<#7PW%YIpdn09H==Gm&|Fjm zPnnt?LmIJwyYtNY&W)py^l3nz$3S4m_9 zKmwnpLUuzt0xYEgp+^DU9!7$ISPmePIfwW~@iFua4RS^yvxxR6Wcs?&!DzcW60IMG zIKvu}y0XyGFe>Eun;IY7b%(yA`?R5=`l)w17(B@|<+ zqF?sOIZKr^-#PiVJEmbw3gaBq%9F8-7fF$*f<`+kQ-LD#A{gXo7#vhFK-ykWdC;ik zSxAmr9VL^Fth~!vB6$yzAB)_WDu93;3>Xy$vS+Q%o8cMf!#A9&)t41o2VelUf>xA= z<0U>PvICBx3vfnHR1)aeqAjiV@kRKC`HmcIF}>;Mna(o93k^suPRgW&B3{XJAqg59 z9S@~wY;nvNNkIh>5jDTzx!DC8mwbOoDCN{nL(bawhhfrC!gE<4A6UZEfO3d?sUBS% zuiK9}YV(0AfQ@>RtGo-zd)c*^7mm`*BpelU=Y`jp2>{cLN-_=4&)g*@&`$8G_W(~K zyw-r!8fd1l0n)0+N~D^@9KlC;=NC7U3UrhX+5{P z7T=6{-~{+~UP{99Z#c6Z)Plpa$~>aiGlnHy>Tf5{y*}{AP1vY+iAk6P)FNVMVD%f( z0?b8>&(sebcqq?yJE+vX?BE2i#yzJ2xsQ!?&n#h>7h8ay<^oB{TW$V# z+s}M04N!4ZzWC^R1F*t%>Q^k8ti{?oeZ8%>E1Gs z@a>lcdKLAoK!FQpZ2k#?RmVzueoLA+cyn~Z9DeRr)=4~VBotgu019M)YzYo&hT?e4P+gb}Un5tm!_` z%q;n@sQ{ABo%Pb(_Jao>-ee?O>@Ar4L-#jNCU>N^5jvy$q2`)5uV0=O@I5)S;bnX>4uLQHw zzUwZ5;q{a-^#BApFg`gwx5Uy>a;=%;s3I6q47ucsx#A12_ow4s_mRjp18t4t?E~W- z_wnK+y`mKU;Lhy3R@v{pT7X);QD^)@>AYu3wI8hdVs(-~cNc$Rii1gW+CGt(iW33Y z!U0P}5FSAgHZmy`JID6;HW0#4Lb<0ffHQ*y=rt7>gmA?A-02rm5;kPqA9*CAK!w=I z*4%N-s%_MCJq)hTojZ|TH<2Ooy95a0pf<#g5jmb&cyz2F^oZRFPSQew-6t7?wX{rf zD&=aH8FI3qm&FJ)vH@&ZVVvq6lA%@7D>8YfOwhM{W)vAxNk!H>7$l}WB+-02NL?_d z>>i4GKB@^Rs2-6TeV3ZZ0R3u>g(!u^r6AP1U^a}L=WGfmxgal=oX;?lubO;_pn$c_ zD4#M%U`$&OU4?&ZUmQ?ids84JBq5Y7D-0%|Ln{O$9lZTfz}Z_MvIisD6(q`KtSw`F zC2$}pX{?}WENDToXjjPZK_TG-l+GuY+>(?Dp0V@HYTLHYgxMuUq;J>pPs^c+Lsc775&zp%aTn9YQ1!(W)8$h2 zFQZ%hKPAY2!^UNe?Q7e6I|nD_UplH=yH_@Mmo~PmTDqqf*Sdx$ntO+?@9rJKlTI(M z1Cn$4#-<0xXIuM67FM^;E^nq5S9?dNYFc}oqf)09R;@!4TKa|;*0%hUa=L~l?(QF# zH+H5MSND!i-J;X1g5#TdhO#Oe1}A30AIN+YvP&DRSC1b0ag0Hg^wq4^IPA z^450_My3~*Hg@{QrY~>qVsp#RF0bvwlS&)f&aZB(n!AT4=dW(R?j4^tbq~hol}|3L ze0%(HbNB6U+xRa*{!5Tg3;z=2zhUFQVdKAHxtMv|Op$&xa4`itfJn@r!KOcDK zKd1>Y_?dn%Q)KYba`35QP+4T?L+{}5`Ctab&;$L@qvcTNTIaO?(8vEpHiQ2|o2j%1 zAsq%CqO>A62%Mt+2i@#N0PuO$%@4!Bb+f_9_w%6##9;-4F$L`onRZN$*Fa;C2`{v* z-LXsR#_+K#$dXEy24gJR3d`yRuJ8q}w4<_9p!bzstN%~RId(L|YIKfZ@*m}_q&;DL zJKifWA^UoC@OI?=KhW8A{7dEN#UJS0Q8|Q_v_(L0pgmMB@I~*BbzYGNExb%Y zA^*0{!kN>C2GbDvBlp??NZtfT@_)oL>}2)^`{Jv3P8o-!?th~*f&g_J z^C`3QCZxaB^J`r>;NR*wQ238}R{pJ?r{%HUPIf9^7X1`x(t?;-{T*2Lv@cm$$^>ak zDd{!OSnA-u)4@_h=5Vf^<^5_1X#kvFVBZN{dfHe%K3fU)m>BZJJb6tl7tP8EPBvw( zLRI}vEPu6{D9FU}f2GfMz_3{M@SfFw=ySw>(Pz`RC4czUQT_!a{*LtKcbTu1S z!SR&J)vJlM9MgAsI{jf$SViDVx5!ui+_Uj7{(OVgMwr~eI2+$N_VM5RIn{d^x^wj+ zdi-Df`LKspaJqnT(~s*=xv!5QKP2)(r;tdnRh82b-^c2XE0)0qdfEc^!0ZoBz}o2I?HP%4`|j+@E< z0B9_1n5|S1ozDHuL0+4=AA*i%;!y6fYdj5WB0{zVQu5Fu2fR@5t=4-M$lV8*ODY=& z*79r5$Q%gzGf*my+}sCz`-dj>2Uo5;LrHrsQ}ga9ePBxOBc&;;_l!_+`an2q5E&CZ z3@bbj`SB-_W9#tUxRwLsse_rz1ODtI7L;iq+D>BZNhJ7?2Klt1?YKK`r&;cdW#hOf z>PVT$HJ!;lkn4ATIf4ifHMNrGv)2=OoUhww(skx*Bi=ZC1oaPyR)!Z+hTU{IH`+a+ zT{-`Jxju41oL{-G8htui<-NST_F7<`V#1ms3Y^mo>Okol&D%9Hfai6DU-3SC1=IgD zm|sp#iAeqPE$Z6 zQ{y6C*Fd~ICF;ifrht|{gR^V{J~g`i-C>R-#KlL=IYc2Y7Q%dG(ebtLzgaZs&h+9& zsPfFz|Lz|doiuyb_x-M(<}?=gTSkl5ECwr#BEw#*5dW8qHW)^CS^8jO5Tp&t1i@$N zLuUgZasUV@4{s>n-u^PU4-UV-Li@_j>b)qnLPPb9UhOiRM6v z?S3xv8lk!-cIeJ@+K%l0eE*M$?$6mA@t%Z2+xcHjbfK_&pEX9S?_5#TPXL7QYts}4 znMgcUc~>+9nNTPQMeOP9jYWM|tXyVzC<_U2f1JDI zXYmh!LBeCPyYXY~?S@9c0rU8gT#hxEbjC<#ef(yzM6A>tLa6m{v04Mac9kB_)t~(q zrk->a_RNSIHiPK!g-6)l- z-|U9dY~pwc_B}UjjeW7#A0GSu<2_TYfBi`f6A|9mn*0$!Zf-y)U9NC@8k32pS{y$n6~sG)at&WI{WG42!Vq zAqk>^z1c%#N!|PQZy-m6$NX7>=9DF{lh{-wiGvfx-#F8c z%x07`w$pVZboBzOG#4}ksNO?Cv09SvIDRZ9tl!YBQ;O@ zxcx99mvf~S#Z zv6nj?0^EP==IoK1N|#=CY9OJmd1VB@#|`kkE?OfAh9@d5E4fH6zsQ)r!?hlCRrInS zChm?t8PbYuM$r%MTyJUHmr!2?XqzQpm%~IfyrTIVrE}EH$Ty;8! zL8}p0IAQCiW3aVqtHA<+zCpO{RqMNFrm!|ZB|ESk&`7R5bAyGPVz||8nrU{`?dxTB z$*(pW!_bVB@s*W(c{%s>s^>S!>hP3@$bFML|KuM)A`?c+gVP5m9Z(qi6X1h8Gll?$ zyg|@FB7q~-=*=}d%p3J*e%Cdx@vNbShK*dq#EL-h9L5eJhA_7%fD(pBC8KDnEGLsP zRC{3H>34Yl8a56}e3DcnkKd6J^&Axgr#^~xLfZ>_xXE9LmUjP?sbG@i38({#LdRo3 z01&*Qpzg#(u6IE?I2#7f9PiO~L5fa}<{2X566J}kv+gtWVfUrO{py1tQ=NN5B3@%L z!3PyrjNSszCCDJbj$qXM(G-WMmH|?tny>))0Fa%sKTm2Ns*jmYZz{0r4UInxvc5lh za!-&rBq}_G3?yI)5Q#n@ir{JHhae1sUidlt`4qAsjEB1>VqrYW$teE^EI7Wo6QUsw z@_PmdZW%v_Hp(EBU4g`wchXrVA$|E^@5!M+!OG<;sn`9Hrvolo0V%R^w>)q@h!#`| zBWz*HFtP|4`^Dd?ij0lDV0j6niDr}~^OrF)4+Nib-AQaN91I0F8eP7e`Qh zRiOZi3bI`OJP}!Jzxg5?XNXc^s@8995j1rvDkz%R5Z-F0LYk=Yd3-~L0MXMO@r3FJSqX&jHSdWanNbE;nyWL5s#dwY zCuRM1#@ULul(dm3CQuoMN~oD4fgqj*Hn+rzZNW}}^fQNq4|sD536`Km35vk1%TKJ8 zRqtyXPY;&3kfv~58Mw2ljQ&(seUu;)51NY&qaf2th!`4f!~_J!QBX35k4}<_Lub7h z(@4Rq1!UHfm0>W*lCG}|PpKE{e_=$n%vi6IZIbQyxux%4vABuyn0vu?g%p{g{qV$P zG~u0Tm)AabsMwq_@}=4cH$x{THL0C1;mXytP3N`^qy6x`w)5;d|8cc-rvT!$XI+`@ z_o^S^P>E&j)2~6_TgI}-jLqO@N zWb?BK#UP zEO=EN$!ujrGEX%uakUi|$DmHitjYP7izzN^Bb{6cH$|c8F0?N5Fu*3Q*TR!2r7Vhc zz+H19p6zSee1-{UB=lH6413z)Z-Tr!!fE;O zl^{0{IafP(TIxQoEracyJUpc>E#A z+pv$#SqjxApVv2zAM8E*J8fLR&Fh=jONedErB?3C>s#xp_#NLmZG9fKmLGN1S|Nn& z0=VPek63!x$E9o>P)oI1 zNoPAGH*Xv=qdMdn2sx%NZyeQXexG#ia?G|AI2MHSm=H5Kz z)BQ1DB;;I<%5(O9*kkF-)JBEv=D8kR`-gTSm->{=i(P`})x|ECCM}jr>rl^)!)%+h z>CG$G;da^WY}c;G&Fksv=WUp`Zhg%>H^EX~dzgA+9?V;}pF>~#$=|wZuUCj z>~^o$&;FVN=Y8@>QZ?(fekF2{rw;qKy zTH$vi0Is`NVG_Pv=fWxdaO`?EtXXJDzs=V3p_8`V+odHZeqW2n5> zP0IGSy&9Gulifa*6~B6~OnqOnP<}zr>wzD++kRFl`n){)-u-}M0o->(RPsU$Fhf!F zKwI%bCo;pT^}sRk!f7+Z2lXHv@E~k3gByB~Gx?F!fSS@Eu3GG87D!B?+s~r z6Hfz?^P@!R0{<~5>DI0 zz?zvMNdhm$)6X%`-=`%OlnT?93$v8|dduD~Kq20}E*6MW5CMdqYJEg9d2jM$+&Bw@)=LxBFC8@~91E=p0;EQbwY*MJB1zpL&4l$6 zoQ+cAkL8N9Yi~5>-=ls(7zF6cRz^w0`^f@GVkz2We`&A3yh@X}UM^u7_?ee?E~_M9}aM?gM6exmP! z4%~OaBN3jWR~DupUb@Fi<#d+$37*hMG%q?o*}o;(YBgE+HrYRXbpC>MQG8O6OcBax zoMR8iF=BEuu`kf9#I;W$FqYZ_9hll$l2(?s%b?)NKDFN%d&AKov76Zp@7J;`*&IKS z3kfi^C|H%JQgDcfO^X1OB3!@l++is7sJ0wJ6Rn~VHA0d;WR{}IW&`|Up2YLGWs^>K zF=jDPf8O(eFQ&iM&Tu{}j?Ly`xsOABp&u2`#u$q`6d}b#h$n@Yz#*IbDL;j{*p7`X zjOz`Yk{Mw8I1Lh<0Z@iz@Nf_U$K5ASRi; z3kPG$jUuX9qQv6S6NJu60G#qCTDl)~#4mYDMTX@7yK(?t?nxn?Xj#?^MQX?IlA%EPaR7`=F7E&K-L3pA`TggZAco$8$AZZ#KO{DQm_eKy4)z z4@Hqz;it#{gM1`(>2D6kg){7~lo@$;9pf&7nxYil{DYZafuYLHthf6nK^aMr=B z2MKFQkgp?atw*@8H&!J!QC7CV5V!v%YfI9SXXNRaTnXFMy1H9eq8IMOlx{%Qrj*bo z!QWV%SQx<6?#FD8FWeaW!qpSJk)WfU_GM%0o3?KM#>Ao8sKO+8nsal$=*tY|rtYTp zxTSU+<>n$`+_J>zl8)e-_s0#+@s&-!&2O69n6g_E61z#8C=j|slv@vSTYH4lhcIpX zoE#^c8mFDCXM*hKj2aiwLdRdE)<5Y&?(1gH>xLt3UvEa=c6Qxmz5T|imt>@uA-26{ zt>^2t-S=&4A#z)IQm?s6uW)^v;^+4L`E~)~4kDv|NT=RBzy7WEPPoF(oTdIk)Xq;& z{kaVN#*UpN!kw4(o$nISNJ2d*SbU%m8T8^+1S~UH138$KJb`M~yg=tyoL% zak(_`gn03>^f88ZH+OfD?so$hc8PtykScbNNa~YIGEi=T)hU)b$xIAWf(-=|4WByq zXu+$`j)rhchV^HLp_7K`h(;a^`=@+H$kltyAs@fX?SpiUxR%nmi8gtv1^8kl1x$3X z7L1H8jDCDEVk9u)%?^7z#V7_|6rnnpLNpdrJ4g{bP>nhuusImXIFRcwuJSfc89xxc zFpk+gfI&KxKv`EAYEcr>en-TsTFs+YZS=m2QN5VwL&&OZ$S0P;w;#9mwThWEvw3uU zc=V1w`2$S$&`sj#k0|Aj-Zvc%Ync#w9i>E=tnr!XW*_O=y#Dn$(&{?GnLIjJH_^B{ z3dTEbLpFWSbiB`ZJWOcfpnF{U(_~Q26qsomrqk;IRu}eSns-y&bEPu&hSd~$Fy)0c zv!y%HI68L8-t?zx2~0K#0UL%=4Iw0&F@>0Ub)4u;nNd}rn4g)sDw+jTZQMPd_-&ez zGnwBYoA=3?f3-Xn@G$p_IK9p|P18O-=07E_Hs2gO-8(nO-8zMDH}6F}JEcEs|9KkB ze|DsG*4=qr_^?wv#9bO<8mE4or^{c4!cuOdR|RWWeWg_k)~yL4s1Gr(Gtq6J`q(&R zR@r3nqFHwB#HG+&ZHY8!Ij~^am2v*{{9GK-DsSuDd+M+kYrb2^>hY6R zJ^h8hwN;?{1y`h1q0hxAO6iz-!#I`f6pA)@+GZaa!x|Cx((290#L|V;duuxZYg775 z3>)j3$jh4S%f+U$WvcDMgD! zvuu>)u4qE8t`sg$w$3h++s>2E&%ipjD7x3ll3$N(@+lAf+bYt<{(#9IYU-9U z+a7QDVxY^uJks782LhTs4amOb0HR|P#!_+Z~;44??*C2tfJSC1>T8=on4h=54f_itco(^5e z*FrfxB*$O*xg8F%^hAGsb!Wd9pZ+RAEhoOsD}DW5pxGKH*(s~wUcc$Se(Sz&@;>AF zUJT1A8+lt)@BH0#k7UlhDzS4DvNMB;vx2Mhd!+*n<_%5kZy$&6)vld)Jikfqev2G% zW^4Kujrf3${~*r%y1n6IadmGJ+A8S#5WM8f;B#;ES=&6+*m}Cff_p-a+C`7pRUg|) zb!Wi5jM6_BI=%&FjRB|_7NiJffmHJIQvw8!2tP*P_&dY-xzvQYD%sncx;QYqIUW;f z*gg6``8$1vS->3vt|3CGJo%Zrg+4wKKRStU%QnBJn}x%w8j&Vukb+`m`-PDP^`pE$ zxCQ{803f%^Jr~7?2UYcN>#v$ym_i!|Jyx%T_$E%d1p);W%&re89dOUW24bAqi{ie(pf^Q}Obs+fEzYpe@-cp+@o(SWOTr19n3L z#>L-HL?!T|g%xgp2WS7X8c_23RomNKDbisk3)uOQYWq|({Zy9iIXnszKNAdD8m3d4 z>`WFMY4I~4>}N#k&$XK5er~rBbA>QSz-DFg7IfL9zM6>&u=kjz16!gH);r5yoQy+M z5w}ko$xp^=IdJEt=UWjE+}yz^JZ^_d4Hn_y*RZh-!Od(y zp9FC;1&1c+lV}o*Ce!`RZD2ofHo`-${Xqd_yl5!8cUT?GT%qhg1X(R!s^A?XpZ?e| zKn|x32@Gh+qpc+V{e*IKcd=5dqF(1m9pgrn?fzWR$~VhC4&p@$ryEvivDfi53adN& zNpZZ6dRV{s5+>u%B;=}HJYU$3+7T4IE@tlzj;8!=g(kk)>-Pqxe&Fwz_`!LxQg5p2 zq`=P{JyB~X48Y$enrGm@{57|MjeCjC^b?;m0Q zw%QwIxyik7YMwtDC3jXzDo2klNKe^EVGae8-DM)1$>SG14~ah%tcJddBg+z;?Y)Q^ z6rBk)_JSya$skF9RaMHaG`<5*yeE9wtqLAIr?N5<%BZq36ji=ioIMQbW8OQsIhs{t zFgL6(AnAl*1O3JLhl`2OfKvIk-%qwxkOBX`8 zG!KR}eLEIy5T_@~-{qjBD9yrxs5ss5c9x(L13DatV2z80oDZAZCz^wWaaLMn(}tFt zzSMS_?BKVytS9=aiU1*)L8;GYbWub&H1grWFrR2@!i{D+bB_y|Q=_%Qy%r4k!PU9Yw~4a??7SF+)8B z&3K)P+?*Htl(IX+Ar33Xy=WgG>=q3+eDBK)0z?PoIDj{(77_wRW##L%2&#_qEN?~Y z*I{jLTth#w=@Up6K0xAC0PaKvfW%26Bv?eEVeNUYIT3GP9799T#8T z;$5I?qZ%dusHh?vbz(j=F|AVB*jF!yBqxr;Q2o;}u^74JhDJkr+p_W1LWh*xi%$+# zr*aMu2`PgF#Q?|fiBFTWDD)%t7ZoL`?fNY4 z7uhR9BNqDvK`ZZ%@V>SW6CD5uX5s)Kzn6x@s0F}s_(7n!`AMoIV?tu|0N{2Eme1T3 z)2`T6e^$x~Sb7v>oT()VFpi3%md=@pB!UYNtxH7^AytBndrPC@a#h(MRRGHR{!wKB zm=HVyczKfI-Dg_mw~)&I=!u_E70jdr&t||J;`ta~Xe2rD7R?ke0i=ZHGD_)l-Bpc6 z%$Inqy=$ryK$qHNhDtYKM~LNKMVBQl412u0L2>)uI+WACYnFeXuMDiwE(RfZi9_M< z^uY4n#8rO0hQtZ`2w>ZJ?|axtCxeLs`NnxEx)`(UT+2cyM(wN5?T5*1QoZnuP`ly?U24%I*v=IfN9d&Xw)Mp7Y_M42X3&%2a9HK`d+2D0t- zV$={3E3eA};4ioBf;f;37=omK<7Gs!p3x3Ejba`kXumPGQ8h%_TZz8EYB$L%f)LIqdspa@IX$?iP@O^idJ`U@7Snb!s$|MD!_Ux4FwMaF!&rjVr+mE7mitIsJl?phcg7i z5WX0rdSSq?6n4c0+@B0OUuNrXq;6*1Qyh5E}LtAJ)xqv4e*AJ8u)5+m2B7u>l^m zK)pr=eZ{YF-3VYbbwC)W{+oqZ2>`;>;xiDXJpm9O z%p6MEwtq#`2V$^g1*n-;Y1#)GFLw$BEz<&aTXh?2-uPW`81qA%#3aiQ`e9BqZ2)Y) zRX~Bx8L24dJUhM_kW88C!2wn%u^$@3JLxz*2}CA@G-jkx010qjYZ$7$RoL;D04puh zO_ZMI%{NzoC{Nq52X6ikI+h_(r6iPWPf|Et=DOSJ=hO(o5q?wWHKAFg^a#R{wbcS! z&K=3`a=>j)JB1GbGr<+Ft2WWD{hJ75%{>g$ut8SE-DRwx{Sa8}{Ji?2*v~Hq)I{Y~ zhzWOsa5|(6uHUB&u87j`Gq#m~bs$<3^>L#KY{GZ9??dE1@`rbl`sB~ZtmHt%n4L^aq$$$eO>6yc${Al~iEEH`W+?~y-PVmZdmwlHKJgO5$R;4HrB!!C zAa)U)^=^xfY{M}P9PZ}KUg-TwA_l;cYPW=MoDxibSre_?g0#_xViMnp)2~}3!ptXG zKqg(u)p{<|LU+g$ZOqtk(i0oeLft_Hlp?Q>M0j5GNJ%T#dnaKw!Sv$DCmm{^b&@O> zWg~IriLT`KC#F^2=7#+w2}Rmf7S{6&QbseJKr`9Gm(;D5-}=Hj@W$pNI4cOlC+HV1 zF@_nn8po~(k;RCH%{nFjG)V%m@5qNudTzVByzA5Dz$jF1hQ zf=L{OY!l@nm(m1C)s?^Qt=)KmgKIGbF-7>yFaU+TEKC&yDG`arq0C7Ijpike22Exy zQ^3IVkx}S?tBIU|Zh-0IM`rZTw-g5~u)?fIQ?EdoEjgV%VE%RQm;=@?vua8^rk4HG>HU?UF6wolC z%E?qUvb(t9p~DiNk3+uYc)qYS^vGtu zcr^a%!M+v)E>tI~45fkUCP9#-ri!IOcSXTx8iH9GcJ~wKsZyT7(r8_T&vbAxvZk>QrB+B~CTFElc&DG} zXkFN7-}2GMp)Y-wER!HPwbY_aF5{^y zQ_3sL_z0WHm5`RNpTz{7JVcv4RhGSFk~2q}138kFzMY$|mm6=M2QJehut+_kO`)^k zW-Sk(vcQvlwaEKLkQTuv7TOf$1rM}E4s=lw79}BPC1+(NAr{?bbY&JLMek0_Bqb}` z%*(qh66-B0xZYJ;gq7{lIjx-q{-E=MKd;`C{zyn)PgMb~XQFT5s%Q|RZ?LC8qpIv=$AfkgOa~WEfPh9MokPGN~N0 zVHkF)9QI)t38@^3VHi!W9L;7JE3O=?W*Bd(9PeV77^<9@Vwha2oZMoVI;xzyVwirY zoCY)ezeXnC~TP?iHE8sn>kdWqvTJd9Y!Abg6mtVSWm!d5U5Fo?P=i zoB2m^&5vs4=cbzHF6Nh^nwKf&pG!4Ax0u04HQ+1eUk^3Ez{~)+S^z2w1a>V1F$*Mh zEhIAw6n8DuTNY@kT4*H}m=CoudMvP}wXn7~aV^R<3+iJn>Ms@$Tpb9N6%D%%jhGdkx(=P0^$mC3 zo42eOQgs+gte79_F!flmOzW_0S+QN~uzgu^LhEoov*M=I;pVX7mDJ(Yu;Mq@;diqV z4A&7%vl1@X5pJ^*9oG?Evl2hn5&vQ(fvYD$Wh2F|CnaVhqpl}oW+UgWCx6REAyrSI z#76m{o>GsE%Cw%!mW|rAp4yjxbT({Vl1H5>C|J@YR%7Ptl$RCZSE1{PLgb~fq;HfDBq?gsX^>>N@J97^n*9~wCI z*ttv_xNOGu1Op&|1k$y+y@9|t zblM}edHtava@kDjy8OXN9CnM1k-CE6&m>|I1Tyu7qX{&s<=Uh5MdK+fMq`;W4aJig zJdS4@qYWj~Il_SmgtCpLvjx%#bUI^=W%DJ<1+rPPU&m+Oqb?o2e>?T=;2HCJ!8yL~;|9B;1K?)HO1B$98b-R%#1L$5p0Qnx=GOD>l! z-&%h-p2}{yHPPB|Je?~RNulen|cVkTw$DeUGd zgc#`cJgF`ZZdu`RKmr{)xwnr0!pwAYN$ew(BQIjJU&i*d{d6FxDyL7Fy!8q_y?2ahB zVKKIW<6g`3SJzo0*c0pSbux1H9Z}e5boj*QeWX-LG?#D+Fm1#ej%E&K+Wg?+EEkNRd|zRi;p7mtWF$QOOim zVGn!$1wUx1>AzCealGL_rph|LW}U(AcKCt8XdO!i)62yVyQ)GDfgn6nCSi_MO;mv7 zv>FMcxB0nTL_-2B|0WxHXR$zz^9;856M(GqpQ<(Qw+=<=-pT)}T7&|NM4#_DQTN$fVCe4t3xdBoI3 z^W4eFe3K0wMFK(SBgFT^XzS3>o-BG^eg@x%*?&p-`9H9e)BKN#Yl(n=C9W5JXa6Lw zQGs5p4*rRv{=!E7o+YHX8iXJkGGQLtOH%>4RAMP4E@ zhb}I@pHX#1qYeXCL52;7h7n7K<$v)J9tx|-56d|Y!Ost!?hUo22`?87A2bb@JPE6Y z34ae4p*|9x84_G-W}06rAOs|LTcOD=buBK{sxlL-c_OPDp=sa=sW>4iY2f=^sxIYe zFLmrTqw92wxIL^LMDHRg=x^ZgU=)f4ffG|df;|DDEX@YCnWgwH=oV*~0x%cklA(_#^1 zI9xu&_|n86?FNC;NDwvSu*~C-SLtD8g0WZQh*ouQN9pltP2a4#Q}WtVuZGZ#(m{_> zGs4q+Rt5Wat*|$q*r1=rX5Yno0v8norckP0}tiS8JvH*cztBoy;een3bBG zw3p;5%E$jHMU*$ePA1;8EXu(>(NHtUO(wy^J=E7dI+T{ysWrhLJ|Yk|(O@;DKP5G; zKGl6M0fjZy^Lw~SIDK+Bb?Pc8-8?mJHSL2`nq!(ATWeylW^$oe2 z0q|Vrr@k!Py{vxt47ZZ3e#mS?!)&X7>_OVBH`3YR`Pmbv*)p^_p^!QAquFKQIh;~C z-G(_jdpV|%xzA-eoie#uWVyVfIZ@`h?^|{EWaxn&xd+JHGO<@IXjmc@P~w|k!q-;H83U?o^QuF7 ztIu|;X(4O4$*WsQYer;ieudZU7}WUp)*SBE-11cVl+-jq)b7jHel)Bt&a3t6t$mKD z)!eHsAgyy3soOND%b=-U1lBe9*RAi?<(1YIz$I^ftfy+{I3BGdDz9I&2PaTJ*R#-b z(9+j`m1!82s%On;;2WXrZKUapJcM9Z!tFZ=D-!p(&62yq@l0 zN$Is77MKy5(%xzf(bi7d1`=&c*liB>#4C=(uQ)d^dnPDdZ?$@EyPs`alWsSDZf)VO zYuCbxe{PS=Xs+icuEV$Ol*8)D=vct38O|UWq;Hy}#~S1B92@KC2h$TzS2WGyWAT24 z+j{QY!SCAR?>cxre&^YBlF@b6-gU9wb@kkJgWr8O-qqxZ^X(jGHKTPZlKty{Gx3-1 zM=cz<37qeq%?G|cmW)2?dmqq&XKrY^4U&If<7{VJ__x=>+@be z|GtOz-l6ecyo(+xf_^rEevX$Ox(jUXs2&ESPNqy8l9x^>^e*0w+Vw~+{>o0lD4e$! zogzqGVjb8@3^<4ajmQLD3NM{1+I14z1gaC5pyIc0mfpS`TD|vU2gP~_d^N;O7CMK* z(yT<2dx86K(P`_2?HtuFb@6WmuI2_Vrv`l@0GPfwF@+5MR^ax-*l5F!FK|)v*l|dM z?i2r3;ElFnrfvaNLkMnv6nNu^mem*w(f}mcK#4$Gm6di<9*0>t zK%n-BU&nZx04Na)@Y0BxAdeQ)F{b!3_HAsUXLe8n!re8|k_>w+M}A}}D)2RTU8+5} z^E@(4fV~@qJ>!LGouc%DJpnyCzFIj2P_{WAA8f4VP-O93H~;p2PLdYhEpG{!`ujYxEj2 z>v!}z5%^0j*n!8qT6H0Dz^^}Bn$IGHloy`70=68&%g z4O;m>@!t@O&iu>gBC~1+p7g<bgqIU2Y#WOo000vUcZ`ADD16Kg!|+8-OdUrkyu)9kNm$g%w%l@weI#0HZR&BtAvBN*j`E)KmJo>r~`a$gY4Q*_xh%6bSZFT(d-(Arzum1at zahW>0k!~{C&|ibIMFSYOnEkRwU>(3#6$sH2_|tm>=VB8Xd8;+rqCJ|u6M5u27YK>O z&c1F7f_@P-CPVsSa@!jV5(V&@!Tuc09#^#oE_Qg$U^8a3$KI?W5iO#`EOS(M6Ef^I zE9{Az`XbCsK^Ztn5AX3g9+*JvzX116MAmRlwv{1vjL^1#G`|J-l@$p1j{xsK{Iq)r z2Y>YFu?(8(2XhJS@#yYhS5E@%w-Q0ejxh(Q(Z^f8oAEDOvg^kx;A7Qnw}2~;;6MJ` zfe7G4v>d**lU#AEFx3-ky>1b=ucL6fnDXfz04`|<>XWifmJpW9R2 z;Hf{+0-s~R?;bY$xuMFrZt2N)hO<`P{r2n?vp@d33;BTGG2kEnP5&SN{r*^nXsx;H zxP|FUY&BL|EPJpJ?nrjXnBww;P-2_zdWX%w{C7Py?yXR$u`a%$4d&V({~g7YuIz*L z`8A9USdK%x@#eXP)4EPQ|CazyeHGw#Hy`S5&{n}WCbu{LBH$voxSm%9TNlEA;@AwR z7c@u1$R?K-)}Vi?p7RJq80sD`0& z)e!PmHsY^>2EI=zOT0?=MlbA^$N*Ls_Qq4Md2C7V*RAajF5ds-v2k@wIGs#>=dqn;R=j=2F@EQ<^X*`fY99o9AK`Z& ze?UBuB0fB1UkSvSmVUUbRPc;I1=L^zLXX^FSjS^b#&yIu`(HIU!1Gmudon*M`2YBx z_e0V0b`LD_#DQi}fCVU`dhXs_d+n(oZ@M*5J2jX{LHk=KE_-xg0eU3=5BBb=Esi#7 z*mU78!QI_01cJL0+}#Np+-baVcXuZcg1b8bLU4Bv5Hx{i$n(7R&DPB9%pAvj|Dbld zx@y&Zt_!)|b4A+pw?oEH+Vk79^QUd7XYOtLnQ-p8;RoEf=jCRHb!lHt%@CcI@_>ZajwuLeA(1P9DH#s5yoemHA>5*x&U zgH=2d@iduGtiu0l!2c$PEZm2^%_>JFnC2!U0pd|idWb?*|J%8 zAGWh`2pBieL=QVSQZErvszocI!_gZkaX`ZYQ!u&1CWjM^qxFWzE6PgYhG~uQ=vn_< zpZG4afSL-g0Fz-BV=qB;KkF#+UV@TmP|3X*8%I2d8VAS6WD5(23u@Zze5l1d{*T_B zd7=y?x;x?YG(9c|nv9?%SbLpeI|wgLvnh^@jA19%t$=Tp*d8*pEgNrRVp-%D)$01KfYH3?t^Q(MT&!k@z;Rc6l=k|?Ax@9 zq~A@JVF*`z31TA_U_|H>HjpeK!MWiHw_Zn7mEt#>pM`OnUy{(?ZneB zTQoll%%GFF;}BU*>ydZZ$6u&$0dyn(#4ZLaBih3P}~&HvmV^ zB%jIq*Bb+3F0SZDG)%zv{rY^Uq|kAq6-8)PE{feD(b8ym5O$(Q4qt^N*EnOSrDSnd z%3>e>TR24DBP8;j>;9R+nQ*Q0GH`pApgn|Sb zzyz(HLF~WU+a@`Ob4Q$X3l(~cNk!0C8S)_}tbiW(8d}$ac!Qj@;h78mfM~M z^^GORBcxH<6tB_Ip68%Up0GHjR?*}~bODACRU8CZf!huq{?JxU;Q;i4DJ9q)N}zX1X+FPaZoiW~|>{aAXs2Wa!+h?+vAU%=#`~ z)oGV(xqlY2B;HKjO6xXTJM;HPGJcLq=y?vC42-rj2CC({;O+`QZv+M5*u6N=4p@Uo zpNe2UWb~akU3zlnm|jh%4;1d6Moeg!zUe{hrzKmCRGrkoNZ09SZpMf-&FO@oearaz zw)yIlhTtmxAs;{2-KP-`5(}*6jL~Z$F5t#}gNFK0@zH@RHkQQlWhY}?t;r=Y{mFvO zbNSy=wV)MO`oE>>ADvdbKV8PPwXD*%&zdQ}wNbk(pQo+<4<`O>DY!~F;l#`1u%B}j z$ClOYL-t=x+=z{*_%X>=>4m;IAKtw}>Yq~ezf3$fmqz0E+}~2QrH~zkr;k!jvwMX0 zzfAnKR9*jJ{iEq$CjMHWNzKhPphsDpdS&7w&GxScCs!7Sc^gZG%B`JNS2qtlnumlO zUDAnvY=x`0%>D-xztFtz*cWp0S?p-MYWD2@%fww5XP@D{df|jGeRi_95M;diaq}($ z+1Iu)BD@BpSw2N+ukGMFrS)-ke~R-Y*(JL78kG`u2@1)1W#ZoBiw-WSf0=j-_ryO; zoMecr#e3Sl``5!x&Y{RF6Q^EtF2sLj;t2KM61!iScy6w|r_X$;@GTQ{)`|8j6F*0G zul0Oo;_;0?`h;JZcvp{%ISx=b?Z;?=KUdBqe`k;=*|c!~Zbx3D1pREGvFTQX)Q^!5SYKcjj;Kk%nk`n4)i-9_J2eP z2>4a{?bi{0>+kO)!c(6=@2^^K{_)@J4j6dxzmE5NioXbW{6T*I>t68rG@@r^731gq z$R@-*|HbE5U?7Ct?`7|~2ZG%jfFhcb0C#N?VjqM~4TQd~vOrVsf=cOaV(v}m6Frmd zbzVUas|Ycx>P3PT^ZX;4)*D<1!ax(mCE|mXQ~^t3mc2pkBY5H^P>f_&1!G-SIzxk` zRKToWeZQ0YC`yDW6w}ZyV}nfKs;?6TIibRig2-b;DO1ENi^Y=bAuup1U`9k19GYBd z6+{_OKO>IBBXz%dW>{fC*f4qVhCS zOgMvl4Pk{xl<_+K=|n?np+lvOgR#A!LIT(X8!3NiHo2G~Bbqi{9ri({NAg3cB99fg^BSAc)A%e|;u(F{R zqv4@!zg$PbDWhuYvc%akT^KV z5<0p1?V@szBJ&@J%Q=vtX5&s;B`XV%t9y}af%r)d3;;2@fg!q4Hd@dO+Hm&PWK&_f>3iHI=j1rcvl;@Lk9-e>RyH_BH@Qe~8I zWeTREc;%%;k(EOwr6DtfabP9LVr9BuF(hJ*e8FOw#bUd{%HPT5^qvTcR%nA2s`)BB z5gMsNm>MuH7Rpg);kh!BP3AO=l_-7)QM#(0IwYV7 z{8Sd$PMtH?7gs=McRfiwN9V`|j(ntx?#nPwoKpQby?j>h*{EO`niZ6gwRxjpkHw%J zT)I72rVCvWMv&1cm%Uh`VC$=VG#G!Al6_nvJ+Y0Ass{csTh%j(y2KeP-bc53TqJ#* zJaUse%F?!~@h#Tu12*+cs!l32G6-f){x=KDpB&7Pi~^SHDdc@Ha(e;VJOvb5D-5g3 zAu!wg=|kEViFvu<-}BQ>uz*+})$9Ko!~lmq>BCnf>H|fUH^j4;QgNh8Sy=msc7%xb zebbCdDl>wJ7hh-MfNug-r4g;PVWSY*UpGA@`?DU`s*KUeR?r#N^0SDBs)jLyVY+H@ z49anrWdJ}=PDp>wNYDL64SiycSt^DfmykjTF#s6|WKz?-RtlnG2x+I=Jq-{X~k-aB+aps zA9|Y7Z~U|povHagLi4wey$0I)#E}Pgs70V@#HdO({Axz^N~C>gzP8r@qc!n0a|U5r zv7y?PIScJI+OWyd4LtEO1SUURti$U%pAVb;k+Ln-9Vz8zT zUh;JCzHD@pQbev!X_8LG{F3*n&ijE^CO#f-*pT2pohT)eOsg9wzHG%RnQFL{hW0rf zts_`bCu^N8+g%%Mv7C^io9pncV2U+wNVZ6dy%=|;Ra}qEZYA4y#Xe@GwCj6is!VmN zdd<0ZZRv`ys$Te?Wsg5Aa%ih{ta7%jtEsyy`$YPUx#dlya;;&)ZJILe?yK2S`Z>8j zzILtJ;OciMz3*k!>pNfNwO!TE9v#$NGnrWKCpGA9svk;S8`EqWb~h*wGuSU)o7y)} zXqdUGkxi}9PWA>R&&J_%!D;N;**gEv zQuQl$j_Xpxiz)8QAFB}VO-zT)iM5S>U*p>xTwN#} zlXMo7XZ1~aMH67U<5*zp=d&?9BnJV$7p{&USxXl6^|uQVKr55M7-qvnH$YF@Dx}^1 zif#Ib)zo{c8)te6_kac8N*`rGm?(U^S-`Y0c{{ahySC9ZZgm^#V!H)-r+vz_i`mRd zai>tgtWzIiX6$FS8nuH)X4aZz=Jm9l-m#;$wsYgK({XAhkGeZcv`YxtVY*vkf$+U` zY~v!6d>3cRtHsY3C-MGno4Zax08c`w*^FPAUpP%%G>%DZ*i2B`9P`>dih6J6?ViM) z%7MNGyT@K>)ZUEzUUIbs=H%Xe``&G?g|eeX?WzSHWbg3A0!+NmhrX{Cm#o1%qmIX~ zZDp+E!KYistY@`f+GiQoxG!w9Z(x;dWL0Ne)@ulVu*zi>ihUrad|*x%X*oP+)y-#P zB=WIN+P0a`j!nb?vbaKPWj(xpuxq6PZ@tui0QGEzBYfy$72^)y`ssqz)9Ua<-derp z@Czj55HHO-VB%1_`_Ma1`Rvp>hUjQ*{m`HJC|KagMfr&5-L zE`&VqZZ%6mh<)(%3#9SbwcEYmC!rT6ovoEZ8co(ts!2a$(wrr`z8BzB5j+TZ^dY z!nUK^w0A)b8qc19?hHr3-bcZH$nMNm-##JM9x1^7OX^AG#^r(53RYsW9Y&>bEw^d8ZzemB4UV3wtgZ zledd9?DrPfMy>++uCHpm1nw6vz9WBx?E8CNo^PZu@*Fu5%QlE9D$X&(a_l2$9 zD&cNqBW^NsZ)C{N1?~k!UhL!!-QJ1Ze961Xg}W6Oan<-K_~B(%o%~iK@K%%k7SqFB zVbe`B{#3WT4td^9qQzb9gPVA~`}V?ZZP!g3XP9JXstOmPyb4(V=zGXksO%9e^(8Fg z1FXtJlm$8Xjfn@~d=~_|tHQoBj&OHPzugTAvwmT;jE5V3!|;3@bpg@w{N!{W1B1fv?;@=4Q@%d5y|Ql=5~6yrjD}VPI|CD8SZu}b>TkaR&|rG` zL)&t$f@bAcjY-zyq#zRofMD_i>m)-aR*39l?9T@zd>_NjALuuly~e*wbddAXAIP2W zoqEPA^Ro?95DghXK}%rdVge^NL9T(EjrKa&$}!Igl5YpRMG zMi2{65cjkL`l%rP`L_X&_-SKw;KYnPD9{!O(i8?TjR6|NIBS>u`G1oCgGT1K&OQ z$2t2ik^fmf^c|M@LrnsvRgs84iroaj>b5LU3^tg(AVw%WcpaDjWa2hgRKqc--2arS zM`9^tl32z*0TL(}-#IkYXP^c!F@!kWRO*oi-s0I_nzdrelO_LU;;r?sOdL;&$>9Wt zYCMbyCCg-~*km41hte>Fc->M=g^|-7m{nBw_8ZdVeQ~hk0j;*W9M09+-CxWUd)>Rh zZmZ7^)aX;Hfp(H9)0!}zxnL*n8)V87C>8QhbuT4&QCD#+8tSDa@lgnI{2J?l;ZR{x zJx70)&!-)!=DR}%^=~9(bkvCkyHwukgqu@e3!&ACg>PXWS1G zRZNng7i>|w=P#7%=P7kpKK@d2Al4Y*Q0jw6F_%nfs26*BBqU^atI2b8d%;c31IaeD zAWG<;(WQzZvXz)Pn<P#!g4Vxn5QVEW=@CPXoz*1Ejz zxXVH;GJu_1N{ofP^GKlrob4ButqWtdR>VJ<;E+k|9)ss26pT`elPjJ+akV_f9XbMD>@c48@{s zOGqk|hOeq=TG89eZt>}xp#dlwDl>fW2I1j&1n0-a>j=J{ig!U)PHKtvPmU`h%Vc3l zQIt5P#ppRg`z79U+=z-LE(gLgV_H&9e{OyyIK%b?s= zE+A@OvHUptQwaSo2{>79pj!ZNA0~XP{8w?{b1#=DI%SP$uXr`@lk*@pyT+$}?4gN+ zafdP;1PL<&8gV$IN0S5$Ar=j>Li2=%1Qbh^LHpP7SoXCY%HqnGi6uE2mY#k&92+16 zzL#wdvn%`UqG9sart(G(w+JzQ3&4#Uv9w)9g`oVT7Y;763v(GRGq!mVp40zetE=gJuwu1oa9^f`i0uq>RsmLmFMgZ5y5pE|vrsgv%rW#$`jMu8*#{_zJ({ z+%g}CNfM*gE|wk&37qROlRDrd32Tg(byakEsQgdv{fQfB6KRF`{``7>zIUUVwnB>c zNd!l7>K7T5Djs##c*vT0y1xg&R>J!Gyim)@|3qboef9*?VWVvj=Np^v`SZ`s?ic8X zl>2os=sgoI<{d={-6a$h_M1MWl-^+YdQl_=lVHgr%>SNOg6I$70CD*3b#cFu?hwLD z(652TVH|nvQU@cDLDCj##$Swt3Ts_+P_pS#TBR{V%E|^4 zE32M@0TqPo-8x9)a-}76MnwQMBZ(f%83X-f1~qFVO;h#C#OGCrH@$}Wf-7QNp2$&- zy+&4!Kg9~b($kn4;yG%wI9bBwz<+f*Gkz#yctZ8 zv6BZ&HdvzDN-TuS)5k;ixQoZ|tb|K7&=`85b1z{ZOOcV`f_hg7u!1%-$FnhJw-8D= z;FvV}khNt2pqFqOi1|)|q|ysbFayBzZ9!dzQc57I05BxIK|O*8T$PMdXpAZR(*_k( zluW8cJQ|FP0*ZIQ3aRTjcg}7ngT$n50*l)X#~!n7)d>=S?Dmrbw*VxKK^=rd!efeI z82_Q}m8u(+XK&`v3yrm@f(z6kxo2+lf~p^xQlYo<9@nfzULu+D5mO4_m2Ak~yq|rm z=~kV8Ru$ys8q|yCSf#g;WL5;^aP zfg%e35m~Z6+}(lj?WxKx(tLcKQVATTZI$wS-H`fu4ffc|4^~l=HNm4 z)5%|ig{(2>+NM3a)xXpVfz@xvJ_O$J6u__^v3D^UytBRKWJH#joII%j%c{0vUoDG| zQt%MUpHuSak0Q>=2fsNx%Rk$WSH#jYAX=XF`) z+Zp~u-UO?FK0^ZFYD{wVmj>wYs$rR()I_5Q&Mg_g$e+jAY5QVM#(irh+qYNnzt$Zc zPbq^ZV*}^&Y;+k!3qUR5;b>|bg4h-*4)hS)i(1V>yzD5q-XkKv?ik177=#@q`4oY< zw$z9R+lG>;8%002Mk4~-4wXSIjD;wF@6DZdV(R*qoy{om zJdK#sh_@V$D$F&+XAU75bU;PhXcE*`CIEt`DnbHm@74~18qtQ5^MpcuDtqUNw%PQk zuQ`mQfC4`3cgBOS`O>~7#@Qu>`G_&X{QE9%I>i+&gLOA?}273j5?TtQy#63 zJ*Pg;r?p1R2e(!F%?&4~j$baoC_Qk~)|z4$@GD}89(b^Q93Zj&8D>npdiC7{Xsz7> zCJlCCj8-Qn{2f6O7VGB$qaC|wRs(D$8wR{qw!5B30L}XyxO^{E%AF%XlxP|A4TP@` z%EVcTdhPpnUj7Y2Wh}Bso7F$z{L%Dkj?~+NYbWSQ9TBi@B2yqIA8no4(|+ny1kk>M z)9>Z{ysFGo66)g%K}jEoD_oE0k#S3EdSuc$IcwhWlUD8Im_O0C@|6?u;CH5N%1&Xs zU3>8eNbwZ36+I)mO{~rH#VF*LazTvWgA2vbU>!pWTbOT)lzroMoIKi!b4M`=1i{Vp*e?OP}Sh- zcHs&NsBX)OlG7b_Fc1SP)QZibxnZDB;(OO_8tH6)9*V!zM7!e8-G0=+hN!Mf^couR z8_SF4-;|Os6_VWD8qS589K;qt1?OLDlJ1!1?l3Mr-sZokX2V~|p7c&8@~5v-Zn-`y z{#Mk6AtFn?1%3gd(`Sl>^&{vUu#aH;3MdmGZUx9%xhq}8W;H<<9)t;xj$_n=Tfv8i z&&1!D!^EPz^WP$wp}4oryB8Wp37ADcqI*PY4O5|iA< z(JE{-Ec|Y^fTsI|zFq4W3l1L>VY0jy0 z3MZ;!Llr?P&1;nQ;D*4yP>_QQd!G^Y#t(xA8hG=%o!oibOw3%LqbP%)DwD7P@h)3P zjVfEWXx{{V3m2W934NC(^teHW;Wr_p)mGQ1(TSQJ0*_5*E>jk|Z5EGsoSm5IHM6K= zGa!_jN6H+mv@1oC0L?k0=}`Q^t(dRh$g_e5u)##|#zc&q5z*6zRZ@X7Ou!<7#o~~} zYTXrg9G!#fH9sepXrtz9E}q&EhxOhA-+d5 zjJtnhPPbt$NiZ!=5hog87DY;9M!P2yyyt9LYH$E&I1GVfN`sYSQ-NuqdG~%_rJY96 zV+J8ir7)vZ@^w?EY66^Tf(D-C2e!cvMy0>|sP$1TRgI|CJn}0mEFLV<)RWA^IS2WL z%ie$4UH?(4yJhT-b(gFON14Xg}dAb87t}^8; zD+~Bu3#Jl#<#{{a!}6Ij*CjePbg-NFh^rR8v_-kcII^clIhJ9$gg?EPJgm1~xmVhu zeN{PEF1_zbtZ&ilTY{zKG(E{mIs4F|ui7E}3BB)cYq?AM0Qm{f92O|895g;06nq#Q zEE$YvBgMlIx+CwSTw$lh;2>BL7KI$%93Jj?GzJMe(sr)^W2xe&RYW8lS@*x0u+#97(ITpa1&Fzh`t#BWq2FexVfPK@KFk6w^X8n;SzJWQ^# zN+Dx3Qmiy!V>HrZl>J!Q1ZA7(!k9V@mjO?iHa?f}dovSalTlZZUdQO#ZX4Kao72x| zTw*&ndK|aHm`fLy_c{_`I?7+L$&Z>XKsGJ7I1a?ADoACtXZk2h#*{4nF_3@!LpSw*F!3)RwUny=GI2e-hJTrO0CVeqG4VX+ z_Oj~s|6t${AW)@b$(u?wHzV02J-P}GD)O@}Cbz4x^lvUC2^Xlg8=T%%@ z#m(JAb#vGG<*&}6@$XA(nHBY(u^A)N-`%3qoxv%tQE5I2+2gZ6yyLU{l5!`%FW%li z9-N&0SlKwaxb#iP{&jo*eR;jHYhZkKAwIwI=I-(6?59~^%-GD2g4(A2E-Jk!IXa(a^Hp zPt~!i+)p#`INnb;31>XWut>8#$h0Y|Jjk+dK0e5H9%ekuaa*uG%=J2`Jk0aEJ3h<@ z!808dgyMZXDg@J29Tmm!o*We?NHhI^gM9Dc_4WV=ESJ5oC~H6aB=Bl3`(dchF5>~G z`O5*EO@an#Z0(wc7<}uLt6_?kB~EG5c#`We+AMq3v6rGVmvL5e5^jL0$NpFNTlJFb z$#?fLrqkHxB%p7S#)w}f#qn!zLStM?^jc8k+-v;U@uiY+M zoZ{a}S*O?X`r2yG->o=j-+RoMk2rYxx>6h7L)QI@(_6m#-m^Y<1xjcb=cm`JX74=z(g^P__Wd2We__`kE>0YGs`4@`PGc*GC%j-xD zQPJccAn5&u>TJW-pASth+lQ=|5QKI%31dtn26YqRNiex(#Y@l!++2iopcEoZd4k2CJ7S;igv%MOvyxnYb2R6o7|0-qTq-cV^A3ERj=O$bj|T zb{%&zWP&s7<4kZ8N!z%9pf?4tgDwCXJqdtg0YRaefMCcHfKZ<6#Kas6S_J5zaw&kt zYu?=HK}Ue!W6Ff~%uE|umjg+$fC8ri=wlLv3K?`sYr>JGC%hZ`9IBS$%VSB7b}hpK z&m|eMhRh6O0tFZVFt88W@QC72AlrW@R6v?Skj5|L#mNKSmmgC>UVsTX!vuR!X0{o6 zvQIzHE~i+EVl7K!CNu;Js#lx>^UWw1KuysnD$5ZZsA-Z6dD0d|(3=5BzET`MX}=%) zqU?dEnt}4ETyQh8$j53w4~7w{SCJwC8$gAF6NBm{Q<+OHb1TJ^Du3TIsv12UZW%Lh zBz81P9&ZL$0xj3qqw%_d=Zw4T#RVi9^P4>Yi>3%lLs)-xHo;YgfOddMr)Ivq&D76ob;zWEaq-BOO(`(3)!l`l)?AHO9`D=mVPuS&%!oQ z^S>~x&RVS7(Ry3I>cC`rgj=w&mCrXSrtlJ`7JLMh0UV6pC@vd;4L4shaVM-kpJts| zB}T6q()L~=fk=TEgy$z~3_lJ`@|)fQD#Xhkc!Mn%0iM3gS_hm!1!IJj^q2>KGtYa0 z1ad$uiw9E{6QB#FbT&aG2Qo|%xOM_l9|jpAi&4~yhO2rl{TL{0njj`jDxe0D1ybG{ z;|v=DD>e#6eJxf%v{^riKSKQdO2Z2kpaEErVE^a58e078q$PWZ?xaFl6~w9**)m0r zQ22x6FAp}w!}qI?(_Yiu2e8@sd=vZvKImTy5R{I@t>eBuT>Z-bOucg7`6v`+GZSLK}K>eT0&|&gS^i@s+!x;wlJwv;axjD_BgCnSbNc^PtW zV?IlU!2ntilHfuRPA4#?KHI_PTP=S53^R zxB6;t4Tj)2M)&=Bo88`Nv5_I#cp%_-$sqVHdM=my&_4tRj~K(NdcC-Ku|2p(FM2`G z8bMteZNM3E;^RO(sf2Wx3`cE59@LQ_oNlZ4XpBO!#mU z#v|hwXp{8vAQBkR(skGZR4@~inun+hopm_mLxsCE7}HbKmG>Py|0Rs!7QEM%E5fW9 z)TJ3inHiV?lMLR>_rag!Fk%rJoQxMPoahV%IRAXd;cXIm+05~I)Y(Uc!-vmTgx*XR zoGTJh-M?y%Lk4agNDLLgB-`SFIFO$ASGN4Cd<<}(<7$X%L zqZA`#l;J0lXd{)1TDE24m)3Mdqe>W^-a@0by2aSxColW;kP3MP^o*bk^lg zrtnUdEOa)ADqBE2TgoikKRBDOC|kTg`}N%Nr%2}BNcw@cps>i4kxZ7M<%lvlrU_m8 zZ%EX$mDJxE>35zSVP-`-{Y8q!MWH)IT2#g5wuO1( z#TvoIUGT*rMa616#R~()!O$ft;w30%CAh&QN<}62)FnavB?{1`@KmKOyCrSnrF!P2 zfx)FR{iV=5rKr$ll2m237R88_r6b{G3zcPl;$>Z9Wot;~J&fgFcFNo(%LgON>&?oA zO3OX^%Q1J$FBmHzZqOB<92%9RSk?*Bv4iP%U2OZR$7=<6_-|(_gBRoR5?IbPi7WXWHEjvqHdG_*b>Fqu_D>! zlm8_uZ{Q?nh^TNRi>^mcyf3R@EUV(%`-0ha+6j5`A3hS_t7sRQ$X8F|rhXSJw^wbC zGp_%3+hwBL{~frQ#c-@=dsxMI&O~-KUY*Aj@DrKtmtJ8rQU2*k`h8aM%L(mcd*L%t z5nOZ*LUj(*pJJ2=T9}UfKUrl+(JUAW0cZ-f_yUZ$0w6-Ww5rDj3Onn@l?Da*FEekx zFl2vekf_04g%s0Gq%#pWaxuSWA#UhhDPjFn#{Z{;UE#e@w!Q!g4Y7c=NOhtVGm%6! zq10QLuc2^l*Y)oNT#6l`q;LS5!~r9Y+WC`9@SQpN&h=DsAR6Ij+LgtjP+ z?Rw2bd(G)9O>IamgMBjGzAavVc#h;-f|yzWvlegS*5HYjUk%N|r!BcB`XL>y-W@Gq zf%16YauUl{2C=pv)3(Ir=46G|jG(r_?Y5%fHX}m4B0Iu@Rs3?h=F;l465=+4(^lSz z8jw3hWe0u}b4s;-diH5M8A?ZfR!66p{8yCDo8KLscD%LGjoo&y zAo;Rq+jp7Rt5?#=l-WlWlSN$9c3#~@VbDk2*`Kc4kKxyUH_`Y0xK{~^BhdMuGWctL zY;8dJX+V@@P+V|O(qQo4GPr!_pcF~(`|Uxo?LL(lUY#j!(nRor4wz*shbdjea&AyQm%s?;8m$ z7~`KDV-FhVg&K!T8jj8xD2o}WTEl8o#I8BRJxi1OIV`sX@1uFi{(7JXrqTH-Ts8_8 z@AWw#lZ7JtY^+RmB5bldiWm=vo&(R*p;IFijRCWV1n8>?gr%Q^PX1(+I5|N=F~u_O zUOs*DX+r->2?|qLLPmL9JFpvdvRgKG>Z?B#htmGp*TpiWHsjRR<3=>(@})^SxI)DjLM0gtEvZr2bQ`3eAwSPEZOFA+C?j3HBMk37LS4W}ljR$O--}h}n|vYpDADo#ISj{dan( zA8ds)I$}Yv+j`=x)3D~VNQ(i|@3hui=K0Tipx5W$8P1rqirOj(W5x6veF{uY4P-)_ zh8p;Ry!#{ct-0CMbcoovGV2dos3n`#1`-9vn1$H-#w z(z-a@3x4DpVup+A!n#IRqs{rDkp*{QX+ZpO=^c!YXlI$%=cN7P%I*zcu#8@w*3$JC zQdrlt5!C+H#{rJW`gOQOxP&3#f2oi6t(?4{6MkONr;LD=jzHIf+R|CQ^IKgxUqa|J z_aXo$9h&S&hxTgm2D-q}0Ehn8#=(u21_$8Ow|T<2L9zI~ejPWXB9api@QK}G7~PUQ zpJF?Y&R_aQDg7NA9VftW`LN5K4&V^#-G=T9h3Z9grrgOs-lR8LGWlcy`#oB>YaOL7 zs!`Tb_>NsPe3u5&hC970J!&2caKusU0rkPJ{#@o_t(LU|K<}kfu-fyovdP#w0`!L8kP$aDV$>-&h#Kj1v5F}v^4Jf03@h}Z7vbgmrl|@PO@hG zX?xXg9#L#B1vsDUJ}nd8k)PhH>aIvJ+SuIKb)Q}*5W=*V)qYKo&yoS{MtGgd^{41( z9A{q_H?Zr-eufDDoHW9WePI6&h3@S8ys;L< zU;ziN2;K{NL-+JW&qWjIXM6-FyflC#UGyNAEEdibL1qSO{4AG?X?xU1!O814X*IB`+7lFQ~a^1rsoPZmymjK@Cw zBv1I6oP^Os^!ePgg`>u1Eqn73`qv{I_HQ(Zb#zYrZ$M=V%5}<3Y5J9+n`=6V2R&Fn z&v!VrZ@)Ct<=s_Q_=jg`aF(yCqVK|Ux^DWr^0&AOl`nlKciWM4LmK@CK?OtrUEs|L zJc6nUHJvNO z3^9u0`8o&W{}eWq9Y7soG*>nj>S$sJ6|i%h^~dm)R)xM>8oRFsuH z!iv#s&j!DL4RMtlk0^UxADyjt`EEWLK0TanPq`k(q?=|XevAqUtH}1$TtUx{F-X?u zl|b-?iFex)3R5ePg$s*Ys=^@}mxvcc@UEIJIqpO*2!gh->5rthBCZ?&Frfix3>j1k zXn^4cb1GcVzdBA$&6-`h=)mx1$DGsvmQAB`83BHNRYtCGD5Ss0qRnyzGFf0dq)p@qpoH^iHfWZscTzV*4t)hWY zJjhR=5&uWd9HKBmi7frEXE&kII3G+dLe)z}GWf(^_roma9UlIo_}c(`g|MwlwceV8 zx66e*FktiL;Pp^-<@eRB&f(!7MJ?ZA;69*Q#2G_qJ^Kwyi@;SWyAqFTo&!Y8pf6^= z-jvO2QQBAaPml_~q@fT0Z&XYm;q3$lFB?gf7K){1ZXYw-0f8g|jdW zhLoh?+>haEpIR3wiF6oet{R=n<&F_XDA1x9WbEyC6TmA_GV81VnQ2LQ2S=fdmZ=V$ zz;+7kGXlQj8Mt>_eNJy+ zMKPtR{vB!&AT_Jq!LVDIh%qDfGMjLMNJ35Er1zFv;0dJQYgNQqOY}c8Tvro$$m(1x z5EV;Pu~>^S2TjSRNt9?(X2EUgDX39VN@;kGt@9pJp$^Lm>hBp4od{?nEbIiB?}fb zIuj-W_e~!L@me_>HdXL{N6TUT+Bqm?3FNSVdU%}_3OuzX2^b9^m_o-n^8&Si5*JP> z`pc9d~dHCtI!I#}-LZC52%sD09g zXVJr}9fN$kWGxAL%^Jbn%MT!FsZbKkQy>Tt%x99g*V&|=n$z0hKykT#X^B3wG*;8r zEE_4H=5=IIE>c5*0*o^sV-z!Rw()$<`RhIgjND^k=RN6hb<&J^eHxf&x};&YFKEvW(1^IP2R&dB0+``pNQH^#hy8Kp7X+-@MHonz_TbbF4?U z+6G(>TrEyWZ1f*9XBxO}3M)Gg*!o7; zW~%W-^jUEn$Re0QbnvkA?C*ODN=`q%Z^b;VSw#zr)HMxOE?Z>S$XIc;3 zzod5ATfJLd{`TKx@Wo+|W@0;gvx)ZkbuG$P)yH#MYW>wiY0vf_|3SVd$(mc=DL8sd zFm4QXw>V8bI|kgZZoa&d@ATZCKI~bma3dMZIDgCF|B~;&WpM3IwX%(t-q$jCoafqZ zt+ZE$1Ui58KV@+5an0`QDD#|s_6YAu%hxjarp?|i<-^}H`1SnSKjb^i(KYWrenU#e zXD(9kpECG|{MNbhWY%#r+Y@ky zZTx&55%^^L67aaV2`MXodA{uloH)#Xc|quP3vP#^>4oO$1tfc6J5gaQdg0wfv($SL zQ+fw3MWm{Gkp_EDJ9^EFyHRgM;nsRZQTi}w#CD1M1O@uAG{iO)`uOeoa6|hZPen_7 z`v|`FEmVu~O!N`&_06sJ@n!ds;fP=S5#wO)r<4>Q7Z7LF@27DSAF}J8Md_z6>EDZn z^fPqyGtKvRP4qABcCo@r+?|Tk5D#$hNHjA`P$&#=TS$D-ABahSQ!#}}HpTguq^tT2 z@a{>}tqw$k2jnv)er47H6)@tz2ZS{wD-|T;dV|qTam6Lk{*rWpNXg3vMuS16y-w+Q za0p=})+kk?ZfN3Cu;P=rvc}NPFUgoCK%@{+%chR?4Iwr`B$?=t=DgIYomBK|l$;=v zv7TMdAWND6NoI7&P-FP;R4Otf480HzuDVRE1gsufWMwdH@7AXAL}*(C7G0v+dhL?e zOGfn$+RaNkXpHm>NJqSO$q8P&o+-?6xtaJ3(^CJ zB))odKyHPCRkBkyxn!(PLe3mEl^f~*VDFxy>+t)&&+mB0wrw_OY&1q2+g4+B$5tEL zw%yon*x0tUJNfr|?(4pvnUk4WGiTTNKFZo_ua)2WzCQ1fB=a-DIQj|%fQ2t0q! z%3#0%Kqe*F3NOL~k0K%kkdl%Gr9_6Mc%D#uM%4=N4QnJ%1F#X;$|?~=d;&a{7x&PY z(kC{DMYaM#Z8G?k@Sw-5CWtj&C~D<+wYJw4;<2YpATe77$7m2;)($=sBov?;0p+li zW&s|sIHQ0*&x^sVLN7LrB|ZZ~kPVk86 z%*eB*rV=b~Rk&$12VMo#g)>JOI7H6)1a~y4=oDe>6jY}2-W|qyCUzWxL%6KKk zzv#`AeVwyg{Z)FL31}hGMxJwY3B#NCviF1>0xSo}WHQHR`5H|n5GBGXqIoOthMW&(!0v0yLHey6gprDp2Ru#daspR2t0QY5P^lMH%rUg(O>-#4 zXDF3Jg65v{<}oNaIP%M#!FI zg?*=sK=>6oN@t|kp3$kr2(RU&Czsx-Oud`mD)4#gXuGiM(+t7jC{gaEm7iP5!Qx}m_m)KSpO?sBjX7~mvwUsYwS0wnynkg)>_%_Ba(R(hpGiQ!l6t*QVZ9hZ|7ZW|Ug6woWBtJ! z>4}}taiTt};LJX?_(inN<(fVghyEEe-|4*04eB-*rtD3-!xg57W4jzLrj9I7>N zioEB)?Jb3)4x4l=%_=M>GcCcshrNjhTkVGy=ZDcr9OSQ-{>WDG=aWCod!nkelkN|` zgV#O;St({%`KTWqmLExuTOGI_L7pFZu3H6kSt)_7+)%8;NUY77jva)KYjlp?{jAOH ztsfMu_tULYV~!`stOM7rHM)+`POQVLtP>`qs5KYpGfQ3RD7^u^Ra0pvDu5X zVXinaZ?j2Pv>C9qLCUgWJUwBZJjr^s!9+TxC$XK9Jn0On?MrIz$FUyVKlD;G8FDik z7FrufI?boD8dKyOFFFO2K--nApANE|E)kx+2%gQtM$Zq5P8EqR*>BD%ep!SS`rReE z8nQmxWVbN*dtFL!Ey-qM-*zU+t`gRM8w|g-Pr5&NvLj@8sAzbkzqzY^?w)7AHgO*J z)gJrQ-emstq-*_5zwtud_NwY^np^w^EOOt(c`_;ZFe&mxL-=e@@scF+YR`HNHUy&> z{UI@W929(m6$M;yLXtW_NMEFhT=IW#{Q2b)M#Ju_38mAH0E4_tFJd1gP2P150I}%)DGFoGD z9%Bk=V@eHUQg?7CVX`m{YBSNI)8)A>^*1|)Sm%XIXS|=z+~U_G4cGHuojJ~(>A=^U zBsa0hH>1oqzvONN^>2v$ZhWI|n4816Q5$(t1^K0g1;4d_Ky~CxzG4b>7E$^jTx`lr zdt0A*#k~9V#>Qo3;On%v%k>8r1rnDcl1=$V7Yy=7g$EY}_e&+*J3vgg3eVl^*{zz! zT|3g<7kAfYraO&f*CzQpt!CG1+dG{_SGXuw8uLw92Lr=cm(triBiwuChdcdbV^cUe z^9y6M3uBY&+fi3HV2B$q>E7tiq;<84U9qJDPn|)w8w32k6KbQ)#l5YPo20`%Bm zNF8zB_h&MoQZFr!}dF>f@+?#hn|ZKJi)mRK0~y_ z{Nv&~NC5tR@!-t_!f-&d##8X6XHoS<{-Q4GmX~C`f6L&O zYygSSf6CyN@tc4!2qrY7e3fw#bZoL1GWNKBU>G(AkVqVsB9#N-n@7M>;2?T50?YO3 z(T#C`wpi%%oXjoVY$QIpbAb~ueoz83*&ccmi$S6kTF~+p>{x>>0S|=U4p`d!G}~ZJ z3#)f>&%FAVd^6Tou61BrUCsj0Wl5q4cuB_Luf*vI;Gdq60h+A4*;15hLLXZ>%zNbF zXW5{fM)CYk}PPpae-*+7y6&GN(o${!`R zb=pY^tT2lw*JmMiv+Upa?oVgSZHoB~BQ~gEzEN_*=gg`U*VSopQ~6Fb1;-DNlB0q;U`I0@%ndWVDq1ay zwPM?-AhQ@qTh>Amxm>uktxWbvJ?b$?E&+iBjus6H4u={kL62seq|S}QLDwpf#75{3 zk+K8!LrO3c?LtZ*0dHX?U_S0#84{_0_)5YgF#2*;!;-XK^h9j#d=eF6g>z2j*Te0kz9lC-KxUKZavB%+ovlZpL#qR-kW9HGG;K1==b)a( z4_15`K0y&@2g7z-q9sbjp_G&k5{Q$)0h|F?(t33%PGgn%=o}KpGW7&p;78Fv&U$eZ zAK`MouFR>d@gC;ZKezUp^aExP-6M0+VN)pn2UrJ4M5V>F9an@_J!W>Fl$sKg26L(c z1RvSnt$GO+xK0kOl}t^{5-#U{A@m1J#buwj-E=chD<*C;h;W^EJFk4h<=Ja8Z-y9Z zFV6oq+69?Y!oMfxCloI5R!Cx-HtuO2)n)Bv7Ggkxgx}H#k-$j=1&9G14KxB0;q}6C zLP7D`HuVAS>+FVm%N2*3drzlQa^&*S_@qkm7;7*$@T>lao z$#bw%e2fbLQtP4&IXW`XJ5Chykqsv(Y!h16P!vitCy1I2f?Nd{faa*||1l*O)vrVo z$Es11s;kE0N5L*Bvv~<2g&i3H2?T%;>E_>8@s1TRr-(0=A6fmbIib6cnhl>TghTHG zvK=Oa!I0ZS3W|id%wx}`pCprV&e(5=;-rZS@-Xph2i4#tJ=q^R3k1$+^&T34sA7wlcB|YjR)f22qrQR8o?zZ zu>1lfa;1| zL1yrz*D_xz7tq#~QFrfse+81c5ioqB|MI-peXL3u#KmN6Ri=4n?_Sq)Qsw@`Yb7i0 z020~95L(Y7kz@egurnBlJL?_C;(-Q59@Y!!xP)PAIduj@<$|RCSLcerv+{%m1hEQ3 z2Gs!LfHx$!-e%s^W~FCu0Y#>}fn(b6_`xnjtzA2(6{pE4m09@@eEzE2T{(>#k_CUe z(Q9xLnT_3v&JN!q8YXm`&mE&-58qNRNmA36ptCqt1y;2uGzFOoE2}5aEKq_Kz-}bN z4MTzPJq1Y30B;+t3`6EErYRGpC+9iEPxiDO3VSM;mXL_I5j2fULE7Q)&+}s-0FMHa zrpBKwNmq6f*%F=EZtyb(!*5?lXQaB6uzK2+r(52Z4Em6FMXa?$M;yOdrIsA%LubRn}{_$`cv{~^Nwb`MJ= z$mFN`QXc(oxYhdEvb6(bwV9v71~9V=Oe!OQ z5|G3S0h*r{pHR9HNRUp|@}Iq-P{ATSUs=%N4mivai(NB_NdRF}Z~mCok0n-bc#^E6+@zx zRZ;qpl^XbpN@0UwMSiogF6I1YpM07W*3-=k1s=KDdlAQz$mzJt)cqv64~XhK-P2=} zn9VvfG83SO+=v}|(Crh!kT8eHNgdIdstavLGRMw)9E7ZXQoZOR-$2lqt2cN)qwRk@ zG8XJeG+?P))Td-f>2a?mj{Hoj>OoR`yK$(c*J_k`l8OMv?>`AgD1BW&!%y9;9BvlT z1IXy*!-!notwC-pU75jOgXh!0;hC)|#J9Pb&y}R#8%f0r#z*nqC&kuSu!A1_4R-K@ z)~|>GuaQs4u*h?u^<|NB!G%p<)K|NlS9sDl@}RfGoW*!VgzJrqw`>>&0;Ivs2OoVv zkUpH>ChG6aBd(m|Pq~i}BG3dur!yol+v~TjIqr73V&e*H(A{M-Igmw0!_4bYIQ=`= z5*rN}UTc8sO^}ad3V`ny#eOi7pFCy&8R>!^3Yc8<*6_(_6b;7+QI(W`KI%{JZKiIhH{iAh5u<`S3b9|w$&gP$NJ_{*hX zw0|rRZ9IoY4Y4d5#n`tXP1y3EBJpn~IfHwrBzR zbPc-5J4&~dK&Q(;e>2r%ic7o77Z2FwwWorc*8oN>xY_)Agwt5cA}s%ol$^}!%>I9L(0u9;B(A`uzt zody+6eQF8QJz485upohb1hgJu&FQG3W(zMRI5)O3WRt z)7`rUY=sDHn-08iEbaKrOsI-@dv)yH2qcuv9E=NReJ#H576tS5d;C@hnIGD_9J+#S z>Fl3iOtTJ5Sqg0zzL>q>DAHvP@Vs=J{QMP8fGq)C`GR%Z>3^+^zOZrxQ~+0eC1!aY=76nY3Ci3a z=}qYv^0u+kxXW_H7|dYG3eM>=)XVGy8HxgE3+)+lu*!ltjzitbim#F6lB~18GnDx) zmTA+MWF?g49hcKAS8$kDHkAeTTbD+ZiLO}-K9`jql@&uWRt>_`wvkoumw{{Sk88zL zYm1KSBh>1x_3QG68|>HXjwKtxM~zbDlAh&FZZ?IcHiZ%82XW;EX^br#zuN8@+G4ER z_sfa~%e6}wJHex!qXSLH<((v{t>@*L_cmSYk|Egt*E0BNPgQ3B|15)pZT`CqzCG0q zsWS3kW$+RE!m)pq!TCNq(+0J0jHEjgOmfOw0nc}H%@%G|CazgvhP0tz5Vyb_U7(kSz||4>(8aN zt%cQ%%9fu~^S`@>#+!QvFRpK$!xN9rE&`IWdq=1G$7WjlhUb>okIybA=a+j%CaYV! zU87Pa=a%h4ezf!s&HY~YPt5Kb9KXJOSX|wlnqS`DKk|r9wGIB>)IFG4UOzBC^PlGU z|9vU`|I;V`1JM5i&?_1itWPRi_RCJHI_{58s=HwsPiy*dY))&3Y06LQ#<@>U>!+m{ z&l={`ZO$5(%*)T3R^3j{nm0oj&s%nrY|dK`i^|X2PFb+J+b;(hFFI~VSI#?47RoQW zZnjS@l3!svE`CBgz+Xtcy#w?FIGcpaUNrt?M=4ZkTc_`sCY)F8xbC*5gSd7?pdl(m z_&Q0lY~AZot}=O*QKEXL`e+s<=$qjW2TUdt81PZ`lOpBAUnPX#>^LLD#XsN9$j7EM z^s)0WH-;*y5#7ycT4**7z5{fwV4cu^0J<<9_ozv7WmAB~Ux0q{&@^H74$whgA9Vi# z=r_qcGyec|-*1e>?*M&Fg}pY`D8 zsN~-Oy=I7|y(`y1vrV*_mgnC9oz(jbXJ0YyYN(U3`yHTPyxvSpv%cNVX*j&y{Wn0L zqg3+o*@jXUavJ?NK))Q?czfDu))0E@EoA)%pkKUCAk2|~kBhTj%qIDt5py7Mhr40< zYP_JR$h?pq>u;zo{qe?gV0l`)fU?s9SWJe1k21X&X_rA0H=A%Hzu5ec3-nnFG>{m9 zz36<^!jo!S2m`-*{o$cQz`_YeXja3#gxsj1^a7hGS2!PVQD*d&q85=P9|fp5ltSfR zW5$}68q1sgkcb=Mo{i1TRGk5fpM1iqrPDrGu;Pqej0XLP)KXc zEmE(*2Oz$`cj1A_y4yKK&=9)ipa?hL|D=FwCxrg&3&;`?_-B?tlzynoXA!O0Qbn5W z@$lfNUH&hg#GdBCS@&2#;3hVte;6no0uKWI{r^Ywj&jHWfur`%qpHcUfFc;ZrPQsoWG5C3_6#3aoq$5xzK#?lEXcUWg85Wi+hr69|<|>o3)5zrqwb!=>No zw}PZ)5NYNUFA?Ygs+TO-Nc|90XUFYCWN0m23gbpPt#IoF1{SW$ zhw+1Ubv87dj&c|{r=E5^GPEIBKpkwnEr4!iG1KoZf(Y4mQXm4`YxD$$jZ6k=9Xl{^ zcvBA<4LocOHLV@k!40TAvjuqY;bcc7*%ow0SnU)B;G^}|r7(w?^G2=?E2>wuzcJy9 zzvv{vEHaQ4iXxv900=v{s@nD#-LIaNJ+2x%vfdai`?S~c^_m&vVY-o(BLay`@AN)X zhoQ6}07|!;$zFVM)m_JQY9E_AHN9ECY$Jk*yCdOfB(46%(l-k!!Y4P)s&7?8jaX!oC>{GlQA#qc2ELM|aZ3f;(9{WPL1ba&j>KK37HvUtl?)MLs8 z_W;NsJ0d_P38P~`X*L5Nn=_!b>2-;7SJg7Q=q>9-Et1U>AU;+4GH4Jp%nk~Oq}9cu4JmEWGGzL z`OH`EN82MllvWQ51=B+QvjZg!nO~<{oTdD-+pxJ_f=N*g6&4C7+KbNyDNP0?=$-mH z|2(dua9=pCS;KZ}3)bQ^)g@1ynji3KOzBV68W{hE#S(#4aO}lI;#l<%_0JfF7HQtP zI}4B?2a?A1VwEVvFzRk4@2xKK!eGejUC$=N;M+4T9+D zL{UgU&Oj$aNmPNhY)*liWfWjcv&4-bPbknA4bADXJ^}5p2x_c3!OSU( zU6A3d$m+5Ow|=jBx}Yb~wwi6gCg9(%yCOVeaBmj>Y%};*=+;7P(yD+v^M3pqJ?6@| zRf;2m^$71d3ey87wG!XIciE6GD8%vcIPL?6ISV=AMC1&#@pQzk~34_3dn zdGejnet`cD5eMs0>VFf1>z&!N{uIOsp>LD&dU}GOe|wI7Z*67+SWSDlTR*(576TVT zRC^87L+IOq-a1wd(MIJA^yhGg3D?120HKfND-%Vf|$|=bd8VxaEbUvvxQD_&~eH_1i^&wiLS;{k303FUSw)n?S9XBfz&C z4#X|(UF(jv@=nq>eIfAtM!EdpG<4xh+}XB4WdQ;9(Ej|j?TEcQjrc0Kb$8w_7-5t}#GY#fg8RGb13?y6teDk-P?{I}F4lmo0 zSjBL6-^02>U09^dE{)A9=+I>ES>$Q35W+a?Wtba35;wPC6v04ygY0~!9XjY(dp)93 zHCcD)&<<#zKPp2w8N&K*!jVbE*qfVM7Ma_^Mx_A(M)xcxG|`cV6pN4a5ctH)G9Xe|P7^@Fb*1obdF_ zl%@RR?xeKz6pUJ6diGQSW-C%we2Nde^zZJR`iYnao`N5rUX+(e@Q7IWiCp}N?h`(d zb%7S8yTkT$}U|3omElvdW7Ry>kW*veG7Oi;m_ z-hgj=Y7w-FkzS#a-m#n>@0Q*llAfNIE-aSeZk$0yn_>5uHX4xOJ(Ll*o#8@}83oLg zwaOe4%LKf?Qb*@yI&EhHhBCG3v-%;kzDQ>ohiCN~XB8A@6!d12a(63+_=$kXo4D=x~5gU_F)$^Z2!-)}olGaw%`FCP~n zkH#Y3xi{YszMzq!0L{37AfP}sub@h*z`M6V8L|+OqLB4Czv!UAL9Ea)u+Vp?@am{= z2)<~9w&?9s5tnu0xkV9FS&`^y5&dD2SzaMOLh&b=;wR%`gNUMruwo;MVvOx#S;&%! z{$j8VMTv}Y$%#aXSy}NyNr`?yiNa_J!cmDHWa*$(X^wGeYEUWsXlYhnsmNX_Dnl8@ zr!o!5GWdWp(Y!K0lQQ4qvee$P7xMBzhEfLj^3P)B(0Szoz2zomWqO}J{)esD|FA=p9rL~>MwGd;qBgVB{RCSA1b<6N|d}4K%J>a^V zWd@dXD~1(X_A&7f{8U^oxoqC`hP&xPFZBUQ#r%-VNQ94amdwj^Pc8FAdfC z4dvhKO+_2|j2g528`p9h4SO27w;IzRnsWLZTFIL}7&RsPH!b8gY4tR*ZZ-XYXr3i+ z{vz7UXw)3*-)#G-p)rEYYX$FHWU^0txoLWHuug4gdd3uQOBPL|!)Oa+fRr+SYXTt~ zc3Mkhdh5*R){K?bpu3Wkm8v)!6{)?}BDvON{x%4w-?@uN9Z#|ySA)hOqGct4v)|_o#-~G@CIZabf-Y1i$dVQG(d#c~ zCm=A!hjk_1Izo0UqzwF(A##-E7nSEjLn9t0uf`|cJc7er{ZtpRAIB$tc1&%&PDK{Y z+Aw=|bRA&56`x{^Tx5qJf1V?3w#`Ld( zbs9aNn`Z$zvs}Zo3U{9$kR~;3W|VY)DQ5g)fS6}D8r7Z&+`5aT6GW3Zn}+W(?3MPx zs+_A9`1Ngb?i<-Wo&SOZ;k4u)Hkl0CSn&KWT~_1?$EOFEcd21CF%uX+g^Nt~>eD~p z`ipc88_H4#25;_~h}E@{)m@Jj_=wF>IR(m`3FyoW@*Ow0T7W`djF_0GC!P=^jP>Oa~|Dr))ak-HL_noZ&lZ5zRO)7^2&FL>9=Hb>|KH0 zDwr$CJ9@M{8mF?8)s<~=T^%jNQRmh;s>g1*PjHE(a#^tQ%kzK%E%TgCW@v?Fh*0rY z_UPYj@(b4SYmL%Sp&;Ppci@yBniiW5QVx(u1QI?Dj?ECp(GjOt@Mpi?5=Ixczl>4f zp%FG(>{#XW)5p0<Uy_Nv~#N7 zq`p%`>5>V=rODab>P4l8)>(wgqOq>i_M$HiLzOxWfK~8v8!|WeADFJP!$-JvXt%1z zZg$%n<;=WGnibg_W;%rjn9IKl zYzOsNXSYyJ;P$z|evjtd3m)LDWPjmoe+l`(Y-sypd;4_!8)Oe)6&F_%<@@~v{%5@| z8x%Y{{RIcbV0lR>&&`bs$j#&!-?t%c=-i`ANO+X418#61pU~FA%V818QArmo0^4t> zT7Tk?XboVNCVQMr{hT(IY2Edc`lxNQ-0iWyWpph&H21${^ijVP?zbZ+xpSkj1?!2E z)bNdB67NfeQ#BOUgv+z7$8cUt@$>HUbBV4qnD<{#S14$RbBLN#vzb#i ztMjd>bCf?gvM5LLEJwsBYp4on8ILUgOQnhXvo>%x zCii4m4^rM?IxD3x4${vY=Ir)wT^GdyXL9!MFr777`JkF5=3g-V~CUVxXMPyqt&AtJOcfUP}5JOB)$7clNJP&5P!19rN`zb^y@ zl^*Z?A`KFRhzFz^H@uV%49c~4L~{*+zzTV9jtAkZ?aL>lTKxs+idllbVCb@&Ez&%R zKoZHc&qu073Yo`DvUB@tWnU`w2hzSUPL%3&`oR#YpDqRH>7<#3CD~3!!SfIx-6$hT zMRTGvxGZybuOyocQ&Fi6p7#YaOMaI57!V|iL5ZO*qpZwofcAcCSCB9*DTkWBa1H+a zqIGLoC!YUZDpR|0spOkjbqKM}{pn)8-NvBc^WAw+>rtDTOrLx&y$RJ~rYDbxQOFOI zEYGn0BIkWrB>{;UjDbG5A%9$^t7!>Q)imEnKP|#Hua%<6x=_+=7n{55vyEf}(m#IS zOHVk^C*k=F6T0Zoxl8-%o=fZS?&LHN%jhHE*Aa-ZkKV)n&`+}DW@+*Pko9|Jnj zBN5wzIEH9*FHKq& z!M)guw};Ro(V?@$H&P<_99Z)t&D8WDJcPoULdPN3Pa#1B!}qzkhL+)wbYA_&wW}$< z_sh!Cl_!wQO~Y)Vh8uZ3`a)xONr?VN@1^yif0fqJ!pQ8=?fH(_=>^$xZQ> zRSxA{A8JioP0C{7`;X0o{E*nr7Tdl-;Mj#Gt!lrTnC_Q z$eoIZ0Au(nI)c8YE8OtzYY)9O%U#bC@VY%}bki(}F3!Y~ zyE|$E$hbp@UULxbyP-nz;6P*o5@}WIID3$xH=k0quUt33+zG2`q=2L zq7wPilY70Sfo4Muts^+MfLa^+iO`>s{ID%cZt@PpwY5YK-V-+!bTBO4q{^h{V#Z`J zBB|cH{{@vjvDqsDj+Y?*2lsZNXx)3vg08maTh;qTr zZF*%Io-HG!9Lg;R%-Ysy;W&;X7kpWM;|}kah~NeAc1bYX5%ZWt})BB-E=K9ixC9|n>t19=UK&i?!2(?92jM6dXF0EnwQ54tw4 zmxLe(5)IlYXnF3yw{3aq6C{}rNUrhDsjTH3@`_+miEcU$Ydsj%Z<%I~dD?Bnu=&Dm3z<77I+c45HU1 zSA$|)(zH*i_qjWjnjpVmxkqH5Yq}?d#}DHw-oMh*v*Yw z5KyJTr<(hmKI=~NC3p5CpLw52X+LdKwbfb82t)BH>*+tVo30g#1$HZkiha)e6C4g? zNt=mwyUjOamXX2aP`yKG?(!(S2uEQ$rm=rWLnc+OM2c zmn6nFt7^lvIhLfG(l12TUknC*of5m2R~uVvWgpEqHceGJWs;~X@qT9f?W(D5vSqkY zvpBGDTN`huZASUD*!RB!^u|s*d-wO|IP3$KTBj}eFm1Jk{h{uc-l_#SbY<-##J%Hh zbKLv)i4c$4W#$EQO!~&Oom>2hokIZb>fh#gVdup+(%>y*+KHII0R6o=KIAd@7oZbq zRFbsxzBk9ezXSA!5D#QE7QWbjn&W=~`b|t=#y-!`Kh5#4S>jfEZ=R1+!9p%F_p67} z?*Kh!|zIpww`X}3o(R*`zv8yw>+4tP_r?)s^*27OY zzso-i-dngEk3*!H7x6!R_IWlu`rZ9*3x$1`MY5k4hy3n03VhDoH(oZ1kso@5{jQTq znHG4yJJ9;FT|o-d zUblPd65zGMaJakiRoNj$fY73r)B+8CVhMa=LGXh8*h0IRM+hK3Wf6AH{!j9P z68-Q@HR#4x{cSn^;vzwzGSHMiB;K3jGxZW_j$xs6{_xImk{)5qXaj^y16sOWY6;=U zHSana#`d?wJ-dJCp}%IqfYF?gP7pjl8z?jd5_~KPvVTP8Go)J%D1DfFBYlF}hrdrXv|q9Zo)jmJkU)DoQJ^WiqKo zt9Cx6JdLDDj5sij7Oe^d1U2TmjF!IgmiVxg7mQYzvQ)^kRLzY(w0GBF$(8@;sO221 zFX*n`<@^VrC$!eNjI|`lWvY$Ir@sSqx$wZTj@_}Yj+V9t&T6a=8FTzSt2BMk^2L<$ z&f@Yj*7CW!k$lRk`s z_dAu=cbe8j%NcAy4hCZn2J;ri$@6zMqe17Fagkr+6B4mow>6ulh`OaLexI>ZR3<)K zg=<~0%$=g^Z6%UCC4%eXjYQFRUZuyVCb=ahnW2?tEGgy@0C0xPyL5QYvsD1)loZR9 z(D0P-QatEL+~{~2JL8P@N-?ciqs9>?bc}CG;@|{>nHopn6$GjtG(_=kkEzOu!QH zd+;g<4>jk53f`*dL z!K;#;%m#A;`Qd5(R&f@87aaXg$|A>db%uB2AaM7}{1cQ17*NgqHOs7!!|KW*$jlm8 zQUGY7;v_DI!=wPdKQ1qQ)_Ei6NvsOw8tS!o#Bi{OU+!I!wGa@$a9rV za1%>&H-7JE&(T(>eTwc>)0_WHjM$A%gv+JI<{C~T`8gy^H6l&5S*9#hvy3tLv-+3$ z15EWNhS^V$S z^oHlmQ{r}h51G%H&Q=Qi&JQ}IJbJ2(hi9=vR{yrA;l{Y|0Qo+*G+^KbJcR^Nud#$2 zR*|$W{*WxXJVw7(t++t|-S#d+LyUjmowh#E7xSJnP;*lntk`QIWcwGp;rVcb&Lg9>N*7} z6jmVYbX+5KniaZQT^kzbX*;n=x*B!LE>}$9SNkef1P4}r7MAsJHT7|g_7bxXNa_}X zbU&}iWkj!%q_1+1tR^(9jtQy^y;V$@jmAOifu|HOXCyJ_&SVDHxaPU^ERFQGnDhuw zR~Hr77m;U{&qUWMSyvnN62sSODs?N7*Egbvw-Z;k68Sf{*1NXXI*r%&#q_^KuJ0$N z9)0OKP!K!Y(>n3hJzpz3CLaHNx4sTzP=T?r^J!y%c>_gf1LJD!F>xc6a^wDNeK2$5 zb$%nd+~DO+`xLwV4SN$Js|9>#uZZL-x{klYWQMQ6Saj4ULaQQ zAe7=J1M84a>X4obP`K$(WepJtiBax@w`!EPMI(*1(zjzOjT>FJi^sQV?;{u$^*`Qj z8zJwUnr+_^ntT#8A!9bVliOjoGx-g(!@R%k{oSO;dxt`Qhqr5mx?^X&!bDIpUKqAR zNZ(k*O^}U`S=5gcZCY|Q|=jPT;)eh$Ec1326gKSPQ;w~gI zuG|(sYt7Bgh288APWDVZC;6ShSu#FdvffSnz9=%^&Sm|&vq3dl) zZav>gEK(kc( zXuTO}9qV?)=xxnEVO>{l&2@U*xpvHtWWxfsh9W+xW;|h+Kk?GGITW-Zu|Fa7wt4M5 zZb-NBi#%x`wV_`<*^xXftvb1HvB88rWo0_;j*0Ht*DaN@trxOgQ?o7hI~`Qq^2)Mx zBC>^xIlXwb88tr{H{j(_>`%3lmy`r5%d%<0GyQBTnt-+&% zd;Jr2gL8e}3vaGi9l1r2tZa&~}b1k&f^cmsOdL3yO|YotH^Rmr&1+ z&`4K~6PIr*j)X!^ME4heNHzdUedx3zcvHCe7b{rOx&#|0+vZm|tagO%=NKDT+1*Yw zH&=#)*I<6<9%k_Mg5GtV!nHKi^{TydmG8Ce`Z*n{vvS{cQie0bxicf!nQ8s{80D)& zrLz+6S5(%o?D}6h^sktb9mf2=ezb7pU3B8RaKNSQ<9ttITr_YS$cYT82@C6qqRNZo zs){M;Ner0?uwJmUiby?}$hf;46uRtTU&>9nKZJX<-)yF#oa{Wy!*Up zpsaDH{vfC7ey5o&_c{4aJ62A;`A%0@PIK{2zga}PT7di15tYPE;lje?kFEl%n<}cC zDe8i`hTA8eFXo|ghC{arT5d@r_rQdE>48i0;`>Y&x5{8QT{w5Ui~H3^H>cQpr-xa` z&<+=#4QKG5duwTT_n&$`w0d5l4?~o0o^X?{u@9K*ZWzMu_KOb}b`OC(9^TR(em~tq zEI2`|eEtva0mU9-C+_%)kEtOZwo@L(D;`Sck1pWH5Zs4&TC+$Ce6^M#0G@v`BxqbF zOvg|i@IPzlaTv);NU6n7fEv#xF85IBCw~jiB>&*hk6wUB|K!-<8%w75(EN2 z>|^_txCoZS2?9tMNg{Ci^_`)&#(IX(J(m>M6ZEn z(6-+~FQtcnzWDG?`70>3$x4PTO~t?i#72)Z06NS*f}yeoL}0rNlI`Jt zH^;Xn0wLJ`Hpiv^HpiEpKvIaveU?}slqFySDe(}f*n16wp&^Ij*ky{w`$@Bq?sJ?Z z@*#i7CUe+X*3i$DU`xtYT4Phl1~OO?iGd5)4`I-}}9AjH0kW_Xi&f}vKXdsx!yI}OG{$MJb zn5V#Ka5I4&Qpr+c3oUpM4syy;Lalc5eI*ws;#|IQpy6~ zo+hz^&I*a7sL}PsqxP?p#u6hFV&Y<|7#QMUr*G2eh_gY`_L{D`W~sjyl00#E`?7-7 zimd~sg;@&cK&05go35B!_<%U_R05STUdqT`0TN#7$A^3RZ0z4ehmtNP^P$m{@(_hyX!=c4B7`o4AxDu` zw^$;{ER`W0?OzJrL=_cth%%`t&rC8;O#0pORCbWv!!hWXp8#-epp!8J?4)oDq;IAk z)XI8@KRS4NQ8B9_dK1D1NvCi(ypp2J%Z-pO<(@sQonk|=udWHvKZN{iBddF^#T|Zj2Z%5Z^uiJkmIeYGHZh-Zok@T?csc#6_w*zm z*~`tI34y#n=uu>q9pbQ+Vpmt`#SimnID0n(t)(K!N6(T|f+!5$)Gd|LY~t3n1KfAvKfyOo`=tw6l&fMpH*&+Vu$?3Hpl8BPi6OOIKp2>(3^==mT6Q z+zqoXp*^mIXfV5ZMD8FOMU5ctO?2=f3^lcH@_^)PFt(lX>MZ#T4L9Yf7`)PEk3RK( zzWIYZ`3nkzyrvWH6ocC~2@$!2GS}%%#Q%EOEfewOTjjC&2@AGtD8Ku)q|M_q{#qy>1g@4ZrE zs1unk?D?u#w^Iuky_M7Lx*8>_F*xG8&Lfc!cyVIFeZD?8MCm*fvR)8kE(gHw1BEL0 z84->yf>qzRu*imd2Qi7!$X7@mW)1-Tcx zc{yv=7~L&{^eepUdvcyx4QYM2x6yl>9DVH#)J~T|_&h3opHJSxa6r`geBtUdr!;O` z!k?;MO12?d$^il$dtMrEs5?2SDlegwvOzjNs4{OIw`@+S--3n}$ew-nmC9O!R6iqQOkUwZ%Pk9`b~=G6%&!jaT?qC$m{(q-i{^O+M>uTS;P zhCtalM7IU`V&dnKiRYRz7N0h`saT!5I6w0($_z63GX*qXTSn9t7iEEMSXk1xWQ?Qs6@VFIGWEP76K zNG#^hzS*?xMcMDjk!~z!Zh_KK_aeVST3P6wigCX2mgXsX<0AL1pEEzi2{FpUr^Gqo z?1Y3C@gEWE3baCB&>HTy%0o3xOVr@{v;I!$gx7@%BocAW{q%Jms_G37+_bB~)yhV1 z1=y<-hQq0zo?#a8Ct+BQ@J+0z!1jZcK%XgklZM9H0_klN2t*FVmWJ*^aqz2tX1i}( z@@7|gNDvd>bNvi5Tx}E9JCMQiSI0BjDJE_&R;|A$u;DnR>Oa1XBnR@?1%M2C&rLDW z7&f_QYNbYjd9qx$iq8utP{3oYnvvH?k|Bt7qT%RIM>c#S`8m5pWmmDAM=*@qZqSo0?1^F0I%}2@?pm`$=2?pI_5H@VSNKmY!xoFR7FWXnD&t$Q*T&bS z4LKi-ks!tUsiinM$rU^kiQctUC{R~DI@&B~b;tIT?7*4r_h`jW7R4LH_8YKpLLW<8x{RHTl&I; zh#CdVnv5I0af(HK4o4a9XabZOQ_rVkBO61$-@w_=Aj-^vU52}?N++>0gGVL@_?E7H zwk1~6U&J{J$xzV%x(zHToE{S!9&y1|Pq`@x^44-!ZlCGuif}J@i$7>1h%|0*EA5g> zpq)IjOmU=+8tBNyJtz4+l`FwQeZ#Yjp1RHWVSytM$%O;69u7!}B_8u7rxbxjXkS7I zoR|!g6TgD= z*!6U1qGtqZUOmi3ZBV_!dbho4Xh2Z0ybjtSJ4fV!?4SvjX*GZkYq$D(S>_tLrj73V~`AWDchhtg!)r9dB3<}Fa2rWHmX zv&G&c;Vb}UPfaq=T0?_0h4%TO(3W2i_S zv>Y6y4Ht}`Dy=&0L04e=+UgTn0M=W2-&>u|&JLTttI%rP+S-rqv$l1T%WVGDV&rJ!9DgQ`^Zh*nNIol5K~OE^=HTWtXmAk|!PXy`wnah^fty zsjwlT(60nUXy+bMQe<_Ul6+j4TT(=BSNZ^7jEqoPuv3;gTH1e9-l0*RYFY-CsuVe{ z5bv!-wyWAdHpD&IMY9Kgp)B3yw4W$qDikQKHe;wWDyg9kuWQk7FgnSwI;j&sYQ%?c zBrk3BGp<*cZO%1o63}SLG--}5O?zkGTC&qzaS}9Y@7{G1GtXRob>jZOoV8urF3sTd zzX9lFUGu5`1)vZA8$d@N>m=6r4}g9;rCRn6K<6zp|8IbP7tMbEt@1vT{l5YF|4o1% z_x}-qE*n}W`;}X6;T;G7sP16_a){cc`hz0pXliY#WNK||ZjWYd>gZ@H%)!RZ!_C73 zu)MHdV>o`8(3`sl6W=fYT|zIe`)`O|7?SdRU}82Zv(P^wv#gA#T`RVx|Ibw6i-}7j888r(Ap}v%h zobjwTOHiq3b;~x5?G!6YJ!dzozlWYD$6XIH8o-luTjjSKPfKSp8~y}-S(|8B@9ws* zsK#TqBW2bzcTmLG?)MJWDq{AMJw!71k(|%(57z^tV-Ahs%Ks^$Lm>Jiq)Jx7eiWbT zhk0zY^q(d4ndsKM7LwkNZ+{|h{_i3BW+*%O_Xx!w>npg#A6mb5UP|Z}1MGjEu0L0H z-23FJOg`&Y8$%#EYBqo%+j)M8@yTm?1BC90_XqDH05dWhmOe}vo_bOl*??$caT|o} zeeszRHRqAVQ%u0p$%!-qeBfn$U4)(Gl zPn(2t6H}Gy4AwqziU#=XW@qy?$!bqWt2Wd4y)GUCIlp$!6v}uNN@e9k>aSB}4J_XNzl7-H!qxF#&(qDQ(HO^SRDUsD*A;?5 zKqV%kBUI)NfLvN z^OUh@offyl8kO_TiJ!ERbc@ARyxIYHSliB4Gbc=Y8sfm8;r zW+p=%>ogc4nMw|rK+T&PxS><4uPC}h-CB*AZtH5kr5u~`w0Yb`P=+ujpBp-O8ok#l z3@MP=+v6H*eV}q=EHh28Lqc0;jw01BG-?n6vT{g*|;=;i|hzwI;lm-*~%WkTe$%nRdAIvs% zJ{CCq57S|*xUXJ88Oc$GAu4CX;&c1M$?HIaaWG%+zs}+xv#)q<>~->%)g@}=c&H|$ z8D~-C@%}GF*QHkh&3jE`k<{f9yg>BSNf(PeZ!9HpEEL3vqbaWZYV)IZJmUD!^=l6S zG)l$qGBddq=*54`kAJ0KPE|$Mmsty+d@5fSE$5vmwH^Dr^4U@A7IPMVa&=0)IH(MP z=)w-BYb~OE+H$ressIsp7m^A`n9~j%+y`nLU?t>jBMNpfr4I;MBU>D=%qiITn~U)Q zt}KV!kb*J3WK(szCF_?!J3L`Q-9LULrde+ioO)1RqUc>P9OoV<%qb`ox1gHM3s3&0 z?du2+zJoob;1iUzC-mQuU}!&chu04b!@dy}y z7}Ow2WSEO?g3gOoW{T@9C^8!{gb#~8=Ult-4Y5OCcz*Ywt$M+QCdtBKLm+y^Po+4a)U4`V4M?{GTOUJ_5G4$X=YXdq!oV;bILD(}g zQV~$ipA zSQpsqFGMf$Svh!E`?ZgEqyN?(SY&!A`cZb>De&y0{wZ$me?s(;naqEK=vg(-qY!}6K^KMAB`|Sid695AW-Ws50kgRO?@i=t#^aKUTBHy z-N-$-;D>VO=TGlhErSVx=(~-W8wl@W-u?s8A!>azSa&=);9A@OkrbB>)NB@VvK2^U`r^+QWIQ2J)i-?q_;dWbfcJ%_ z&|;?e(w|Xp*wA@#Eo`W5Jek3v$>er?*b0^i%nKjh4}P|I`w`;L1sDFOKbP{re1i}0 z)0uPQheHRLF-eCpAifIMVJ`P1|H6QcLI5BZe!7lB$hz}<2>gNr@#n9@I;>q;=qxY9 zEejYhWpCKz>2QN}s4MxHCv?cG39<7b{@ldTr|NwJAA1{NWV{ah8UyCuzxi|W{U`@% zE2|JIyMiy8h=B18n`wV!=^gbHA@gIhO%|{G{UP=99TN-@`AiYnm@GBi5)%r)ouZ92 z)Dah2Qy|V#Acn0?zsxJNW+sv)GK3T|BqAQXl%QA5L4Q0cs2HiqQka;V$tc3f7>U5t ztX@o9DP-(kWSmIUJi1JRUSw}<$@uT7g!!2yitPxH?1=b3(0YX^q=d*I#mLEdAIq>w z$&rcbl8GHrX(2J`Gms@|Pu zu$`6wosP|w#wD3vLY=N0n68tX9@Cw!u$`_2oe@QyAuFEIZkx^$o?!tt%TVji2;a_- zgw7l)&fu2IG^5T`3d{`7&7?Qabm-1Z+s!nj$?}xU%7xAn3CxHxG2e$L|G~X+@XmBue~w6gUmwxk;`r<*>cn-gbP3S?NfWT`A? z*|snkGQ~SCXE;A(xDaQ$31r%*vc4~g_ejn3ZOQz!oayzz2>zJL9`NugxWyxsi6MNM zDrz|Ivp4J47OME;$S-#CNe@{m#Mx;A*%^A-S>D+>soAj+Lf?sL5}EP}iF3$XN<8CA z2%$@j^h)NaOYzN0edJ4L150tcOZARQNRZ3OBEGckgi7^;N)_0uh~Y{z`KrMWmGFU8n7LJUOlj~ZWzdhASSZEi4^{o$ zRWO0ohFsOZZL5=ytCx{$dw^g!?`t?nY$WAtbnI$A;?(k` z)pl{!@}`M$eOsIO$I z&x5Mh*{W}YYWT2}q<4~Nppd3{l50sqW>!k#`0;}^Gx2*tJeQ9oZVC?0B*Y#h@?Im> zz6!;kPKcy=>Vou}lwrQxDtw=^Xo_5E`j|%iwbdtJh3NB1(>MDjrj`auf#!6zW<=~} z&`2`@bc@?o^Ib_ZOj?r^3|C$&Zuv@mE^|eZy;~M;tJ7u6_kdOfzE)5D*0vGSmeR(C zlZqc-yvqdJWHsA(N?T4m+J@6eyHJRyO37zVWX8dd&4V9F=hFC>^oa^eg_1}*BtFuv z*e6Y#_;<86ZMSxCD0Hl~R{azt+89wg)&J3O)N#OEeQzIo)GBzHhQEhG1Vx(sctZY* zSsG4}6y}r=B{JCpMFpJJ*)!D{Db}U&u?`cp1Dk~uzl@M9vVoAai^zZy&EW?fX>Bn{ zH?dGRta>;7Q+Itzx7J9vX+qVXR&0*+o-)QBJB1#Sx$ZY**cVp_|6W2@TW-*FKXvII)yq|d^S=*MsZZqVN{uFTq|dE zxY_w?+IihdSpzY2h7_1H@ZYu?yMq4E{&|$fbY$}hVRsbwS+OxMveV=*M3;v^bnDMV zcjK3<<49Ak;e9H%qay)16VTnmcLq~LQH1+K`S0JpD0Dt8#nYls=Za$kci<>}4-Y5~ zqwk7S{-#qvsWzaXzfmS z2va|6bZ{I8)*X5upC;tH7SyJu6w$Dtb@XAAKV2)bJD0P&7_uWE&Ihy;n4eKtDpfP3 z&wp#jvsc0#4xW=}pF@wrgtrcij#}7A$G55f$DgkZI{vTz95ijgxupKEm_amY(uSvf z_HmyU^Fz}l!`K{MhT)1-kb=^(x8t%U_{|qLr^R22m?0+m*U*uz86&1=1b*!!B5k9B zYr!y=#-On!gR>v&GH$; z>QLKtx!H~ zc8%ewNwfDCtqXT-4G9M~dIk>>0wZ_RlSXU$6}t;SXn)W-9OO zzZ;w~YPt3up=DD)L)%j)2NE{VHkD8M+D>Akeg;A<7O)(jq94(%Z!H^Px)td{^5`4n zz}EWOZRWYv$p!Dy!LINKxB~wNdZ<_?=C^-?=qRH2J8a;Dhl;5t^y7T@E8N<1{GaC{YBA2FZznnSG%wmx)UjK}b{S`fY^{MM;XC$f7A3O*|Z=i+pgh2GlGAoRAVbKC< z2t?-?bo;{-4gP6yiFgSOyGlmng3)A9dB9lt+X%}Ap9(3BGK5(S#*1Pw{13kU243J_ zi@u~y6pB&qJ3(MWfjgt^xNvh{?z=|#h8?qz9s3RDp8H>p4iA*GvtPmkV+QYA9FOiB z#^Ab;VkeQLH<2(ekg}^DMWC)7z~EVJl_jpo`Ga+wTAeTR&unM}V^zkOxVK-L{x~8? zMRM$^qF7Hr3hCjr?A04j-;H@c{aE$k-h`G&C3Y(-g?0h=f!!!xXUGR)l=q zKp=WNon*!fME_etmx_W8zLP1Q{;rfE5=^XhtXTp|V%pQyI?=8$gh2FCE_;k z!$>`ys&HY|b8=qcGY5w}Vv<%#RUDejcXUGAWCKL0PTS!~RNI_D3gDkDLj@BC_!E76 za?WK4yaPor78P|zFms@MkR|`(zyJk@Z;}lKPwENOhDXz612E{IPSNKumujUqmgbjA z{0A)H(oUEq7UiyxMgO8GgkaatbZ73QuT?|VF^hmK_>6G40KK9ixBx;#HJUhBy&Niy zf=%ZLjp-_y4!$EA9tOfcRX+#GtD8&|nSCvahTn#BU(L}F4U5l{djTJ`1FB&C0|$c2 zvS00lB$xz(=eesit+UGQG;Ip=@fnRT9Z*&_t}SHI!lv(PWhCg$X0@0Hv>+rMf6l4E zbs=94K7bgJAeX=-8A8%Sdc|LF=9M=rL!QpOkn}r_Q1g@AE@QD3o;Ls+ZbLB&B`ozI zWf1O_s(30B_F--$FZSS~-dB?1JV1H->yp25h%Sqxc|r4jMup?eetN(TKEU??F2fZF zBj`Yy0=7*ScEU-~0QFQFH2>-NU`TVQ{&L9Qbc zWRo;VyM=0i(k1!zNbhVsSAbB@#9rked{3)RghKp-j16pq#>_o`8}z#O>W`NxEVzh0 zi1}&ZJ?(<%KyNW?b`Ja)OjXy5ONYzVYEe#ivgwKby7Dq$`fH>y-iP`Gw)@;YwFT#} zHM|?gMrdVBqH?da&Ar`g9>YWA!T-!v#a+N=;(4p7*4pM4@D3&U74DA#x(ji|WIrSc z=?mCSwJ{0qJ;=up0+tckDyiV%K3v?@h3=CB33BGE)-Rc?y0--r{O>}wT=~F^GrkRqi;0*oh=M0e`Bz`g04FQsN0|c z5{B&D@H%nIisUSK1-RDZDArI=8gX`AW4E`Mg@Lq&W{C74ci|YUo%(m>VUGH;y?W&^ z<4834F24R1rx@#x)jeI<_~L_5F+tqTJ$>+j0i3&=2!>8DT3@Ek*2WNZ;gsyh#GmAwWSKGTifKH1VvJwHcwwT{gl15XoKTgfCtb?=KQpJ-3T;Q zQE{f5qP@SHU6ypK^2Ix~hI)KErOi>7?>qd~!z-PeT9FdnDa(95LiN?ZJH7MuXCJakamiNaA>Zj@}$BNR7vkV&FK+bJA$V`e?mG^-12|ZNcIYO8`#H0)q9#Py1(>47*>lLAQzcX$1_K+elQ=Vu^xg@K z#qGNqFp(WIF{jR&2VEDd?AX5ktT$&x^t-gH-%j@v>s=zL?$?+{6g=?0tdg9%)<1 z10`LY=X5=8t2-13UW5NYbb6WlGN-ePh<_mZr}j(A=~Xwze<1qp>H&lC{R>3TC0IL@ zX^a~~aCOdqvvvd}?me3?;#Trj_(&zRvA?>*t%6|u*cjpCV&A)~3LM!JOPP<$a~(G# zTp4HYLm?$}Hm$~qwQ~6HSv4m>q`k;#}v6p#}7#+_5g^ChH&zW7|4Y7&JZMyp+%{?SH^%cEUNd z!&-DA1a*$PbRt3^x@3KI&kICHtLsF+?wnoh#Ki5w5^BNV?!uw@f`rP0C)tHB34-nw zz<2E;+7%(H<0i@LB25q>-4!N;K=fTv@=;z2*ly}FQ7TF97l=M9Obg3R4}s_j!VI%q z|AOek%%t4Z5QttT#-=I23W4aeLYx*{FAzOJh}(gO0|L>xMR-xU{z7yif!Ws(c`iIE zD4h3Nbhif-DF{ME*1f>vMI_ex7fny5702zBRTPwcLXt?wlN8E?Me!Htq>)ePRf!aP z(~H5fiDfy|+x|k+VZ&sD=y9Y}gQO;Z_2vLX0Sp24Q}I&%VXRJ4qhI=r4LWpDBhWT+ z15AP)1^S*ip~4OWj9~k%pF~WbAT%8aONRa|FNtgm8|DOS9n}B6SH$)@Tz3;okB~8A zxX?5@a38njoF%`jiKhXpf z(fB*25IT+*_NF?`0IbP#Q zR1Z1l=4WaSmz;8zSRfXr;}x+Cr=3a`)D2hl@|Eqf*WixSMsipAys4EOY4BldNM~ zck?Lah>t?OqWD;zVrjSH%(kM+kM3VeBPq&7`A3{ zm)4?pa3wO)eo09`CES3YZaW>%1nV0WBfjx*tc5eyJWcgN-8fCpcxjnR+8{NLcln}s zbcktLFm_mYGt!qX)+o8K;ERgXBB|IZ#Ar%lR=t$lwuz*KiTg;-I|uT!-Mktk|JwUv z69F09R3sd6)FHb_)9}clqDY_#wQed6P^J7;I?0i)ieflWF{7Gc7PdrHy39G;ero}i0DmQJS7jRGc(%o?72v2tR?jsnMLUXFS1)<; z%0~P!Jy)mBIG4?^Rtr8P62U?gJsMYsR=e4arI*Lm6v+1QPW7xILmW%MH=QBTno&`h z!5LA*`i&m|B=N)1X4fbQXwe4v6X5XB%9kT~ZwJ?D!k$*>GPXa@#YpL=X!hQYIV~4r_=#Jy_mEF<$ih;X{MG~ zqsxRT%&COycdOBw7ADPH&6DOyS0;wiBxZSZeT`;_Q)x6pTkQ`HC)3&7)OO)&mde)6~Msm?z=#1|JGBu!8nme z!?B!)c;3uWi!bg~V9|HM;qL+&h@#ktAZ!|O>@elI_-(zE9d(^Bt)>vS#abubpNSPDHr7h%SNiK$y688gt)N=2 zG#M_-jjoK9>D#yJx6_vWC?D-$t?P_>+a;{jW60L~n{EJ(bWm$`)@=1-=_*s30YNq1J?bs!c{!_iN(Vp>f{3w9G znaQ;b?wh|7UWL-$gcE6o<~3P=-ng^aL@L;%ezk!RVgeiTNEqv=M}mR{P{=hCg|c2lj9t$K$oJmoHOt2Q!t1InANO3dva zvnEhNX6=UC-AdqXz`?98YI~Q~Y&>l{sePNu#|#)X^E}&zUElumxNS&gevG;UX5JB3 z+7Z+@SGPAO@ij+Y>*32(5qQ_bh2G7?w(Zxwb5(23biN}Tog&)M4(bpUKUb85*Aixv zkjA$tQQZ}FwSfF<{-ex-zSUxsXIF;Jh;Gz^H`78nBtk`dL$yFiT|_~%VM0knTmye^ z+-(n~K|%{%K~H3zKYH)&dbPp4p#Hp}_WYg=%>MbWJ#loa1Co7q#r<36{XB<#uARO9 zk5(D!`vPC~DLeMf!E2W20}j${cJJhzL`)3!tsFb%aBlW{aI9kt4p8Z=UC^stzqPuL zD|>|;+=8pDo4y}tbsSVITOU0f=${{yBHJ7=9Wt>V1T+)}Wp;d?U-i+p0h|sW18q9f z4z1g49xQFHM-GioZ5GRI5Tb2}P;BcT59?MBWBb<=LOSBztrJ5w;_x?gzu9`a+jg`Z z?OWO=gQL>X*Hh0WvgfU`Zme@U1ar|P^XP28*GXGtD%)3)o7T`-HLjc2k8hM%oty-n@Fm#CuiH}; zoD7`Vd!e0TgY5yogI4&{Hnxs#ux+38>72=FF{#6<+vz~V{4jjS;5^gVH}P>gO&-X# zM z*t##lr&rPM7K|Y8jvQ|q>~9MkPb-A4dEei6yt}KAcm#vM(FO-0ra+P@6y&?uMpKvp zQ`iMlxC7IN{`az0PH&=}=3Fiil92y^Nl-t%M?n}vMv%oYK1H%N!}8d^*>^g7bxERl zX*zR(>~NXtb%`!|`DFACCks;Z{fURrKo|-lPtqm($wOfcqRJwt#1O#zacL+GzJlkz zf;PUQF|Maq5vCr{XAHf{%Kp$&f61)E{T$N6@&?3Vy>YjH^{3%#2FHbq{a2Tqi?ywb zv7rl3rSt2rE`;x|=-Yn1{pi9u?xM7QCBS~g^`>38(M1g5dgRwt?YRpN?e&DAE7F^5 ziO>p}Pqoq%7V?d%3NnU}tG3*aYgr6or44LmRx zWxm#J{H;?7DWU&{JMT2Sbu&__GbV5!9Q|$j=BE4fxA|L$Lcg)}xM^j%u}-?dRJ_r6 z>lW_rhQxZUQR)7ipF*%<! z=ys*v!|l`Uhej2z_q#3=9#BZP0dGY84~E>|cm^wZxXXCTYkPiLs18i>eDJv&{(c+W zSR9gd8}ZZftBeib!L6@{rw_t?DE?i1s8#g)-7lhhVLv?LetITlwMD-5y0yFyD!k8E zyiaC#%lg`R&jS|-X{IML0svY-6WlvEKshW(`JZMw91D^6Am2kChJXIgcgYm@S$`g~ zZ#{JU5i20Ubjk-E8;pU}JSsWtnz!BwvX9?4S~LHUEY)F=PGO~i#@X)UII6=pT(KEq zu}7O8awi^YtX(uJJ&=2iDIiRpgTWvTsK_~p1XL#}<6*wTqCnVd4cSN!8SE`z%v}^A^s=t&&Z^+;nRk(l8n}_g8@7koA z42)!o3)lb%Q|H49Zd;f@jGAIVORxbC2l|ES$W9Y@&9Dnn3WMeD6Os;nZJgthC!(H1=ncAdWiRw-zCc;v+O{*d7eE?8xggUGtY0zRErD6*ATWr>c$^5B2 znph@B;%Pdubflgp+<1su4}28@O$p`;0#pcFM})BT-hAl74-&cQ_HU_Y zTD|GT(fs2f*>E--s?*0e7n{N427We+5!tY?h|X9J7Z&VRk#1Zr=co5vhplN6)&*T7 zv|KiwJ){(p{sX9T(4zon9ehmHwRu%q1dSD<3pkAp$v*_tNCo(my< zN9ax9|AktOa7Si4Wm6pkd?1xL8RZalXCxuoj*H`NFjX`iEW^}H6VFJylqXG@O(!34 z$PY=TH(&(?$0EudVJE6m-{&QxkLeUh64z|0lOR@uR8i2HL6|Uz?P97>xMGLc0XBY; z1zD|7#5Re7)U#m<(T9g`#lx`kY(7Tv*X1g(VjoXsC)u?eeMoBct4jKeW@O6i(a024yWi?-)+{@=KGUzf`nWYs15k>& zEfLc}V(GPv*E&E24fh){w+*!275&Fz&usWI}Ohql+M}B;rkPG*K@^aEEq9%S+)=bLeR-1GE^J% z2*4jy1%`%#Er0lU(L+%A@yN`|xFEny(@jeo>Ut6fGR+ChPgtA<%}WF!nDDLV4)~tl ztj;Lf)nWFXs~%*9Mn68e(|1C#<#{Ni1}mJ$#E@E;&_^MrEkakN?uL&+5r7b(k#a#n z9FqazTqcpn2>J7iVkr8QYUsGwuu1=<(hZ#6V{w2`NzJXX~+3GBnKn*HpUj)^=SRVm}6ajGtbw z>Ox&mFbW$D;+Fjy7GYfQ2d^juLd8vJ5<-AL2z+7TvHBG|Ew7Po|0k8ICgSfvn|5kw z%rBWVo3BKVhGgT|68;0L7VAD76!;L4ppd#diuzkpj+N#!)FLGy&@?DLtdg*Py8EUF3EMhkGGV)y zoU7JG84UX6iQP;i9%ic;M9BpVpYHSjLaJ~(*6=%Wpc8%c>iuLCkq(V#0>UVn9H(*3 zd2}dpM?Icw5Yv2voxvc&S)x{s<@$ZSttbd|tQM@r{f3(CNJ6b-TG`DtKbxgk%Jf+M ztlri6b%t&HyNH>L?fe3v{32yBm+370S#aSnGLsr-&}<%^Te0Hagz9gcxx(pLBaM7J z<*10c@@S1xgWvO7Cphz!-)2gbY3(K3Bj)RGW~B`6K~UO9K_fBp3aXI#J?g_a#IUIf z)Tup$JPtS}%`W7(mM5>3e+Cijx zS=_f~PH%gIG>*3+o4h=pTBl}@Oe;U&sj5D+o|@WzS=)r}td2=!v1BDtO0saT&Dbl_ zO)J&ou6FNuE_*Mf=K_V3>(mZb&k;-FlOCh{KoyLB6o|%&8OVUziDC@EED?)CK^AOb zNEbl}1|L>;3;~!a6cBv6g8I|`+sZ1#O5?uL#T99%2Bf9(MIXWSAk+o>eyIwD1pVbZ z5dt2kL}o*02SdCS?N*lU3J)ZEo!;@LYRK)>f?0n7s7tEVt!MwnC2rPH_Js+yIzsUG z8%tlaOEc+x_uvm|3Z4)c4uSbjnA%7xfPw)M)peLm8?x+yy z2GRabVkT4J(8&g~r<(>k+)V(77oidc)isI4Gz*^g3y8^c3e;Q;+q#pltoMQ7ey0k_tDm=0q!dYT2~NQ|vb!up4t|z!Cz! zzt9xv;(KH;D4pBz+8S~0mK0k!dQBppx{XQ`b z+-+YIFLY0}p}PcBNsl53d`8oxJxRAQHzA6 zao4WVFD>KF$&8ccAmq``$s!}{qYd!XXgQ{21>eS1hVdh#vG^kSdA0E`XOo|BAQ&2x z3ovZfZ2%suNKoo^7Cd<4G>YtcYv{U}taC7xiwQooKQM06NR*96z4?=MGZBq~T+ZY~ zmlDg$1a>a73X@X8pHku}0x^#AB9RK?#sm+3phakWH^ul#*XWW}a^Eo%n>TB0i&Wf1 z`4DaeEeHesPM7hFO7ngb2!8x;c+ETPc`nl=GZt{M4q67BX^anFgQSfT^BT&!rRndZ(JXZ^?6l{=as@O`#Q z@|nK^;dFr-HO=o_c65YYSWxA?@oAUY1Ku_Zog_6I>??R+0%_nCbt=ubL?Z35Daxof zAIx}pd+EI?B{;Si1gLOZf^ai8*{*VVLJ+(YV%p$9Sx7rn*gKSLl4w-K=tr0s_mgjU zdy%muQQB2ev4W5y1~62W;P1w03P^dODa8Tv2FASCf##gh{wY+iMA%@t;wHEXRwlwi zxv^n+Qr89L!*(3Z-$3Us1@G+l=7}fl?6IT?h?@zv$jZT6$Y+?sW+ang_u6UhCM@-9 z6%bR|4k>r!O5DXR5QmdVum-v;-x{O)j>Z4t76zvi5pk| z7Br|sG2(s}-QjtH>QuXU6!PST4^!XeUiT`{?Tko~=}+$7FIsRbzXFNx*$P`4zr@h7 zCA`P911+_4`)#28*)HSQq2f7?_OyDZS>~o$=f1BsNn#i6g;iUsryByQ`M>01jIQ== z(A6WG>431kqlEm*3|g@~S`}it%dKAh@icj9I+6w&K*$1EoitR=v%ktWerEx=TGS%a zg<%zF92Zz2<62kHR}|BG7E#M($1zn;f7GINGRu$A-4oBVVt-cWct$mU4a+iw&ANom z#zTj_Xf>a2_VKFVJ+iga@tl*p<$EIf576r7udM;TgSzGeA87Kr7ppUR!ia*o=Zt6;}Sl^Z>4n12uyq8-v*DzDq8HUPe(2K4z>to)3Pp2B~cs zM{%4$aon+40ux?BretF7Vd4jcIOSqB3&te%qa@{(Z_qN~A;poAM>aXdDc^#UDvo$s zj$le`Q@d?thajsJN8a0v8U2MB=eF@TM;Xv1S$090(vm6YCEt*kas>`^w+C{(`@i$r z>Hp5l>(|UL(aeFj$otS=U}QI0R8$zPUF5A;XeqTf#Ax@7*Wqzu{~T+dWOTv}OR1g;Ult$v+eRiIdVOjX2I>PyL7 z&wE&}EL$gXl8?>YsBKqgb)v3gU*>mG8DjsY1gg(stL;R!;Y_DEd+WA4Di|wcZyUecGzQenuo7_RgG^tmarSIQM=win=-b#b#WfNeQN%->q{-jC# z@+or1sp+z5Hr5&5@);4ZT(fiB@Ymdkaooz)+^TWhX~V9XIPR@$?wvUvJZc_3ay*9A{0E}f z(};7^%GcAr{GWvAdH>&n=qZhgIlM|GjY>7V$}Nq`JMt3$n=bu7f%N~l^r+1LxOBsj z+PwZyFpW~CLS6n~BoUAO>PTI|a12B`f=sc#a5RDORk`74ebIOdr^Q&NVngv{hTz-d z)zOBM=^TkbRC1-p(%Axq1ZJbL#IF(!uxYl13f%_#wXvp(#TwK82y*4-%B2R| zujNMLuy2(X*PXE}<(BHTcCVY`wegmkjcz}9Gzyj0+O7UDTo&Vr*1DbHSQ_PQmA3l5 z@l+m%^@%pvWM!^&B!%ji#-p#LuPTfuzcigJ)>@2btF||vt+c*9S)Xigx!C9lM59#e zXuaAQNnkOV>S((;m?==sQS1D2ck;c#VPmSZ{o!J>9~$`|m;OKH(z6NwUtRkDKLhDc zQYkvsLhsTT{shuR9-bt%emeg6w?KNe%OPTnv-(l}LG{n`jt7`aulcH0dxp5h-g7m= zQ1k2mHjqAp%kisW9n12?!)}TT^y#pq2Kr+u^tWikIXtJ>&)Y?p-_MT+F227m7)XEr zf>qJ~xOAXg%%^9OZ@)1ax&TCfyY#Q2JqQF2{^I?a@C+lpm@t<~T7Qo=#sZZBsDv^#z4)HzIw496{4M8+6PdPD-^ zF>a-Px;zQ+>Y$^z2vytF!sAhh&A^{F7IviiWc+=A)qXq@HO;)^%?Ox)c{&2vlTZ9M zSZ-QzHtd?EfYe)1jxyOTda;~FYMzmseOV*wCshFz+z}fUbzG!@3^ny#fr4E0c${#M zF$`69)mx9FK``wfsc+bA`s{mECHc*wFbyZ z1o+3AB3zV9u<`t0|8p1!2ey+$`cWMazn2SIOBT3#R1Jl`i8qk62GFDW{kIglB)Ppt z%ooi7lKGhaD7z*!b0^Rg=!QTQsFg9Yd`vUdS4=r;Jep;Z_jqKdlX5Z);a~D~{^}h-9 zC4cuvBTCGxunnzkWCxwr*eqAKo5p$o@Rlvm{A{4kqJT;@i<<&4_2|enie*IDg4aw1;+LBSvvgdi{~RlpFfUWm z{!$N_z}#b0)=QLa04+!&z&I)_c{==;K=0g;b#gsnN%@HhXhM!h{4_k?jZ~7-S|Y?@ zdu(7b=IB}MN$--T-67dGq^P}67R;vG(g9o&1VC+PX1Q!0wl21TBUp36=*R$MB9J5= z(q=G+-&TwKw~`k}b}xM}Eq6{FZ2;?vc%C(&^)4x4AMTI1acH#YmpJ{?7hk|M92v*R z#PG!HvLW1@1ILI|M{>%Tela19$!ayFdXZvRL`+7Jgf`%>PTRL}8Gi)2^hjMcxVB(* z2=uo=@5Uk{h^qPOmy>dIAdJjO|@tY~q`H&5E=^ zRQ(o7P+#sJREvHorX10RpV4Y|NwH4BvOLFa^iFrr#<;W(JUrM#3QQDR{=wWOv3^+% z6x@C6kgary!&=Wh(b{ftSvoI)etCw!`$(Uq1K%;n>Eq3`G5CoADj}o1T+<@fm~nP$ zGmcd=PEvHuG}cjlJDq(oUU=gQ_Nmi(cOmavU<00jRnRYe5Q%)-_`ouNs{ilM?=~t-Zmn9D_dtk3P_{ebZ9!|mt7^m%!q%}5ZIA!&L(}RY{mPH_p zf&_&7P9EOf&-1;FUy03|o?vGm9dN({dr)YAtO6K@(t&U$a1aw}2IC7UV_qUNE)VxL z0XCsS_S<{hcRI)#0`Fo71DHSoNO|vI@1?Q4pB)HbUSbNAG(|!R_;tq)mG#DZq&5*` z`J_uB@`yufgG~P52DSF`1G)LoD1bdT-*5^b30=Y)Z6bO3y+w92hl@3*mNO3@c|}xg z=9B8nixXC79J9r;#xEEOX}N7h0j1UCn-O8d@!>04D!cK(}h&9v4@pj zvsHtapZYz!COzI`D6bJC+XxZGm@UPH7xm3|<|hR^Ga|b}L7Jbf%y4aX0rz&kht%+C z%qVuY&tZ1I72Jlr6t5IupY;?Ew$y0e%*0E!75~P=kh?h$Cl+u}){PC4q$Wv-;nRu9D zd{j7Vf+AUGa$0&@TFPjAQkg_f8fE4mm+rt%luj6w9`x#uOaJ7N9)ZH1)kfQ(N7uB( z*b+|L#zfa%#@MMx+x&@72$6bDuG0em|NK8Afm@&#EJw3`WSw{PniE&|xX3?8= z3HrpaQbx0;NV~z5HQUCpWtUmEq`Fhaus51{w8U~!=6j&Wd=buYgA#it#CT`N@Prb7 zRTlry#`06o|2HusoG=4oL@YciBQgmCT14Wr5HrRPdTe`dEan81_x^f~X(HlCnX{?V+2|tT8I-cwP{TNm=~<3Lx!yN5!0 z(@T<2OOFMMlz)(CW|CFPYe+7Pt1oFd7I8~W1J?b432QX}dz2cYGqPD1-w)x5yPJ@y3A-r za(?Azcx4|-mELxxv{aQTQ&rVi<&=5Vb8pppXjSZX)laHwM5*fUDAiMCRihErfn(J~ zJJsFg)y7OU11L2KN;UR&HIxN4Ib$_p=GBjIwLt3H^`n{v``V(2+F+^LnBv-_h@#5A z+TT=lwP{5}5jD`AT5+kmweq@eM|B4gbuoQ)mv(i)<8;Q1de{9t$T*aSR+*5Qw1N9X zgq5ZKajCwWt3kNEq4%bQ|7V@JLA9U(F~?65*$Qvz6;k;~Jmql`)pm-PCj=VGc&{Q! zw9rB%Gb;2PgcM0@jST7-K9rk8+FBUYoBgaZIHA#Tpm4|_aQcbsB0}Pp5oHxg`gR=G z6OF`sJjSlQa%Z5ykF*tdQ|=p?|LdtGAfq*+y(OWyHAA}%@D0^F}>~G2~oE4mjbl7P-WqgaiXFXqN)$%H5K^$bd9+c1u3v~PlNWa*zFO$ z?Yw2}JIrl8B4O^f6zTfJ(tP`~=*Xe)WJR_wvis^o zyWmrI8(NR{b>~ETcXeE+d{8r-W9O5D9YSRXl26LThh8SqBJ50i+=(vyC^90lzN)g` z=W#iT)1EP^KIRwcv_8#vhCPgqy|D5*uVFvGPrqPhzi>zYi`9OyU;Pqf15z&r{^8PD z2S6Qo%B=Y4tZH27eHZZq|22@Vy*i+{HK=|yVCsnDhQ?v|FPE+|XyJ(GvWjP3*%PEO z^lJ5=F5PgzO{EFye%eTW+D*#ZKW;YUn>q5wrTYwhdVv>HiTBoUL{nw7^TROT3y1*O zsATV`ipU7PN+(m)C~xH`|LLeJ=|~0FC?#uZ;V=*bTSq5xr6&0)fYietxoXUc+&(im`IHag$!x>uuNR5LGE%a5ovCSLM^C)C9Oi z#W-$4U}ECa=7fmO%|x@~x9=nUf$mcW*v-6UnJ@R!9c=WM1A> z7Wx>*D!#dmCeX}-NlSSrHM+!Rx+is7x5R@*a0=KtRpU5?@EMmpYwRAa-{>kxdBN*Y zU>2SVI%^M_g~#@W9 z(C__t?WwQJHgQ+KFv_raw`i_Z^-ZX1!U_Xov(`7lGRLrruO$lB@ttE)o&S6|*{Eai zT)C*(IcrDtX3iSH4-5*3UHD}UCIcV`N`Mg6;RMw|x?luMRf12xMeHxWS9aoyV!*z6 z=cO?w7=7Q3HW^-W2YP@07ApBo*j8BCz}`fFF}C&}Rk&T`>pi0Dx-Eb3`SDsn@L%}+(J6ltqv;o0Rr*Lc z3jx4Ob+bM7J95`|S@H-HJJI{|w-Wp4p*;_0J)@6ByrHfA-lz@%KR1 zhYCU8bf?+6I5eg_Ply0#k88Z=vw9y1pn_uW383sm&VI)XVDuRuH?Ccq_j^a!Yad0% ze4bZ))V4NZ{d3p#i}>{b=Z`0ZpWrnPVg2(5qy2L7?{;b89^ayqM)5c3!&%!ruRzoi`d2G_M!8XMdwIIvz|v$Y?*X zo;{FOI7PnNN%T7%qc~Q3K8-Qh74hALS3cv9JJ!eaVvpWL=naX0CD7weVF~nc@^fpk zo>}Mf&+PqsmB*(agHWQuG5=!coFDGR2qwi!w$E38Iv;DCj>WKV#dRG^Ij!6UeAdea z{+PQozq<5}fSzac9s=f0?95Ou-=K(QAAQvY|1sx1pZ{UbA=VS@$4}%}Wu+%2#$?AI z3DN)@YhuK-zo|5yCvYjpzGB|`Xxv�s~C-aV|sR>uz6LT&MeA>r?IE<)Kuc-0?`> zng35bT-#TGG|Vc)ddfyrDmtKd#4$GaGRrZN!HP^$Hc!;bBHsv?G20DmWw7A{fI!UxvLOL%%zVm zp}D7&{3nnugk$v&m;P#dBJc&qk9i?CfD#%)e=Z)6Yw2J-gomh+ z>m!kV)PuvQ3Zj)=l(!1X2&XI|`%e32e-eu!`qc1;`!VWgo#E^?Z|n2fa8LSFq#}~F z*Qy_6J4wxO6CDh5*bf2KMv0hXI;v(GgFQ6r%Cq06M9z@r72BfHGnoI`JXgS?L&*cf z4%;|nn1BGBj@Z6{e9$&LQ*mxSDoeHQxD-0aylXB3p01xi5|Qhse-mgs)(?m-2=G77 zRSuV+3N<_xrjC)Rmw-b#W*@oGBn`tzTxP_Q7C?W`#$Tk}c&OyRURw$Xt>+CxjMNt# zL5w77#qvYrg!JU&BXL8mP*MI0pU3iWD~jKJu@%}E>;Olix$bfUu(VWo0T?KGtoQz=OvgvGjrU= zL%7ib8pr)fY8gYgwrIk>1ETm8kRnOG;};Q{GKK*ewFmMm$8>$03?_i0t}}D&Gv<*$ z-h9^-C21VQS#pQp1R4c>0rXLmae}BK;5r_G=s#w7!hngq-~9qHge92f`8T3?{LoeS z!VO#)oVCm&IL`UM(Z@AtK?I8(zcP7Bi-9Hp+kyn90Tbu|)xddlze$WX7&i~Jmq2Vp z!-q_nNBxHKs?)eF;2ttY##0OBnaJ{Cwp8En)uvLC5E3pu*@ z60|!~^A+D2FtETrK84iNY3zcMKejLjes37*yfNib=&JsW(bJWd28*G0!`H%5{XyqN zTJP0X9CZRI91n{Tf3P;rB6S-c#R;{v=Pt0?JGrnSrcdTCgT74WuSy(DwjA{&cX-f_ zHj6$q&U{-6h+#)`1( zc?t2dr2|4NO%C?6Qi?Sy^u-UWU;yh|JxNpghAB=JHSo9soL;L;CSzRqOUsF&=&!^g zi6@4rL6o&aHnAe}EPw}+e?)}fT#w-;!0OaNRIa8VN(q!Eg?o4oYk&j`sE5Ur%a05e z%*EJQYQ9I7J#CG(Fc?UZb(fVkUW)ZrsmPN^9IQknu#87`OAc@)^0RwZ_ykXD$@si2 zqmj(bsOh7bkB+E_zPA;Htslq2P=w4L?h3)fQvknsM@2*CZ|6Y+REmHC059H*!iD0{ zGO7xZORKp>QYPeG8JEfC6AxH2o@~(|0|$7k>=O8HEOC(ARNiz2CGN?TD65b1qrjPA zVQdG+l#bHrtzWhr*_!AO+~Ju%7)N^GL^Xd*R%(>cIu+_YI*Uv zrLt8hic5N`nwj&otUjDy&kORtow|J zV(6fi&YT`u{5_$ZW+4Uk;BnTN2(&{qE;t!bI!o>7PD92ohRpf?#qe3S8M z$XcjnX5yVQde)~C>lfnky}sveVQ@}LqF5xY0p~n97-uPh9PbChJZ_UN$d0=3NLnI_ z8`WTebaB1(uk%;8B{qmh!WR1Td`q`wp?LOMH+FMXYR47*DneU*!VCdV4ORa14n`(X z3(e4X7IvQ<%n4V%56gMfCv`en3#=?n|09r2m^|N!#8*=%%J1ZoLEEc+T3hj7T)MBL zEA+$4z?z4^<0koqr^(OBZR3Br^dV<~&QW0(e+HBRWO=VX{4UoJfz_?QT>5(HtDT=4 ze+Sa9UK9QjgnRHZrvE#T&LHnSMrZ7n^v^*0R8cGzXqOM>(&dHUX2V>%IP#AO_pY}e zuwX8I+Gr-J%e`1YbX$QC@(-7OAkgyuTNBKsBjcYK{c-7H9xJ|Cr#64Nbo+pswZB|? zn~{6l;vbhT;y;n?+4Yx8S6P7*|J$XD`E29ET>4wfi_fq?Ivv)@@Jm=Aeb}cAF$We% zU%xr8{&gTL{(kNg)cd9g7D(4}*_)|>1=2&G17A|Y0_p4b4NlKzut56yc*c1rERY@? zv%iD|3#7|;)kNm}38X(c{(ioJ1=5dKe4Z9yf%K;7lvNj4Aid_}Ux9Q=lfPWL%cqZb zEgR2eHot%FiT|D$&VfD*|K2{!`2>9sPgH}sbi5w8+ioDQ#5hq80?egHwZXghAd?lH zjDL9!>_K%DLrvsCZ|uP!6T^7TgSFcOUKIt?^5Ee0;zo($?sETe=|SQsjeogxJW=9I z?msSl;02i>_n$y|&&T3gPC(;slUxRm=4xUe<36Mf)ym-h$kpR`J+7W zx3sh<@4&)Ne{c^Fg(*pb6@x?&K}I56W~L7IV_liHQ$_{kFBy*0Lv5gkkoY}7DN0O* zcaX192Dk(esRL;X$0k4z8JEP;$VyT~~o4in>zXFsqNTgBzJ?#h+nZi*mBFa@!px+={ zyr?(pNSI}ZLs7(&pP%J^9Itx{scSPkBIT~J$9A#c6Rc;k!K+SlXF?#dxN;|`8vIGM_s zACwBp$6E(FJ0|MeSI4tEguCX)U2!K!SylXR#y=xW^t#s#u(tQ(p`z%;B6)*#k7H41 zQ{@%$6p2A#Y-}7ZY`osY3EHqfne?(aD5+vKU9dsbQL=i6EHwbOGO7Wgc|&y2F&P`FcBB%0KqmDgC@h*Q9Uzh3PEBz>uYlYa z0ho#C%qMwCh1MVu2~bCi-%1C>mPysWoc!?eX`uFTz8>^0Y-5&qHkak_`eoV+if<$I zcfHIjso8f&7?F<{XSM3|_8O>@Jm|hs#8zR=OgR8S%EVm`Ps^NpqS?nM(xh@G#yZMh zW*Q`-4TQn7)RJ>Uj+zPcBSffBKjOX;;d=l8@e0p$0YxF;Di0k7uh z_@a1BLOXS#=)HZz%GpPp4 zDc8T1o?VNQ1D~1`gTVFpYmASkgsNhx#jDRgq>*8y(0NvhPEtxbb^kD?9%9WtF0#at zG8(p510Anbk{WgP#&q!)ictZWhzr-NT7X<;ktB>|#;__>zeTv1_A^zxk$^VlTC7x$W|+N> zvA(m_F7&m;Nkizg)ymwR!93rWv81|LKBMpMMo5us6q#%M6>E!0nBS^i_kUgU&@x&j zAKp-%Tfwhi_r>2qT-Sg%+QLxTuhKeDHEyOhZp<>KkY1OMG@c4Jp7k9+zca3NTs@^* z+k0NW=GzDrF}yOWJ)!$@^KRoIxb9MGF8_zJS?A(&6*cu%-D>ySlIol*RHjBeG@BV3q#=cGU zv7UCnodyc!W$@5uq%g+67h@WF&63SWpRK^Ay{%hdezRjf*l*5DZgGyW&2esChS8^D2 ziVS9#EVM_?V>dQ-w_bEdNsd)%N=gl>LwQ|E{iC5mv6zOj(yMi;m(EgJ-*)|J_SU7X zzFF*PcNvmL?G+SRE%{olx9RS%-r6ZTYM_l&#Yptx-Sh7t`%q zOs!c_wA(ftI~4B+_3Ym*Sc^mVou;bnjJsW<+ntjY+>1@#hKRglSMba>cq1q0L15FQ zXYn5DA>vgm@4Ii{ttR%7U*6AH$H!R2zgaHOc$HV?(8BOA;m&5);m{!JQ1zoNXZ7Lx z^#Km zIMU9xD?C2(pE^nxi^?Hj&R4U|8ye4*8_2>GDWI1wG1f0a5-YuzDu>#Zg;*6=TUN+1 zRNu2#d05t{*(b^!f9dQ&`io@~UNw@KKA4O*``*Dw&#USQ-8$V2>I}9|74mVp3C7VtduaE4Xj2E9SH=IJr z(9f{GI!^34_GdYch@IIyJ5H0HRTw*s-a9TtpFzFPXjz=f+Rq49omQrtGOL{kpPho7 z&hW^bpU<42iq37A&fmlwmYvTFMb4cJ&c8%EZ?HQfWuNC&IAfkVR|KD*G*2F!J6sJp zUw=G4BiOj8CcjU1x=B7iRol7@xoFpNF?xHUSLH(A?qYi4(hGIjoOCJ0xSUA7ct%Qu z58VO^yh0LKgX>mD)DZ=VOQ7cPAP<|OFPdT;Y+lP<-tS*Fpt~JYT;Z@^;U-@as$5~o z@8h~y5I$Vs+qi|)x)LN`sRX%^OKbwu@ z?}nP(1iSBQEAMCwP4#uebYAWm9jqD0+^wYDnTz9C>g>Prd}H|gosEEm)o(-TP!EBc zdn#lPyaFi`j%!C`Lo-h^-3JfsSMTfyao)PtHPR{ftvx**pgEq7IuC{i z?|djdTp2o?0EVnfR*!KMpTr@zHs1V(h3p7$gb$nutwOhaGe|fz1?$s~4G2^O)HEL;;($&w1jW@W6wq@>m8# zFM^VTN=o%)^;S4ca4?T4V2bub10kqU2VCOv6!JSQ6eIO$PCi(#T7{Su0REB0@FT1H z5$*Sn$T(@?#{MjH|O&FGs5fJ$u(POJ}(=T^W0Cd>`x?=d`k@q~5 zL-Z@N0+oBFLU9HW(GQtqCJ6LAiwq)>2ZCP%HX;A!(t!|#t3NKC0SCSIie@C17}>oM z;0H6~ud zKM|=W8X<325qik&rx*f{@{v)tpGvz5u2tV@ys==Vm2hjUisj1Tdm!%wIFoySGd!9R zFaPjyb2Ba4mU{oVv;xp;M0={4tkCqv>PxBs%|N89#xNV3@<+_78G5}C@fX;qRJ8?? zQ}u+#*-k(C&sV>&eOOiX?!l{4#(QsV%j`AGR5GV)4l-4SgQQcKrN*HkyRZ0-IkY}3Zt5596JGsv#5xg_A zizWaBxfxTGBU2*t2w6N=06ena#RNa05Z?j`36(T$$V~adiW|>v*)*zEhZ}%g9OG!i zAFV5H+2}7(ZpkJmPsEv)BE^DmiOLGU3+_Wjz;mD33g=jF-E?Fyd`xEkHXBC-3RjnO z5QFSWVOEL0eF|q(zEmJ@TsZdO<_Rpj3%lcm8Aan7r5H7VRXW2A+?-h z!3h5EoJIPi>Mxn&ul#%#+Kumln*nFu6Jcoekd!b10Sx}2K$IgxcyYpBs`%Q^)VKMh zJ0PabGSnztVdB40c^(7Ce?{d|f1`5fKU8^a4TbY@C~GE!T-j<^#N0Ishl@sPjL`1} z4&tl7YYy5g9eZ6}pJXydTh4zpCfLU%S&tV_bf;Aj>K7l%Bm)A&Lu9n4>Qj3Ii?|Y= z>hzfplgE50cn)?ZY(g;8<~yvz^TQ_(?Ovs?ty;HtDQ4LPyt3YAWe~2gm~@}J&fIZl z5TQhTxfaWly=7P;dLxwKef-w_k&Hn6=Tg@vW0qXtV7w&Er3bRTj=uY4E=8(8@B!y_ zerhA5+zHNX6#v_TpSO(ior<%uQdotwlO>8TNwPvc8uOW}3Y3vazNXl}Ddz38lh#b9 zuHwxFd~gp?k0_yHBtw7#*S;zt7z)k@GhYAemXHAkqo@G#ycQ0vxZc!fLwQT%n>01xNc{?_-9%L|0$$}YYn4OsYa zI-RK6b@5s$n5hgLw&KDW4rl2}s--&Alyf2#*(I*5FzoM}-CUYDUorr@AKWA&1U|Xy z)JAKS!u3??v$3q=-ylgbqrx92e&~4PT~F0S10sHd9A^wPeTP6S8LGeuT#Dlp2}gYy zK-^*aI5xyHoJA=~1~DRJZ)wv6=AjjwfRAx3{T3(BJ=)u2FK}o(cGx&1rpRq&(8WQ@8@*C@zr2$p8#Ixj>w}n4~$m5 zDgFFYK*9oB($IY?y48&8MfTgt4154N9oY(szXrgv5ln*EBj*6+m(&KEcs?62zgO}E ze0x6sAfB>@R;CMJ-*?NQ34&G8A0%J!)tw%$n1oX_w@r7BcY;=r5e}fjL)dSQ0G97h zv<@0euz<&aFkulaEQtY)#QP+1r%U43pd8S439S5buvjfTg$*nPfXWZFa(wpirAh(3 zJyZJLy}y&it`Lt<_Tgf^cLyCe0fH3rA~~QKe|Gm^@Y=RB3%Wz+=n80s>Lr_mou+8HPkYKB@_?3Z z{S%>El(biHx<1DZF6LE&6gRM3&og2D(-aTIEwkK*@wQcVIKQL3bqyhk1v`_6M&syJ z%H-gU8Lsi!t?ct6!&|21A8khcAoP2>%`HBeE8iR`Mw0<(l#$|$1cp}@Mi>QPjBrMG zv>_OQoA|(_)5Qn*UybM zBdkmp3{?R#=_^)-y%?ra6Gm&~8*6Nti@b(ztA4m!Jq=d4U;^0-NyL6Z6#{}S0urpN z!Idg4aunkXlr99+a>y;5GO1W_9YmQ7mGXWm7l&E~lV0X5Zlfz}gHmbBMPsWgGkUOY zV?}cPewO5X)vQ`b1M3tF=!rhXQ}H;JkbfOl{zMAaHd|3$L!Y7|9?kmhl`plKCFP@9 zs+dmfp+_P$LZT+i0-Quj{*2C@gFUyku#~sPCIh8dU!e$)rSup;mCK`D#-}@$|0R(& zK)Z794Y}iz0lXuIBL)MRVt;XALl3cjKTcmh_Y7GAWPvK zanb%;49!y~1DK;}+i|(nlBLw5(b)m5+xXTPtkeap!a;=e)TUunQis$VSKGu;^T7EX zzHf<fV{P_aMW0R{QNFFVAy#rqmuC2yft?x@x=S|w)YHsj+#2~ z{C23dT`JRdXpnvA^jI3byc6~QYb;WkFtMHV)u96LNFJXlUN|_OA}T@b$UucDsX8Xf z_$X6`Nrtm5c}h098Z|{}EA?ZUW1`)yHAHV!ol6jo1ynuV&R{Pjmfw@@ws2Ivr zv>lQy%v>14TwrfsLLXe#S5zE-oEL3huC`s0ZJ*M?%wNr1wXRi}eFPizs~#)I`cZCJ zYhQcLtkz~q_e_n&r44E}4%sLEn=^t4~LjJ2uuNOU^M=6Rh1x?cl5=lFeJ^Bc+mK&}N~al#SS z!clSp8ESzXobUp*@Zy{Z^0f#rIT3Yg5luLeY-*8QIFX^AwaA}1L7}yv7*3RwT9h14 z)RJ1%8cwv9TC{FX^x<0cX-}PJryN4HA6i$2RDtt{}Gq2 z|9{4%zx{xK@V^&2{|_kt4=Dc+D92^~4=8`Q+!@b#+1>U0^YP|nW4gN=mYGIk-1I{r zu-)_r(U)!ppz|MY27=`nw}SArZMTAntV_2-$UF|WLLniH+hMfHw%g&1#iiR3tj&kp zk(@(}J5jvfYcmtq>iw4Z93Y`33gTU@rE?$~^^pW!;hbdc%(&F&z}YrpIu+voo1Ajc1h z`7k$#!2U2VjK2I&_U8DoAXbj~s4!96{-`L`y8Ng()8qK4BsYZlxU?|Y{k--%$LmqXlFI8b)|S)jan51Zn+e{< z34Pd{QRU6li-*&jX$fSu+Zh=`r`uTthN{~+6;dajVO4pyyZP5TPIn8sFQ0FR1kpC{ z7EMFh?!Q~6INdMVmQ>v@JGPwNuec7gJuC^iRJkp_J*awsuKPTkJ#6^(8?~$v?T|li zg)vk=Zb!9<3T_dQu0QT3>Nr2`*@|Nd4aQrXKON+TR=4bDD6h61mX=h1IWA1WygGUg zUi)%_**}$YD)?2b?(F9lh2MEGGQ{K5bQ-gxujAz4=T!|FCI6KP>GZGO(Sw#>w-`Dx z8+YG1DxZB>{i%0G@8o{~t?|B=HM@GAm6i;IRFNz3I*fH++B1;L`lghikTsSA-8Db z(=DvX6cKKciKy3-1rnNmJoxAXaEcQ&Q)CdZ%(hB6!jn0Gh*(iHA}*%;#sV4bu?c=( zC5V>S44};kCfKY*M0SIlB7%TlApw$*G^_x+dWxLqT@xP!fZT7(hzK9XAIpq!p!V>(A7v&uQ+UW#?H^^Xuec4(O1?g)wR2ZS-gu zlcs>%9110n$rmgr;4Nb!a3H`lK@N_9z|{t3UYUlgp88`UZ3j}QYalQVrYY$iYqIyb z7aZdOM8xfDV#TZq#Q}XNc92-et_nzcvj;2|+hB@0P%0>0u9+6WQ?mU!_hf?ZW!Rkt1wX2#}DPikARmXG);3+5*rL zYZ2%n12um5tY#QLwUxDT6Wq^Ij23woN0=ELQYR~|1;&@A-h0^gx0744iDXTu-#3=3 zR@uKKU0(m3+&H@gwF{xI$R6waCRjfRcKT|uvVz0VLb%NK{{4x;7GP1TPc-I2dwg|Y z_@QmaNxvi7Aa6I_rfqhz+M{LMXkJaH0#fhnUAwY&o&L~qD7x&4LPC92Zkd6>=!c%Z z8N@(jnIRGwfcP63@atHm8!=o8ECvZ?QqM!xZVh;52Q{LjB7C~aFnLA|Fu5&@@s*`w zk0>Q&$9y@`$#hjSRqF~D5JqGJu)drIcx?j!UJyO?x+yj0oopemfER(e;h&0o(7Ti6 zD4^Q0GzjL2xmQ5_?*ZbZ%wWkmK*VQ^!)Ui5M0(0XG${-KCg;D_E`@i5`|+DEgSp5? zpmEAxQj}P?a?VDY#Ye%d>nYP97?XCD3*o+9s)KLK$IU|rFlokp zqLJOE3D4ico%A+HaaPY#4bUM;g|mS%=>)hcu=uOgc_bm}DOjlc6>ecZoZq3uZtASY z&O{hMoo4F0V4_k6ZtI0iIX_ITv&9N*Rst}?1ps5j<8SX%rt=1f znR=hCNt4?3VU?*id2>g;T~>_iZ^WH7!h6}OK53IL8WWKN+$^YhwgusfHK0C5`9Uwo zcMQylyYH zL8zl+Nl1WSvhXvHeShY}PZLr9Id;3cV3Ez<+|+yrKQQQ z0qVCZh;wr(a$SXjB6cu=!X?ww|M!5LL|JzcEkfKR(DF`gF!dw0sJPz6#>-owdR54&S(i^w?Vb0~^X2a+n`Z_v@V|7q1@=CL z-s$-B=>`}1)|Kc8_UoL=zvsgFG@S4M#Pw-m_9Jzl{~&e1!hxL{JL;I{nW6SLq+|6r27;1=qTqpjcxxR3_Az(c8!L$i=^|Bx?5AqRaS z2U{UyaG||)q5D#y`)A#w)NVf+&(p!}A3rDsIBB%_1rSBG#}Y3cp8GdkK|)56Ti`uWKc*e2i#K zjSPDgsU;Y>-50qOXWSS+ zenpUZ?T~IGjD8Emywggzr%QkEo#`ly?u3#4td!|Om+tD3?#7GhE;T?G9{XX0?xzCN zGf|LULClyJ^KV8bMB-q$Cor-%9oiEkMp_729S`PJ>}#pGDD$|H;3xvBI1K+djqSK_ zU_51U9DZ*cI#s+{KzvAkJeWHcl}k`$5E`#coe(IMkS-UG2bb{1HbJ2;!EZYObvqtK zQg{eHQPw=sHy{x;GyzvKk-0Qc3YhesI!R$T5oarrRxwFDKgqK%DbywjTap)XE9r$) zvb%XQlqwNKm5kt@EVP~M228m|P6jgZT9hTPhoz(zryMGzkoYIHQm433r;;D05W}Tf zjHL7yr&{!-!XCs1p;$)SvBl{HgoI;<*|8*zeojE4&w7fFeM-AzOrNVyi}S)s(_<-4 zqpw&BO!3ApQ)H>~rf<*-s%eYM^Uf&N%SkXKXTRdk zo@HYBTK4&ziSCj(yIwD6h&#uqG#fWOXRa)VhB5c$n;hxkoNl??{(xMo!<-oJTvU>H z>@R`1!vBlCyZUN#;r~7#Ja}+-DNd2%ZpDkW#oZl>yIaxX?(P)#;O_2L910XGg>=%r z_jBLBd7e3#wdP<>_CJur(LF+}^hRY4N%f+$A#T8XRMI7UOQy`{ZNY7XZi$fd#=`Qq&bgC`}bo+ajM#R?TgN)_2|D6F>f^D_WJ1mC7ilsx41#f2N!v`JD0gF9X)Evc0N0*Q(;N zt3Mc5OWjww236ygSNF(OW1Li1^;Nsj*Embm+*{R{2h}(MYe>p!y3zv|`D$;UbnW_T z(1L2?RBNBtYDdQCpNNyL*1{m#b%>eqStm6?*mW`BI+NYHVVHVE>iS6WdIO{S{=j(6ACB*YHuxpt_O%AYBnei6B^=Y7ibvbAY3&#d-F zEe=HW_3cOsUZ?g{s0$ZNEpBhEziVMdZnHaW4P9;ZQ)pxS(n`l%3oV|j3sz^5l&Ah` zgEH|-%~l`n=8DRuIqmi|oAm6=_DaDHr1kc4%l22F+fU>=I?rmGE15DX@m(v+TbW6~ z9kqkr)uSZQ?Icx&m7TTTHRI3=u<@cC2x?azDouZ8IgVgg2uYXIN!L<+*Qj>#&KY4> zW;e8&x2HpPaMrn;NqQ>S)7@cop+NTCrfbu?8(pCXB3OGq-czdC7bg>AW8Iq zw$Y%GQ@^GU4)sRA#`B;d>5ws6zm5-{nPR`Z&k*)^uri0 zMdS>pFCq(H{~5`zFJ)sDmRL2_W z?8J&nk%ry1)Ey8-({!pw0({jSuj`yT6#{+12Rus+@7fY}+m84=kG2j@Pr^(Y1iHIx z*x(XOPAiThvIbf;$}IV4tz`AColnYB&8ou8=qI@TO!B=}1YKm!ke~ygDpe2KTd$ff zI-l+dh0HCJc6_VEd!|>0q)fGLa9wT~m=1GeEllu z!VAzJz6^A`KP)_+D^hG7%EHG708x%`wDAB>0Ne)vk_FXD3dDRBt7A4bO8B|yvA#Q1Jx$7*V>zoMY;_yhjSQ|EWzIft3EiluBF6VDZUwWUD-h|Ak8iCJ8;+0+lz#B9|BLPaX+ zmJ)h^sZt<}VIb?}jHm8gC)vLJ@D|_xR^7Qh92oF`Pe8&J^QcEok>gC(Jnjr?41Zj4MYL{FnJF{@ApLkQh38+JP z_qR*lL!z^N^P^)l$iZqB{;8hd9~6Eyi|Dlf2ZaZ4Md{;5lLvhvCpEI~X2bY)LUw#L zapIiHl>|5~us?dWdDQH2+M95i5PRlxePrTvh+?z@cgt~L; zs8at#Rpirv$PSW`Hy;gxqYAQ!3gYI_xryrOW7?5-_W+{qW)jA1%H?Ul-`-#~tSHT; zvG^s&@mVtPWbX37OawnAo-6fg%f6cn=AQz2z&{$iSF_0PXg=n9UfFj8xoc0Db7+CQ zL7C`2C%B!w0smbKRU8D5_^$-{G%ZZZDnA7xoT+?;Ooc7Oa4;f4mu9JfHmySAF`V{+Up zI)mHdyH6LZH5-O-arZDhh6rwk$jye&Z$NP@MgbRx_)DYzHxa&LC@Ma;V84j%zkR5` zaMX=6|Is%)#@MRI*oOV*pq@!S5+JRIi&w@^qezmqWE`3wFGw@6gVQHL9SLs z0-uCxpQd7ugfZ^pJuISMT{TmDs#69H>07#e1no~)9&Sj(iA={!AtxP47dk#kJK$-= zQRwD|UiXmH*5YK}Tfu;=H!!yWSYkU!00eXl5MghSco@Pot<=1Vu{b6&GLKLKNLmsX znF3de!O;kejjV)AOE(i57x@R26RDenL%9Bg&ee~UbA){l6(8T0&E!hQkV|K1oT!!H zgriiiYCuEh@2m9($6j0i9XcO(wdt?dMhM#^QZwr3MqUh1OJ1SfB~EvN z(=|P&G>QoGBkRSpdL1f;hZv{HA`NFZ-H^y?AVYG?Xr5&a#|>eiER0Ni<%W}k4=kpH zU#NzY0_+eqorb9f`NVUE%HuJA#0D5%JaO9wBjd6d&IAMoBlQrC(W~_K!oX*FioB?= zKDk|PcJ(hn^qxI#Hu`f#bs&ZtVYb-K;^%8IQau67sJRALF}<){X9}j`dHD3s;*^Mc zI>)eRK#(OuuwwdNBcrlhKlU9O%6AF$#d+H@^!-ohpHXvg*Z^xm%-2mT@vWctTCs&h`X23eZ8qzGBsR8wp@;#pL~{tjX_ntX0CDOS-i zh>dLXe50*c9^vy>*@D+_gzD5p@YaCw5dDCBDwI4RBq0Pf*_LyYI^RlOaEON#2!KF@MhQn7 zuK4bqmc<>$J8g%-H&w4p=sqvsl$ZizAJjr4RVA;jEqefalwWJYV9^Z4B2mzGdhzts zjSwTP#Rj97a9ih>b%&LrrbUC`oAX{{WACq|Mbo(zaEyQ=qB*zjlBlqp(G20GVJMB@ z1DPDz^gxJ$*h>tfX05yBwyu1}k&Nq2bP@atEtLG&88rH-J6-oPk+;|p>^|A(XuGUP z((z%$@Hiu3DT=bv$sr$*-FGA1yGM0hRv}ywhz@XR#%OUmu>AXB6ffpE+4fRA6JWpeTg7UAgg4E>mPzwSv0;5E{W_>p8B2NHWY;Ko9MHm6r z!7f)3D`M* z9%2d~fQ~|IQid0(tJQg5=X?L@B4`5#*d4DkKbKdeu%NaIdAcFfwjwE5S`&r-$^3qK z@UGi`_2+{Dzz(T*Rmoi54Y-g8K`Z5M3snAu*w$YJt5W{IBI5$zdV}DpsQ!+O2ZjtV z>Wju3BGP{SZ)Cie$ zhzwm;&}1M*iXI6QSU1L?Xi2}iuA}T@+J;lGkdbEktaY`Y_Y5@6W2jNqc_NX=hij9o z--u7lJ)njWUL~6b7-1IdO1icuQFF3!eiD~bVn#P6`49F62!Cvsg8vJ9L;lv@mE5%0 z*#C$29{)wd;7}~N5s3*P!I2&Id*Gn&U-PVyz9&;ac?vK_c5%8{Hilt0vvuNN3q4-mvW5v{g<6z~dr zNl520N>?bVWN4J^6%{GH9H`}6CkIs=1t4>8!cOu_VXWZ>VHf2gaFl`dUQ?H}pEXI)P4_m?>+ZA|b}i zhmKT_YgmBuAQpDiBtd|9r585ktBUWb#mkY_EX1_#fbkn+X1x4-5<@*eGuOrjCq#RT zGqoe6ian4~(U=$~o$Y;zSX%jNTgp;x(VH4M$;^!vs?;_yEvwv|_0~yc-twuYOF8Bg zy)~oMj-ANMwr-u~)7Xc?tv3!DEt&dX^HaObkpTx=9ba#z+;cCRYVq6`m!C1>dtQXc ztY8!?pD@xAAKzTjV`Ujmv7~junmZ<odex2eAR9e>M3&>m#oNd9 z5|BP>sBn`wif6|7BV=q;&pDZW-<0)N%Q$)0O{yLC;heeFgyHT@`mnV58$sk@yL*&O zQ5&|CK7N*!g!*hcdJAEPh-qK9tcYSo3n7BFnQ$4G0=zCu8Q!(oxG8b*Zzfr?s`^A-CqH7aL6+!OX3a`o{l+&UqWlv+dm=E$f@# z!`wUd;4balGPfRvc*VZ`6FSFN?!M!;4TR=}ND%)9<)XiK6sRBj|AfvzX7ypUcnrPi zc8dLszfbme=-kII>);P4f6r#)UAys(J=}9*@v~L>^2Q$h$3-n#34fb3@f37zjeu(*T&gw83-{tlgYe+Y4hf^yNH-^FwOfbv7L zVvk8ED9?3AJ`#t5atnz5?H^E1;P15v4V`;i{0W`^Y97wHZyEMow#)V2dVqFh{(y3J zpKWO997N%F0}Y*fP;CF4{!Tvcj_G@9;`c<;?RVGo{qcNz^JX2%|Iz#YCDGmB`RJ(Q zC%dxWZA;I~DZAjWO;P`={#@{VsXt^i)*tSN!SCNk0>9y2!@&2#CJDe!u)}lrB4`L8 zWU(We_5$GrfIhE(CibFA38S39Mje2@MGK*Gvx9DXv1|n};Q6s=!MLRSxTZj@JS-kc zeD=S+_Y6J02K3dMkCX*Spom2%mCcSFApoF*;&PfS0UTNa7Cv-JWQqGfjq#8W*^qQe zNFQ^NFwJw)JOfO-T&lEe1Z$lH3vK_>yhPYa01ylK;i~Y}0TqsH1UX?pXOZNbV1E!) zd&@>JsuUCIX3EF{-=_5o&<;#>NCMJA=kr3hi6hz3`o&oWWQ#flrDy|zAxi>DjQN2= zX%c~DeQ@d$a=6m9g8jrR!69Wq+PwoZiV4K9(itR!nuNo;R&ZqK!2$Dx@Tr3rM*Z4a1uZzw&(hX<*14dgO)M;R(6rbGRK2 zl;RJ_;tHf42|?ozK41yc7+E&yjz}5_Wrlujk9;QW4%g+4J{XCmZHc-aiN}?5pC92N z8BLUuGl3gTG969PX#S$X6@D%llEjyu^fn`8^r%5DJ9sc>ebn}RG%Kq<*Oo0yh_68E zZT>lDku7QI540H&`dsh85?{irKy)hG1g-X%jg^?KM|46g3=$Z?z8J5>)x`pgzFsDtXR?#X5OS`G_j`00K{zIu~>jFcz6OUe|NNB-a>M z=6EY@*^ntmsVSxyR#H_#rj$`xjeNvgCuF&NTm>+$(r!}2mqZn!WQZC+p1T%atMNqp zLhEpdB3a@DZlR*2c52!lne*O+M`!s?J;6jmM9vLCFfc8UF|CQ8FwpW9eZr(;@Z@S| z-BC!x+HGVsRz^q$420g=Z8bo7C{+OW> z?3hdIMJJbmFW;WEga$w&YDE-oKu}Vdcs&c&d3UBl46T_`w$E%lvEFh3>E~3q#HrsH zCCXhZ@$fFnDKQfBJstCNiVW4hZNb)a%0mqP@$_OYtL#j ztC_--0zj{xL#hWQQa-JHhS)~@)-3|Wpr&GFdosuyWR&^E^1XrSy#7Mp?~g}Q0P&NSccW$c20QXjQ;UL zBl1htQeM?&XBA+C#p*>>vuVk2;e#Oa9N;ybhOt5y1P$P*$Ktd&w$?|dw?{{}SZzpL zVk}TH#u>4L60jSzoZ7$SX%`h)J?F(L>lw=NxmXiCr}=Adg%w2$ad0K}O-;i4ck$87 zU*4<+m}(6_YkJ3M;YhBg;5DaL_om{tW!!OQW-DiHie>A`=G}?p-)VL1Y4LKc#VV|Y zS*;b4^%Pe(lxEA7yS}Li)h?!9yYAD@(Os?T>ZyLIskvaQj}fgzSWlwXY2(&m)zQ)R zTyM0iU$I>;uU?0A=(JTUH@>uYUg&fqG`23TixukhR`Y?$RQt(vFVu7?Bz4=L*9H-^ zdImYiy41$AH-?foG8Z;92X%*EHXgim+sHN{-x)T?&NkA}HYW#@=Pxi)LpE2GT1Lz^ z^H_CP2RAoddDg1+YVg{zvS{e< z$7sT3ZMpXAZ&&L}c5bz=>nDx!5s!le#w&;W2FuJ;?lY0AF<=*R3Td)2T3}t7OmgPGnV4SwPiI zM%_(|9nlPJ|Da#eY+cW+$jj`tz1d{uH_gs(`_yI}Ti-Ne*Ir$k6^xsyk{+s{9`e?h z84MMexV0Jk8Jd4M>c2(?hCIdXvHSbX^K&BI*RP{v|(+=2zovZ?DRgXGv(emCc46Gj~lUQL3o%q=w`!^pym|Ary zoJjheq}bPeF@Kl2WuC=zkk-wf%_f?=WRkTRp5^GkbvkHu}MUpdmeVYW|vpyx8 zQjxRdnzNdco>ux3=wUx!rj6JB+4hgKp39=Xt?k}!s{x*K9&_6k65C|^a}@9MHTCoU zE?bmX+heJ-(fgc9{cXrZj{0+~Il02kTj7!x?&xr4)^o4+hKRtgGFpV={JM z8ZLS_?E(w!Zhu`&Utaj2+Fvufrd}@>I})5YZux?famT!$|Sv72DVydB=mY-OrrwXH(+8+(aO5 zdyhj7L)YKClr90Kd-wQXVOs3r4D6pEZ{aa{5FUh)a|u!2+9MJ;0uAKRd$ci-bWlb2 zU+%A}5S*yVoVMH?(U#Y6hmG-Tw{b+*u-&x@m$`^q^a(JHx)b`4P5Ejja z`N2qp-IVeBCn*B~iI#a00vAU=0kQDgH<>P39WFZ3KV&R!qcm>iAATq~Y$~Q&sMWTp z#2qLj-Mu4leeZv(%6lixb0_)syB39*)`LrZz3Zu@tNhTN{_pP}dtBu#T#b+J3~JRh z9mMn;?o5a8NMi5P)ZHj9t}Q6;rP%MK!|(N`?=>y%)!f`nf8U!!kE1z4)z1lRVFB{8 z5jvV>VLKtRkYjk7D|p}|yb5Kk3qb^yp}RW)(4+Rku=XCy)#cOn{ZL@2J8uMq%7dmM zvUwKOvSmUj=3|(@hug!NjYU=|8Z_%2lR`Oupc#8;iM-y6zPW?G4FLEVxQ78A0iefk zA|6hn?)9@dfOx?BJ_H_Q&)TOzF62;>9e^qy9OB4W*7nb! zd!Pk6O4q`A5HLim8b)+X|LVd7d<^l5O??_0VA9`YP{9JKQsJp%MGU|LX0j+}Cz6yn zfRN%N&s_HPdd$oYS_wbam*%(VE5}di?jCi^kC!?39@W{pvOp*Y4_pcLzph9EqX*`funw7E$sGi`5P7NGQX{23srVUI|n<0@e*`P>Fat ztQB$N$xMGACXv4f=SuKULMVzZ6qIZ1kCdvFs#ROxF)dYT>&a|FPVY_v7*XL^JR`UQ zl%q=q*s`3NVv3`UhErawTPnsnyd)1d&zARB8)4^JG-zhPeIU$0Vi(G~(Y`n2R#(I% z0QsDr40Xhnb1lQ|=>j-R?)tjn$+Y5k>=+ds1>i_L_Nbbe`pS!qcK08bldCNjAQS2I z_tgooxZ{ZRGj0q%R8Bk1k_yxEU0xsNFjiS?Y2rh{_(Xbyrj%DPU|7l{wyMv1?3WK3 zwc{-nWMYM(v1&)8Y1=z~qHQTyW+_G=at*Gjpr9OGpe!#~ebPvaV(_j-6}>Die?tvJ ziSI)w)|zx~1Tz$r%Re9&4M|u57XrjNOlgC~(K`uEWFgZ;xMWd3T$gARUcvtS;sm(D z4S4rJb}}y(jX;?sb53-y6)*C^lP*O|1R+0#HZ(6>T#O|tQj*EuRD!93r7=pX z>k2a%!z;t-mb6Xcqz@A^VIr(R>0sxg)9gXw$_-62SV#PpEgpVDnGj;rvLOqJpD2M+|io?Pnx@z9e%CXz2%!^|dIcJ&9mm8CzMsmah@d&^5 zi;3JCsvz{niie4_C4pyqVQ_ueXCzIm?pLM9%pPTUY;bQz=su$d?8GUE@E;Vn3yw>; zqd^h4C+`hw3#u8u>oJBdCFl^*iVbv>qoC}OQfDKV0Y%{T@o@ZnxC0UrXkajif(1TU z(p~X09HPm=l_Y`v4iyBn3`5B}vkVhr=X~&fOhj-mR-`&%kMQp00UT%Xj{iwGH_nXU zjj+a8V^;vV7a+YFMgh5Aw*D;~Qve8l12EH_)5-2vtFs;798TxRh=f||EeqNhYM?Qs zMK#>R$5csen{;IZusxFAv$QZFu+@2Ubf~=TJBmM6dS|7`l?$AI)lWq27{>DqL=H^q zrwT*`ddG|7JO%{BMC`!J8;Zke=7rF`7N=1K27w$^0{PPNG5yjO0SOvn!6WP;=WA4$ zO0vuxoM&=`a(aLdNC8Wpppd}NyXgCbjl^U1v9AhgqIxZd1@<`J`<|1;u}4#0 zqk=uL%Eydc4_QGj=Zkn#R&mFNpE){vYRO&CW^`uAiu^YXB7>xdorsv*&!s4<3 z044D(K+%N~S)~`2a0YxeQ936>O)c4dg;Wkg+1TtxqJSRaI z(a1i-8C8&ej^ZxB5v~wt5r}8uUgRXIvObna0iejvaN^|!sIk%nB5yR7HO(@TySCg@kyOlfVGl5sSI^A&T7Umd!Sz#N!RxY^I>>ec z0KyzkaC9C&Eg{UNz83`<<51Smrpr(}oYhgDp|5LTmPc&G*(rPYMnv%~O9k(>1!L1D zM5_xM6Px%|H4XZvE<5|POtwblZ!IvgOh#Sf8{4r2fYCuiuk5vrnplK(aeQViSD$T0 zhl6%TPEvFpTtK82KKNVki9b$5e4OWMG-i34INM=-5NXjkfB`I_D7J|<-6r+xqBaxf z)t(q^KrhVey0<9hhR8e~l$fz~nT#yo46ikrNV@gH5zxvfoW~|!)78r;k^*oOmm15e zZ_N?*_5i(v%?)^0G3Z}R$mY_=ZW}q}C!`322}_0oAzNHTR3@O&ji+%q@n~@-p&Ij5 zZA!-15jCe(?=**r|3sDQkt5HJ>U=c<$(EiitdE!X>>+klh#dO(NdPo7wW*Bek;3#ba`9?Wr zMciu2yf1MxvWJDZ|o7cF^jT6Lmi>~U$ zNEhtU^_Gor0YpT4#{iJvDuqNLV8!z6Ee%9}BvsF~lEmkoJ+JI?F!^aXCcH2~*+h)_y`$wYXUKF_wH6EnVr|OxI;sOx?z}TORKT3ygq_4x*z`jK>9pt;hI-(Mz$? zpN$m7SUso}=lS@Zxjbwe^<{>Lg!n%>{F&snS~)UqtQQ+>6ZheY5?R4{ZQqyE>hau%&8{<}{IpwVkeoHe{)ox)}h!8(<-w z4eVCHfJNM+RH&8GM^Vm^(a1p+kUC6OeI6WmUNm^5+re-Pfgp(WWp5o8Z=t{%Vqpy2 zW9dJLFT(Ip0k@WM_9AzSV%p1fpMFvh{Y>9#q>$Or!Gs3^M$k6_JiYMGc(XrO|eC)G?zP(F#s09Ie_ zJj<@c$~ID1zOmfi?(N$PF>SyB2Jt<`m6h>zNXpIYxF1qGm$y^j;is?4HZT|04ahK2JtjX*}h+?2{9HnBNh&Fz8ED~f;LdXjV5@(#Bp;|&G|rh>7A&4yz`YQ-cqI*@BltA zU6Qm&oR*figjP}nGRCB~#LTv@U>_oFPb{;xCnIkrc1kUKUyzwhYoC2U^JEIFC^EUh zQ9)TSbxXyBNdO@fJ5v@*4H+Lh(gTE4ag|i@^svMl(BIR~V!y%C#R&O84F7Sd7)Rpp zV?eQ52Ax(Eojpp3D7BV-GhHGpym)ho*oYZm#_XL;iOTyD=RE>DVw_JruP}szQho2i=EQul?a4zaQhgSj5RvYwo| zfxZ&bz-CjoNB&iWxlyLFQJJ~vLuJ$9X_I+nvpsW*TV)H=+uF<7mVZFG%`qSIKcJkP zS+MIbP(EhU`WGngzGUwC4=BfA0pnMJ{}(9l=c)P!l>eWh^M674zoGO0-#|Iz|0_`5 zV<+}+aD3Y$C~kCSVSE25xwtwZzoKJc?Ckq>N^x~_@8JH?si}X=&E11fLY7ry z|92nGKnKO)KV=zzJ<`6U(fuZ5gc+rUv!X*dVL(c!MdqhNZDT;UqQyj}!-{0U;itu0 zr6tf}AVQ`kDW@f4WT053q4K1q`T2^joaU7rE#v4bX3v=Bxi4O@ki?17=u+xL5936s z@aTr1M7O>~BH6@}y+jx4BzB1;e&Zykpd^-pq^z<;W?<44FuABN$zCFv(Kwl(D5feX zx%gG`MqhHzVR8X%ij_pl+;LK!af(Gj3Kc_2eqYM*aY{05DzikYiE*kpLuzhN>RMT9 zVqa>?Vd@fWnifM^mPFc)Wm zIpY&!M(NuOT&s*Ped*c-8H=GAuqPQ;NSPsh8T<^HB$k;Ty8$Kz~C#+*U9 z9CoW5xyT%E*c{cq9JIZhk>Z@Mu(>D_x#JAEf|0p)#<@M^*@G# zaZI?0*2Kx$8CiEOvKsRkqPo-x$QWGPejFIC0hHSQeyle^^%&W3f2ACeBxlu z!iulZ@pP2R_V!9Cn#zyFdF5-MN)-IIvC1K@DuMmVZ$B%M>$y-lsti=CUU^l*!d6$R z+D}!0me%m*DjXNQJhr{ECZa%X3)Rx)LF)oICu4+XUc@W%Du<`k*HJFJ8D4k9VL@8Z z7)b2|M=g#(4dH056R-|Z)um{@Mr*frk*SVDzRo7ScEqC&Et3=lwFW~ck3gr0)TnMJ zv`$mCoL~jh@?^LS7V?JNIaE^nv+8b}^4^ZF1Xw+QiP9Mz5S$S90!cd@bvu$G z7OYQCw`xyU2Pr>IJ1S{Ax)2toZg>BO-p{Duq=eo)Z*X2F7`qII&92xU;atR;eQ9rlQKDW`6 zVo58uWC#w)K@)sQ=Bpq7@M<;1!FQcQ)C_MU&kXus4T7$RS*gJ~e@pC#5mm+h0+v4#+f8VsFkx7? zbC_;pI52-y;RGx@fv1)F&PsPImelk2kp~oGZ=j5;g2$52$Mjhy{HexW<;H`a|Kixq zBOf=o?4caH#k_#q5nMH9c-AIHN+~fhIdjb?#yqmh)FZ6^wW)J-B6@015$BK2CK!94 z#kKg%wS3M+O;A0e*z*&*Q9d#J{hagwja%G%N~CaV(ssbKs&A_E)63GQ+vg#K`f=PC z(5odSA)%QZ@d;}xS%}$R1@Ail-)7K)Hw5W_CcL8*@po<80?(&rEBm6yr+7ExTC)BD z+xSY}>-6uSV0&E={9AXz5@rqxw&%0{3%0pgXLvSe5GU#dvOCbaI`lV3-Eg67d$Mz4 zsHk%(y6O+xE}vM~sv3TWZfPk67ajoQPXyX4fwbxr(ei-2Vz9{ZNUseM93AoBWVf1i zO&yai#dl2z3s+{esAYXr$EypFKzFz29aGmGi&j*lf3xhNvkdUXSGjQe9M7e5wJdS* z7vG*;2?Z{#jnxYk&hQB@VJIybVEOdFeGg;!-r5&xpckBY*GAqBOAX>BJ{ zZooR=wL45N(9vj}E@FMMVjal3WQ?}aL$+}c&UKhNZd1Jh7#Tky0G#oTzMSKdXX961 zc>J;40h@m;_spj5#frg8)n0bhj^HX&->BZ-sGDOUcXBCTZ+avABQ7BTUv`^xljy;B znTuDgI))_4eP&8)Br7Z=y_r@WO=@vy<@BsM>9$uD=~+^o?@L zRwib1O$pg+>PQ|kW*18um@{*zcx<76Xl1`;;Cu3=;#l$e&@5rw(e?;|<1hGKe*`mg zq+@r&W2YTXp2qFhg1f#jN47U!eTwiu?Kl0I$@P)PX|WB)i1pUGt@1Ly&$n)o-8FaL z04V=1JU0fPmmcd)PtDIluMoV~7GwVs-~pQw|4#zkulvA=@pLBj7+|1X)QwxBjGrFQ z^+kkeN4b)b^mLZI0nUI3i2|RN68N_PM>ojC*3C zFnjIEf1{{>x&35{PlcQb@SrugVb-~lSG_iN{V6xv} z)&Ak%>M_O|J;ooV9|Hd3-$79RowB71<=-iTfAjC8id$Kj+b52PP{tqIlegkdrZp|H zAMTHb(VsN&m;dJ9IOu?XmM2VoVBQW7w;lsz5nCG523+vn)b$jd^q;N35dEcPm~$s*b;1*5o?V|?OT?V zA0A7AA%RYbXOtLgL#^g(xtJFmONADMzO!Sc7Q{$iLFrLs%}6Zs2EQruW9?=v%kOjH zH4d?0Sk4SSPv`en#td*&EMcUSuz;#~5|U`_gWx1ajS5Xj+ZRCZ{z%X(9K}3Cm|#RS zQX!CDoihLy0gY4)z*lI{+3x!rk-XE$VRtZw0!f)P!1-HWy*1fLiAiQt@g}Jh^9Q#R zz%o*|r>2 zx{&XP=DwsYjP4i*j`e{DJqRzr;mU9UK`7Lf0YL~fiH1S2n0t0*I3G>x2csaLIAn+{ zbd@FX(1Wg9j?mPg(|l{e6CFV#T*tk!A+|gDghQ35d9-kvH6Hp{N|qzUsW8$s=NbRdDV>$l*kV<37cD%){L ztjcR(Xe_yATS%-T#3Pl?Pn`Z~KmW6gfK_N3R}-JVRo;GnlAdzeH=vOc@G#u;KE*u9 z)(?0Tyz^85Z~?4% zGzywgJNw?efk9kUxL=|>G0HsrtX~p?FtaU?myGXt{(MiMV+ZG$uM>nW%CHgc1+t{1 z@RI!)lI(sAlmx8g<<$gfdyXWxaItG2a4Bs0E_MZzZl3AI(aL_fHaFj-`~fTWo$?OW zaQa&As6*qpB=S}6(D?XU|M^MOjaiI0s~R0H0&;J+@&xbE@}@bQAM;UpuNabkAYzBa z0*!#AgndX5fiK0$F93g{vT+pHD-=yMN+c>xnBs`V+#kj4GDDRl+lX_8;m?+ypRwll zjxET7gc#*R1vkWWBjOp+4?SUezeMkR6DRj`^bv+Hc*A?^B_ui zQVmKB^W$I&TOrjiknn2)J6`b7Dp60Y3%>he79NbGIX zPvn_&xX~p^HKhKfNK`lYbiE7vR6%=4egS^yiI_gIdWQ2r)*I;~MJM^%@W*c+bQY+rrw2Th|s?_7))IOjV?|cNkZaA*Ak*?Cl`m7$w zh942-dM>l(l{LnP{pE|xo-xztM{n~6%Jki$SK^HF?eqsp<+^6f21F}?BR5oy+_sc7 znJe{EJPk2TtWT7g>+yF<_MO!mMu7_Rn;5*=g#x8c`yX__ahf(v4yHQhE6lDbr`A6; zTsl`~>Ww}vDQ+O7yMPsx4`X>FM&7W`joEA+l{~2Lxw2C)lNkK8PwnQ)VE0(}HsAoK z_8c{R_h-#8fH?~7UEOpD)bTPzz~Sme*JlW(>cl~oIReD9_IIx}vp@Z+iTkB)LbYBwC@r#- z01aZ${rE7X06|X3&oU)_$Nx#Gxk0MVRwsd#dEE2*vuzJr18dx>v>6YVY6aRZTlngv zL)fRRZ$cIV%d1oFL!WZ)IxR#VR;M>NoHE2i&BX~KWb@v$fYC69SZf~-cNhd zZ=pUM@;#4z6Y9gC{4>d2E1*7nDEn#gPjLJ@_us*BjH%kVO=xgjFgz~Dtr_aWZ}fky ze}nq)hq`muVWK9YY=Z1FjK z6X!PJ0QKR^UVr&;W{BQjK77~DVF~KPt3UdloB0b*#vLP(^1h#|cwMSLi_K&=@N4`CYI-va!R9@-zrHs!-s1fu(ZFhUAjPyz%9>2bNi zM6`TF(Lfdu8jh8C^IrlyRyO46RFIffqVKDCm{?LQLtsHhq4aSCE2xh;Nn%V;B6I~3 z@XG_5{4OMGB*8h3Adl!{#O)ufln8+$@MCBZnT72jQ|1`>7TC{`BuSGb#*vNy&I>Kn zCVJ%qWKgVxE~tr-wsUev@OVXtl~r1;ViAu7Q}{$sKKE1M4#;r}O3+3?DR?ZDg3C&k zJA%=pq~vi2kKm*TB7@!?N1*J)DR1D>#0Sd04#8p>R4p1z{VD~hLjbQ(hlnM|MfGdL z56Nc@;(-BRLio_*!KVaiIkX{jT>%Mb_xl(K?S7kv;25AuTPzG+kqp5)NupoJnl_R+ zn+(};zs;o?aPWzD?36K!2HOh_d$_dfxNv$T4SNgmc}=kT4h;KAwK_x4`2B8&@B6!g zxMjW8+k!PlLaVw0pE<)qMk1n{Ly|_K8b@qDjj(i##2mpR3Ge(KlFBUD;2u)ig zjCxceQ$;|hL8l(0XGTEiyC8sU%%Ww?as+x?Ma;UUY%5xVFQ4DV zFJuBP6Qw%yr@CmR23rw?%hB{d3-8cQ!r)8+Sf;`}G7{5?y-v%PO_hU2N_|gBU~XOo z5CgM`%5r|DZ{y0B2u|(lb_GdJI>7@vkpW#`nJF*D8?>yDe5C;=0yX*1$xfdE0jQVo z6W`(Axp69iZ4%}ZFnF!Uan;@(`7l!@W?q0k&Bxosa#oZl>6%9^tTA+Awcc(bTtw3>y;>DfPW}bAedDgw| zJWaNKcpWnBW@Yrrjf-O!`Up>}Aoj5>%WbQeG)j)_;F+h!pd_euy zAI5aIQxa0j^w3dUI9wdR$TX%tbJ4CwuROyo%TLM~ii$)X@q>cV z03i^<&{66zyt?O@iabUV64_jQj8R|pl$o+r5GUXPJjyv?E#dl!5AP|LpFz<`imZFH zBNr>g8Nd0nYe=resEBtc3q;?(9B0YbA)C_&hzCQNdFGN>4e8riZQALp-G7lVpwgBf|kcV9+y)`ZF~WS8;2 z6Xq5RfqHLQ^)ikZk^&@?JV&5$tslgdQ?>PYKP(M|=+#%~A&o7i3)E-Nz5JLh|A|p2 zXH7DX5&kPb=)}03kG#w(z3lC%Z{@dKbW&Z)s9TU-TZXA!E}&8Y4~{c3)FQvG+|{SO zT#gVo2*o$ZP+qAos&3w`YntOJ@?1d)TcP-{GDK(KvbOShcj4LbN+ZTbN z;hB;l-?1hY@Lc*`#xnfxVu*JX!M2BIM`@)ntlDV^7?xW z;}V1Q`T*lh$90>m_4VEM$C!2PvGt-gcz?Y2bXV`ZY4JO<_=UFK)xgS;vdHzE?k%Ru zD-&pS+ewKqq{OlOWw%R)EvA59x5wjwdN9z@LmMDv&`T?9m*@v2{v4C)fY zgh`oRk_QTr$;ngdnC0}Cwf{DzI^A-`+y3ylg=)P;tCK-b^^HaaX3n^-|6s9=7O|bo zVg4a=J0)P7&D!9&b31cv+YiHHYR!C*{JW3X_u1d(nXfF~I9gO1e9!Q+aLTgSEdNfy zWx-XvD8?i!q0%9WB`394F9ef>%v&_`TE^q=FiGq*>F=a^Zo_NiG7@WO{yXX&mYGGC zAIB^ek9S_)T6}r51XJwRvsnpYS-pfcYX!Dz?iuLlST)?3>tcz$rjjb<*3sQrVAi*e?j!e=}&vnzNq(i`hpV-~ayEM)uUkSEbRD zNG^D?JwQb&RKgHl<^X7Do5gql^0$RLmjvk;L|d!JNbEICb&|$pnM|`FOOV^LII0wf`2gY@WzqAgzskVC}$iFxrbvZkz z(>j(p9j6&PqGwyB$2%sb+K*NrJFeP|Pdaw!IF?Hv!{C?8$>w)c@!M{JjsU?Ea`Ka4 zrjxjJ$GkwNv3RFh=aZ%QcXL!LD@3AeD&iZ08MCJ^HYFst2GzdrY3;-tZLeEQ4mwrt zIUU70*IGF5Xge2Vo>o_!UUr_Yo}8{tobFpUouRCsuYW#?H@U19yuuQ{xiz?sC%%_( zywfrM*=4d%xzmiajw$98kCEi@8@gA7XTGEkpIPS#RaYQ zMXc8v<^F|d<{1^LJC(^c4fEwZW*42j`^;}xErX4FBE=U=wBaS&&}FFq zCC9$|YUbrH2jl)dBOaFvWR9z9LPtTaH@tscCMdlTHhzQGT_-psjA;4heacl`(Hm~8 zE3uL#X4EV3*H?TsxDd%6p%>Q_L>@xS*P_g>0w&iGXAeniXQ`55g#=;I5)T#WYpIPc z8Psj+yKDK#H%gJh%BVLaC)cn3^5Fh-t);5*s^*O@vxfe{(raqZ`N^B5mFqnsPaWnP zh@hvz@f(AdYM!&39Ln1So^T}!VpF*KK8P~#Q3-*o?|-9jp*ZWHC|szQT@c9rkW-u40nHE(ZDGi zd;x-u1c63dez}7mO`nqmsZRh*l>xQN?zB;>S+k33vrAf0b=Xj<;h*tBeleS*U%j<=Vjj@gGW29J@!_Z$ z8F-tf&_7*nvIAErIP4XLMy2iF!SNUF#|OB1Ly2_q?=ha$GmIv)Nn=Ub2Ah+G*&~Ta zk%Z)yT|A6pMjp(8)m(e9O@kQhf<<%yay#gssHcQwPrPn8>B>eHgdCJs zj0JaM!?bl+l8+WW=f=kRE*9j1_LlqhjbBBNC$xgYU2_fk2e#o-(DGg zH9k5Gw#O;PUEDOqh~dQ&tWDUkutZh9H8!5dElu`A6(roC133X#wGjn;ra}j^!>1ka zSbYqP$bIi=qfp66%r$5a+;DI}R+nntWPd8&psMY}cP!-!+eWZw+br+nMWYEmNx4Fq z$n1*qikHD|9+p&)gNMc0C{?f7g5+vsd1mD)tQub@lAkIIe;rt6cEvX_z00hVqiW}|MEF@N%)k}b+d;90i)7zLym%I04R z`=BEB(5M~k1GzLr$3jP5Sgls4d8o?oS3K1bY z7>A6UkgO*Ucx-nf+ZkPc(!5RjC+}T5yx8?y-%^fb3;T9 z1GN)}3t&zY1}-G7!s%hJ#YmI}vE#VnR1z4()(xV%Vbsaq_p!dol9~@rBtd+q)~hRl z0grs6Y9}6$SW>_v-=wnSJ&gl>#|LFCGlp+sh$uzR-H1EM&pK4U5j8EC#bm$lFP#jT zqD0(H?46DStQ`Eac$Ce}%q5y_-{% zpSGdBB*MR@!pVI=h3)`i^jUYnb7@1t>=0~YPwh$*nc8$L&NYuFvx3tXr)}6Ceg#HC z3hJz%ZZDfFP)VCmI2ils2BSoAFNvP4$?P@!$<|BEpG44UWO~=KePf0s)**OqNELZa=k{C|Z9nM!-4Zr&3}l8YY7eDrwHIgMl8D^%`y58IyUIkQTrJ zCcxj%BiwW*`3WoW~84CFoOWZ+ZOP{2*h9SYN+yHKZd|)<< zoDtY9);c*qa>`b2EoEBX-jM!u88jpuq7d&Pvq>&%IV6hbnm{{BPi?k0B!$N-63S7y z2za29rGw2xnK=^Blebk!E7re<<`pth5{>+D6_BD{Oh!Y`|FiYICuRef5&qBCx9|4Z zzgpi?y=>wQBFp`I)J2Dbk&tU?f~o_~=V+ha1lHt^u`)|sl}&0VeWTTDE%BL+oY_9a z2M~}@Td+w16R>0v@J&nQioQ)DV-{s@U@&{n+kH(eZh-lLSj(iBA0~Y!8*N&Hx? zSj;aQrCdOwhj*gIx_WJm-@~f%K7`;?CZWAX=%$L#=!YEXrYh;;pI@O^{G}jaTL`he zavkq$6(raO{EKzBtIW@VZKQ)Dn9}y%IiU zxZlC)q@1x78b;KLKwIUb^lB?(y|H&foJVUBoy0kunU!W!F=ceUs58si7D??7T7_%Uy^hy|ENvCmR&N>WRb8{vLcR z1Q4ehPQZR&EsOm?BMZB2p#LyVe4yw(tIO_*352e(xxAoPCsIgl;Yj2{%|+OA!cB9- zJh1z=+gABF4uu^EfOu}JJ*GPY%x#q7pxjYHS8OtxyD`@NRYi>24j*swmQ~5Nw|H!y zt07XTMCAT)KPv)gSx?F>3m8hK9#Fj!RtRXObapZE*WO0y2|!4se)A~0FIqAjh%iN+ zPQQcvq2R8MDwaUfOcbyje?Gz4W$%i;yH`Q$EkBuk>Zw_{cIM^MfyjNvy{~x4$=s;q zuY6VZS0){h8YVPE=;RuPD7BR~-}ptl+B>zTUllUiyo~H<_)>W1NO8L@zr~rsThr(p zABbXO4*zXRYnDWuq{1xzsY@w#|GwVYLl7I@b)M?{f#F0`2@e*uShCY6z2$Px(%C?~(X#KS+a2|7W<^rA^EXsta_jLv&0jlfK1yI<+MBwP)BN5lYcWrZ zn7uV=pd5_&%YQp2*>4bk?V`ln^*sFR=Z~l~ds)Q4?07aFrdHNzbBM)*xLkgA{6%$- z^A)|tCnkpU)9grES>4#>NZL?3dLr#IW-K<=IPqwaiD{bAMjh5gFFMfPcmj7_ipAtN zrp#5+$Q7(j=2{sZdi@4Jwfy*%{mqHy*po)i-vmJi>C`j(R5=w*%oy#KI$C{GVNt2Z zX=9nxv=)xy20%*TFqRSrWvk>_ZYeJ9ub1hvwuYD*{Rkrc zZNnL!;-*0_X&kCHS=+XZFieVkwl203Q0=1&;_{?pb7xaFwX)G;geEUm?kF z^}GfQ6O%ynj?1WIwN!%4;`dzR_h<9Ax#Pb}#qU73u>BQLIL2gpx5$mD%~zE^2+);z zZs2O@;o%v|TI%7$l&1JI37SEK?u#_}(a0L>L@E>*IV-^BG^%>CHf|a+5gMd=Ga2|3 z-dxgrc^O@R(&8@ZS7IFt0Lg$<7PhU?cd4kao2AT;4BP3`X28jL zO0+Nrl%8G7$vuzw7YIGu6f)n%RCXx(r#Y9IFVk7La9G{(_~k6-a?Jrk>7wp5?2v6K z8nZg#{QQx8d`KQAiXImVlu#v?52gok4?_eeBC*2noZ*691#VTNifBlncR0_|anN?@ z>y6Y7BQ5C)(~evU{rnm{Twq{9+JuCSs5ZoCteL+BqC^Q4o%gR|%r&={j| zu=EEO{4dC5$ns>c`o-og7`N$}0t=XaS}>z5N%87{o6Qtpo8Uo4>uYoCSQx`gtN}#X zDWr+iSH1=ObXH37YR|IO@@orab#YMa;60^8t=k>dpE+q0R)z`|>L^U6Iry6Ss*2)_ zN|@n762($#@Frgoc*g3@7NdQ2n30B@L-n3!X|Z7k)5~NAlY9n2x*~3SCRvO644~_I$BXi3V;_b$3 z?fz;jOV>coI$g`kP|VWF&B(XS>9fsVXU)7X^SC`c1s(C7mKjYQMB=gK9_{C!BInD+ z=8qOd3LfQ=u@xEb7aiGkTCo+Xu$8FD76#e}L=cpvmY3zQl^2(nSF=^Xb2wdWm8nO* z18i0E`EZAes3RcmKR%qj;qz#v;6FaRLV}{nn7!HhM-$oK zK0J`UHKOAGBRJm0-ZA*!g5ys!`T;sG93XbM=oduH(V#<4LZQ`RbE(uG78h z(^Iaq+v+nI*EvefIo9(FqM8e;=a)=1|0{j?-T#HbactKo?!EHFy>HgP?*+ckwhv2+ z&MYpdZE5Nr*#B`_+0ym-%gDy}y~E?P4}}$tUHvnQtEt7+?=lJ_((*qRS3hy@C+_{k zy>E}6xc5^I{3!?ilmmatfj{NIpK{<&Iq?6LIq)a${lvZhH{sq#l>f5cmCJuy@1uk| zHp+^l@@C%(8N`a$pIOV$h?=4+ddMn83Mx!RD(Z?tI_>dCev*up7q@48R9ULzqpgYs zSNYmkPF++mM^{mgRw4had>K`_u1GdtPO{5Z{(Y2Ux!m<|lzLxZ|HM~s8?D+$u?C5> zM)tB=r>+_$zb0a`kmc*d~ z*P*sxq|S|`>MEm-Zl#Fappq&xk|wi$#kXE8A67fDRqtV6hYD<90ylV=HH-u|DD~DN z<~7i5HMjyB2WT4=dK(bHja0#nj(Lr}y^S(vjeyNYvbr*QgQiN~6avvkUI!eFOk6F8 zCeyJZ-Ld+rvUtorDc%9sqoOt0pe@y}EiJPxqrEMKyls@NWw5CUd8>_p zr!DK>+&ineCt3+dE#h*0JMvue3I-G&K2GX%UiU|%dd;Aw}%JZ zZTg=yySE#-*$t=Jf3^Ri*(c;QXDgjwtb5vky~bc^psBQNs`NRExAVu|-+qCpb=LV| z5W3ht^ccSFA6+|RUmV%`oAde%^KA7PaN-ALe|>=x68picr4;_XYQOpsY3<-oa1D6+ z02+PH==5?Ogg)N#O>%C6N?*wR2l3M692&nc`SVF+^+-)5z9Q z!hva24hCWT9m(z;_-ku`+-s--cTm6AWqZd(6^8E=dDAe%ipTLU!Af4f-Mi!h!|u0-X%v zTd5f#iI&02*=A6iBj#qGTG0n*FOE)rH3bi)N&fEa{dr$ z5(!cxs%qsxAJxg~NQssp=l>$o;elB(Tzj;WRnE$Pcr@-Q;U6AtI+dh;82c2anAe4hvWar5O4cRrinV#fsFjYiO@uU%Mml{Q zHvgYE8aPpg>T>>ybBLkiT(IhtD(6sW1IK&NN0MqbZT~yR-+^p}aobm`vbJ#p|G;RP zD`APNF~ckVt~E^RMQrMSV6>#_9K>h5irSZlm+2kIMTfg6~-FOo-2o=QACI)NT5!($lWk3%xzv_m*BG-zJoVBHtDn;s9vrrJyJP00v1K z_ZB({3Z(`#pPQBl59@F4{ar4e5|ingMC1SE-WrS}VL^tU4M{Z_`+|u8hEw&7d7%_o zb|~=9y4*l46<%P^{fAeoaYj&#{$N^}WT0^uw9VFoMkAI0&wjDTOgb`*z@Mq{Ef6s{ znAEaM`(cJrq1E$beIWDonQ<56;Vm+S?zw4S_?e>2ue*HnFDyYQo*-s3^3Vivd(57> ze5*JYltCEoJG};JB18jA51vHuZa+|Kyywqri2Z0}C6@jMch2in2BRk@Bvk|4&jzxp z-agpQY>^Emk}4F(URIIFYLN(qumJGrQFIh~MB2bO&!mwO*k8Qxy**j$4r-@@`Tx8* zad3Y28mJ%|mPa&>KsQBeSe$EYbB04abhw6yrT z9SX8|>0!L19hU|5qs%;?H555pcH9{r>irWMh!06@2kBq~m zaS9>caH$rL_ma}8vH}e3ubtu;H8sNpbXdFnoB9QQa97I?PhGps{Kf6-Oha7!LqQ|5 zn!FU1ngU+4K9do0j|}tSj>1H&2?^TfR5 zfFeMCr0{=J)2xzfT0}EN)|k5@G7N6AY%&cu#56SxC$>(Q4^wR%kI(WtdNZAW6n>pA znzM`_`VVbRs}+e2QBa7Y6(ZRV4I>k|M2+X`@d^hR2U|fYAiBXOD~d3NWV5_GbSYU` zRsn^$uo>IedEVj!_qo4voK15{4g{9+%Mn}2=z~G_zBCc795-8eU%Q^0rZC{K+BR-P zkelV}{bJ?e;5u(=5>u2=Q)avKVnG+zFCaRqe2xZDeHSZ4cV_fXp%esgbe;fq1nY>x zzoZD5+>=nG>VsK6{9I5dXkN_o0spvg4OK+n-709{B_mo`Uu4wn>1q+5r~A3xJv8gQUc3o3Bf^#MBC;rz?RGv=s1g&5duFWA~OZQ zV@x}Le9eHThyWEZWu+xzy|tA>#tG5YY4P#yXz_HG{lsSkg`x1~uACfsR6A_SaS#HO z2-)p3kCJa#W_!?`?4|YD$bqsTlI`>`uGbptAnkk3$f~LEmX}-TZI(R+zoSts-{Z#7 z*@8jElQd3fJ()hX5|P8K01x-5Y!vfC%Drc70U;V7E1`iVOjkx`4l|6hR#~Q|#26DX zrDwfD(r%1s!CVM{Y83aZ*eZ0-+y;eO1nx>DJtRG#8c{LNa^YgP3KTDt4PD!@aHn&vJ6Z!U`HoDj}d0+W1L?gS}wMd*ZSIOaX zc^bl8X>#L?x>cHHQD1n8GUvK#UOD$is`sTtW=C3EcA8bu+!aQc#^SxpqGj;{I@&ie zBGdNs$$=?V;qE^S0_^zP@~bL6!zoi8p9NW=8=$82EG`(OvaR|j< z>B-P(rkUM!5+*0p`t3y3 zz3$c5Ns)z?mE9tbUW2rw`8ntq#hJfW^2)W~aXZhUlV6ga@x!ThM{3o+?@hZ2>~^91 zFJxCJvY06X@nR3EoNEZ7(&Xd3cj+2ud1&ZMlV@XLeU9R1Ap#v{Sl)|Ys8QUae*0~q z5fk<4I=R04DrZiJebYHQQ5$6?W&tBxSR8zD`aH%UwgbQ5U_kV?yf;kDl8$(3SYFQk zeM*NV(-*A)ool+q zizoj(2fjNo99P+1yY6|{aRbkRKVMmYZ1YyST66isy=$>Z(3Y}ExC|aQu_Jx@1+vdM zxC|xdoLl?<6XK?~+6JlYh9kg~#4z&aFw*yW{*9aPBQRH%&_AY~TKKk2KPEzNzbmragVe5Y=yS zpo?2PC;-mA{gyu*-c(e;bKsGWpmZvD4t(wOy5n~3rpvpl+vYR?o&!fd8~Zy4J|wzL z*zGeI$#WJL>A%zR!*=xb`ej@yoO`Pdj{V7jKfl_OmGlK(!XD2G;W_YNuCs3y>o=t? zokbRZ`7YZ8-X?YhoOpKMuTp=$Ye$7`22meup>Ev!J%?p~2=d<>3V3h}47@5zxII8@ z`}u81VxcBsZ^&ljvDu}myydTeOYDGOj1oZ)bJSPYuUdcqhzuIpFxhw*+JNEJ1o>SB z1;L2@{|ZhDXEQ^jcvcGFMvwv_fzRt<7E%+Bl06_PHqstSHmUGZL}}k1lvyc{v7Wvj zgzz)~0tFVC5R!~SlnhHD)@l#osvsc&MvX!g9u6aqURc;-2myv9(JVOY4Y+3!%Bld; zX{A6bB>0o_?&&>U>1FhXzx9hQ$_))mLpV$aE84-r!d$}`Ec-ZTMVVJ)^wdE5(9+yo zF!?NmOGbKstQUft9SlN3qWyw9j)+eIBA}puuJlEWpj%+){Xa=>=$G1;QJ>nRC1$_K ztiBLyjQLm6`_(XLl11uYlp9&AUwKwSCK=B_Eov~mfA2hxZ>L|=5uzG~hoKe)UIZzI z(JRXg=rM@M`N#Z|^!Aa}h?T|AlGP`W3ql{nZ|h@wORURJ`Cg;X%wy1}K{j1Tj_swK ziJ_dH|Da=Xw|SP3^X#BYa+9q;ryJ6cdlr|w7^esS&>mu^mxsJ0U#EBS&|8m2&m9Th z{vm(MdY{=LxbvQZHOOB-4h1tP*k-nb$P9=1H$p49J^4jk`uQWZ*xp$xAmk5weOCBo zKNuA@96ehW%g>z1Q58Qc`Tlx%n0I7b@#TloOcWOAzFP?MW=R+nAruN=e+M{DiproU z#ZC-i%?)9z4Pgf*WLCb<@`yr$|Lrn`qL>0ueW2$)#Q+*80yh*fx3AP-WMpOZ!!MR3 zr0QylcW7Brw6ib6H(wSM!h>yNfX$H}^;hq5Q(GM|3y}b5i%bgqF+^aDXCQFZ>hLSX zS2Y;rJp>A0I55U~-l?ELRr`|id}!$C5{ni=B`if{rSQvJaV)eK06?#!i3wgD11*1S zmP+ZBc?s)h7;k}0$Y@UV>VDYPrB~kuL4V2u66p^?jG?XcC$3Sa_gG~FA1+CvFpl2O zJF?dqD#vQ63}kc*1Sj!M=V>Uhj1)2oE+x&^snA2{LTTPJio9najbh{>*x_frGMo$s ztG@JAnX*d`_DTK`JFd+(@T@#{xr62zE45l4qqr(;v36BPS%fagvY{s zGL8zrmZ@h4rxBkRGA<@%$K+D3sE;?1fP#SImV9am;uXLuPP`M@Z|WJrrWweTQ78hS z6-UhSICBG<$NA6$f~CN z(qY;DX49*O>NvT zS(=;zvRV$Rq!!>OWvwMgq8^0o+6;Z729Vo#qcTbk0XL{oSb!Mn>(mK|vwvous9wu!o#; z(oYUeSP|ybcfr&y?x1&QfM~@9?{En(r`N>3^UtFfi!&B$Ef*sx%c6_u;sn^@J(Xiq zI1>VBlYT2iW^=qpUNYm=%Q0BGfau*iE+sparDZE*3{-zy(?~a3h!L01JkiTpAiH8BrpH&-6GbXmj8&O|Ot}#ue$v4&5O^?Jkt+Y3~UYYJVZAKWG zcKL0tWSjnYG>NL%oS85^g@<>G4Y4K0vAQ;Yhv(r+yugv;Cpa}Aq%y)66e2PR+=?gj)Jq9^_dKE)*F4z)?N|X`Hj5%=o z(P~?^!<=m%os~$9<+P7ue%k}_yY+YTiJNV1qBLF@r$BKxkDSG~rft4vQNegE5ji8_ zYEjX74RIY#37DB!poQ**MGBIo0LPA$vG#$dg%A18wd2l&?+&AcrOaf-OBLByI_(Nf zO3L#JxPz98)rLQQTOJu$suec~-CAl&tY|bFq3rB@@ZX(Mw$g^N>*%biOSJ1&D;RO9 z8^)U(6z>jRTIGG;6~)@CLfA87-&+*7-lN#dHrSI;*|V;0vBPS%om{agwoaMb%lcvs zS+^dRwZi;m?aE=Z+O$WcwC_6j`B2nm+;`tGc3(9aG1lcJ<*a&~mUR((%_zHV)^?qO#@%w3UCj)=^M{{{wGQbWdjyW9 z`yJw59qT(E4^+nt89TrV9536CzjSqv%l&9au^-8ygH1-v5AT6{uq>xjb-zst%vw9l z44TfR8ZTm5%%>VGbC^E<3kXIIBONE|a^&V7MSkxFD&Vk*WMRWm=u|+P(2I zeTdln>g94CaY|f#wl;b8C|B-gee~OF?NWjYLG=W7dvO63+4P??i>ZR4dh}D z`sj)p>C#H%in;EJWqpp`vWykPi#sHa_uLRs)#MT7Vgl^8VRsQHa6uSwn4O;!gMRlI^3>T*D>D zYa`+X_>0L3Y7hAv{TkcT)@DiXZo|6e*2epGy1+#9{tJL4 z7{CkqQvsjSiu_Lx4wF)J`-=4j72rV)@?3B>cJVa%%iC0vN>{-<@;=xtA>4{}Am?Rl z3&VZD3!ku|yXp$B4ZD$#jv;BQpdw4fk}$=x{-~3Sm$?Lr`A7giW^ez6JHX~$I0GDuoI_ToKA9-z-ku^_1j_m-#>m$z5(53PSf;6!9X zArOXzX5!RJ66Bb)$Iso5!Q3*%HTUc4<9bd?EJx#CDPrntL1V`x zA0uzR+l|2htx^z*sIT&V{lg=bE)SvmKi^?rv?gT!T>*!}E8r*Rv>G@>bKRf?YS7}x z-zPM`*1;2tqwsO};9_94I44gc?T7p9AK^Lh>qCVCwGuo^?g0xZBf0^K4-6i> z(oWD+DXN>DV$-S8T41{wzU7o_aotzhIU+P8OR&cgIVUkUQx3tx5xi)Xqr)`TMU)zm zzH=K&NMtrhR(z;m3u6+yHMP^=v*{6}+`D8+%0dt@dZ{L=#+}gJd=dqb!2{b?isa9w#!L_o|#7Lwx{?fGo*+!~4ksyQiU(e;R5=vT=-qgB%k&UBHj_dFqXXQ2m+!B+(fJi;5#XO zZ;Q0Hljwt#^pQSJh^~#{gEESC!3X^CTvV`>Px3nmjl`e+w@+gCi5o(p_|v1RQ=mqfT@SbA_=uE(6*vh|KV9%ox&a(kNc z*={0mHBJe=N7O8h%fJB)z34KzAhz_A|HyaoKwsA9)gI&Fd;t=sL!)+wG3r3s?v#qF5Q*O+(#W zB&$uvi6QXg&qV-%voL$^c{wd5zz6JH0qKCK;zUjq^c({PoY9DSdTs`Etq>w?2~^<` zb$A23cJ<1hi5-Y_?qYMXDP3KHv%~t_R{HT1N_R;gp?zF9R~8y-CV@1w`oA0Ck^k8M z@1_0E1~`p2%(t=oYK_Amxt=bf^kbLIOPR1|KqG(*DquzrC)DTF7W%hgasKkUIEub) z!leWFiBd5hnn8;R9;V?!;F5gyZd(bjuN!cG7V9BqiGo|EAkhosk@7JtBqx8DBM;Gt zdtb@GWcFr6$$Bb2C7*%$b?eA3ls9>UyogoPj!L!MJ-+CAirv6Y!EHbzRok+N^9?Jx z*3spM4jC0rKjCVV)Awn87&Kf7W#dC6Z_<^}n1XW;$MqTUP3N-qIO@tKM)==k)*cr# z^&UdqQ|v=0-%Z+;zsdfQWKFTgI_fUbkbUV9FMd`w<{uKKkI4eS%05Smz?q^~ zgWp4D_me=5xI(B#!?=<(;jC(TXgaMB1VEx%I0`iH*-Iz_Q4bV_y9bCpd@xcAfg+G> z0z`Mn#3x8K1I(j8c?2^nJ6V3qDt0enP%i~)qE$sYYr*m`I9b3{8HpSOo;FsUu`O^8Z}x^3XWT5CDaAjAbv? zk6xtI&lVYy@4bHOo8E)g{5}lxs}0xG=Y@f4-)J%{>5eECF8*d(qjO3W2u?WAXA9l* zKzj@i0!;X)0WKCYcVq-WRD(CbKQBMe(m*cj6{g7_FIR7*(hg9R1!?l!X{|>$m+Q9K z>kv0+Gf)ymOjM!k^e-a?0CeDY#Jz*I zaPdOFrJY{xFsB-Sj6CWSheq5kP5{g@(SW+;g&=Y~pq_!GcUf(jisW}u=f%WQDD`{N zfzK-3DdAX{H0aAmcwzO}Z5-gh61_=ZuP+#+oM1(G4jj+2$w2I-g9*6-Dxz0$MV%8M z#NK3Wlu&4i@(2=w-g{2g)H($@jZYcVChKk)@f^=bwZq8+P>k2%Bpt_4)A59;RmMCh zFZL0IghcAKAyM%F-_WlTEUO^PTr);3R>qnD$KKL9(+>xAD%k)M<7kjohJ*1Ptx))c z4IKkj%!wV$e$z30!RqCGEq089gDTaZd2(z+ol+H%D+FMZtFkAhv%5MYua@<-@ce67 zeFJIzF2F-?0YjYxOj4Z4gO6lBDaZ$&ay%k)8J@VQx*E+@?i76_?)kd@<`d$%O&F30 zfKcsx10?ROb+uxm=Bx%Ol*TzKC1iJws{B0X?J9x{5StHe_C$bEM%Xd~R!1&N5o-~a z-al?sdU*m&t7OBZ^b?u|$G_aI{s8>S*y;7Ut<_H1i>J0-LP1;}2CBJ3U-_A{erkf$ zQUaWq!&ZRjUVc540Jk5UOTUdv%I!LFaB;(Akne{31Uem7tk-0KQqy0(Pdsa%%g6#v zr{_Mjh{k{8J<@;=dS}j1K`Rmcz8b1Vd6TK&a>)B{qnF(eFdyrOICj9-hp#mok=&Cq zSNkDV0%mH}Ho44}yPOLTV=MSq=4X$GIWA@s;Dh4e0`e^{7cs!4b4e{<;hB5Ak8@pq z2RDMq$xp(!iS zlL)WJ@0|Sy$|i@uje*6+**F_HZ#OoAsWm3nO`0fw7EyyvjL%rJ4yQk@dS=Jeu0u#n zmZ}tv-}Ya^WOE+^r~sp+y{oIh`D_%8uZ`L(zfLlya48`|N-e_km@GJ0S~}m9P5FyV zvv;E_8gs|8*B@DBe!b0w=&t`JjDuZJKm4Y~>5|RtH<~=5s9+5{V$Fp=I)eb#L3rdR z%3IGQvT*_@+UiU`({2$lA+--+-towE-1PhgNG(??S2hk|`N$yAX1>;@HNa5nRU@6u z%RzUhJQ|?EXOh7b#7G}l#)?S8c8tTDkkIb6(e40acJx*tLV3kopI*x3 z$zPjXWz&`yZQ0bSgg=ai({AH-(a_zhL;(}daS|?csinuUz_XJlJ6K?D6Te?Qb(YYM zv`O^0EqFrW?1M{Mb?Q;Tb2$}@|hyL^+UYd=*OyK*A^zTpw3qXIm2-?o) zn~xMa-=XQ4%cT=9^wWh<0K&~X61U_WzG0YKiC9L|u0kl>Obh1RRuBqxJWh3daa;(U z4EAp|987gwJ$eXDuslPr%;!Sr=AtAPgVy@C9ORWg*-oMWBLeA1dG5m32ml#8SeQ&| z0a9wF>?GZ>rR8HVos7>8d~{L)W=>4J(e6|qGFmjuUzoLK1=uN4v$p1WhKbQvoKcx= z){aiyUWd`4oDus0$I*S)vHX?OQIRJak=J0!yw;xR1akmYe84t-;GT`uy-oQEGqn0W z^wK66i$(j|M$VQwL?k>!ki`mefbCoyCU;=0V=F<$5>XDHLShaj`Vawgwtb&i6s4jO zm3lyyXDg<@^RE2hL*s#ie`!qDbS#%L%60&BuxM548I{Ge@; zzV&Ij zEPL!T^UEtBhvoHb^jr23$wyTZHdP|FHC?Z3kB;JUQ~sR;XKxU!_$LQW=0KxT@i+JW zR}P%L%J<*go81+sf-$|~pBy;kRa4hL+`C~ut#hxU>(rquzoHw)-h)!v^OOVsKZAS2 z{x9U-fAMmoHgIF}@ensW|DVc%2k{9-HVB}SC%&Ct zTy5_kHg^vs=9N#(F5cYzJimNW;(-784+sVTf+!Sfb9+NUPfGkri9adv`|T$s{-ng8 zl=zbpe^TO4O8iNQKPmC2DELzpyy!`ZKPmAiCH|zusW$&kaX%^XCnfIlq{N?;_>&TU zQsPfa{7H#FDe)&I{-ng8l=%O4N*oQ=b6o;g;@aK5f1=Cy#pGdEGUylfr@*^~4cOgK_tDn#AQ);641v34cBLCeFV*?j z4Up*sa`Yg_wj*-906GewBujmHBjq02GnCnbG2Vf;(~LgbgKa2)Qguai90KZ z$KOjhD?u}5hhH`L8VuUC)kq&Mf-o)yQ|nbx<*0M+YB+s z%*>2&4B6Yv%*@O&Q_Re9%*+fiGcz+YGsF}p-Wlin|32q*PhU(+Gg7O^b-hY;v8tq{ z(t6elpa28`(Sle4Ktw7+!+W5u8xTE2FA;{&D?w+L0{2q&3-w#~qW8WUbU)JnFzCy9 z4CB3=nC(oIr2o~RbI5eVtMu{r^Kx@$A*Tcc83d2T3rVs02OUH3wS)NQ`$YM91@DOd z&CtVzr7T|+I~GI1A0hp>OtxMw&*zne=YjT0AD{)-&yP{lvw?1R$L+su_h>L8;Oh)5-$u|7${`s zJ?H@4X2DPJm!tO#zH)RG9Z^T;Ap;8W+#WzMZcy~F*oWsq5t~7`{h@%!pfz1ed)NArJw z&#Ldv78xya9%Z8##qb&}Es$bR97Qo1Et?;$+%GF}u5qQTNKI@=%iyZH8?D5bJjNK) zppe$&7^^cWZmMU-7ZD)99P#PrYzdOymXgNJADiQ&2>72F_5T0fs1H;m4F1oI`s*9` ziq!j=EXOqF#yT*Imc7dxD5K~y;6ctZ!G1Cm1qp-w69B*Q?i<-xq`qr|Joy)?7g_xa zsXqxVsYrZ1mtKLUU+u5y;_Tp%iVVLgh_HOvC#gHfORmr;+v0P8dWUgTNM6fU8=y;iYs>E07*4F$2wYZ-kdvdqNdBBx}B zC)doQkWBE`z+l=@Q2jBD%2YsH$%TGD8ENs#)G@J{rc||tUYR;{$G@05_^(rcshBi` zQX+ZDV?5v`qne3iO`ZV_0^ISjRA>L8>d82||Bb5GM*Tj=VOSV4*;8UF%;UE$gTRUs z{fDY=$b_+T!Nb`8L)A5B{!P_M=K;6`d>zvK_woWUrEtK%eQyn@cv3z-)8^u>ZC*+ zN``FPi<;}$5s zs&xv=juc|BmI7~HKABeGf135&Nj@fSk6`sJLyff2h0ZYCYa~DU)kTZbMaA8elBbk7 zJUlzmj6}`UBo933hC)CNp1G>VS^ro_a9LY?!I4-=_yWu+T6Cvr&h!!B3%UbGEJ^yfH8PZP~VX z;=XrzT9s?iEZCf8B8D>KxC;AW6eM(Z6j25!Em?2x^BA_eL?*c3AsVPMHi_3m37HcJP?LWBcx0IPX*!ylw&CDK}an zz@C0T`4OG^139eGChM-P^sbNgE(I~Tif~bg%(so&)#x^1w>aO(V{DiHupX`5sA0{B z*_E3%tBXahjTQSfy=_b|*vlnn95)N(aTVq8HP(#ZYo^+pY1{i~SIN)ZE^x>VJT&J0 zvDfq7#FlR#G>H6>x>aP5TU>2lpJAWNWWP3WUqY?`q21(5xrq$(Cepfz={r;T%P_^u zDap-lIqCyVMbk`<0}{Q1MyrDiFH`;)Q%y0`?sC(Ei39D+OkLu2&CQPn52i*BI);lM zjbltrCv{DTjm#eo>ix}n*&Ez}H0GFoJ8HX0cMRp-#4$Q4KF(yuv(vEf}&JTwV ztVhz;=2p5#?=}xRyv*UVj@-fAIxdIJp04UXgXWYE=Fxjc2AxM=eAfdS+x)B6{kV^5 zVvIvJg~RMDdKD~$%Pp3_9fx1;Lbe~9iCIK9?nRkN#uu3-z@A9_vS>ZC*x@?)8e*(q zcaorON&0%AVEKtm+X=?x3DKIR^qD0D*s@L55;4j$xv@Goq%B8`v+zN$Xwk5Mdq0o+ zRM6L=q{yT^>$IW#l+oGh@WSfn^C{mu>lLE28~QWFucsB%`;~Tk^=fDIy{8N!?w{quqiwqwMEy$~L)n=WG!+iC*WS zPPQ=d6NBFWM%5EUdZqoO1vC0lb?Xq?3 zvgF(jbJOlyr`;U*vIXf1mhftX+5U%=y}R~Riucv3js0+zeNT)%A@lhUJv+Ze`;xY+ z?JD~=@Kr7T^$5K~6u(2I)b%Xlb(7w8vhB5#*R^lPwOq7=Q~9;qxPwl|HSp3QfAjkM zx5Lrp)k{b&`X^n?FD6(^$7ok{I79aD-Nh&^QiLf;3(KeYf(U7v5 zZ!>=4<5&{rA~ED_GGTi(;})0Z!QtbT7v>Aq`uIomL#!G9qpskRHn7X|(-oHhi8x5# zOyu#Hn&$H!nKN$Et=N)*aIvXqlbQ68naq-zSn{3zqH_k=c^T;*j_4e#QIV*X~{=)S6knS0fpuyG5mk`a`S9#hfjCJXzaWAmejL5xQS=0`_ZH=0G)Q8~9H!AHWY z9rxtNGVol6N7JLb`GeQeBOYw0&!Za__s$m__po`2l6xjY_YJk*Rm z;@y6x;@E!6<~bU8f@}Mklnsg;`l;mmlScgKwD=0z~9h>-Lm-fJQAffXhs@L_Lunmf_{yH*8$-Tu5&=dkcLF;JM3<3jq)gM1c{@(BS004XyafVSo9X_bzrUe`~@; zK^-EnO=6upg`0vdkU7S>-VUwJ^>W_0OV7Tc!>in%DTJ5yFgFYlR=flbXcPp(q9mQh zHNh1T!y_EQ0%{oJsi=9o$>QuNUn_oC@a7~87zTw8yDDhmJ6XhqVtY7D!{Pa3`&ksE zhO7o-z@kw^bFI4XiGttnHe({U_d|;k^Z1v<2SRu&AR-goKN-jI*_q~kr3K+pN&OHI z3B-eyWeWk)5C-*%(h}bJ0nG`6Lc|YY{PX~8iU{9g?29mqGpIBXy2;^eZ*tvG4=ks% zsPj^00+1I~X)-v-TWRy78%2uqNsw7#grs$xk3@?UJf|^>3k)U2zN+C{2FE2>%_J6w zd@K;PBrFI4q7Y&RXon!o_k*n6>nVkRWu6J8#YN9&g%ywny&!?>@I~R_0M&93oml~O zx*f*5io7MOHl~;!r*{B&_;4kgYK)VlLheM3odKrhrv23Q2VvZm7rSBI=&= zg<@?vDNT>@%-0}%rT4I}^xlp6i-_h>_Ka}YrkHT z?39)>5mo%qU7&sOuA4$;FaOV5>8zqqA1%VA0oMtjZWDB(s8Sj8TZt>k>o&l+oYTo# z5(L3P2LKlY8_z1Tj;7T6-b}<>cTD20NL`?dEY62}Uk$mGGXxiR9|i@p55%g#7F|IK zsP-EGIH3h#p>2bpcMSpFv}mOGB4IG&hD|li6fz4vf=@H3fiZi5#L%?vFc|Uy+>qS> z_!?hgN=;y9+bSR5Z}9eY&Xux!1Wz6-eEs?dV-<=xjb`ym&6PNj>w0mEfJlsf zAw(|=Kg8GH4|yW*6>xHkKo#MgdRAx2E=K#H8q$$SXox6YUP!U;-Q26R(11iFKPm`6 z$wpcXtEs3szAeiN)scyqz}8`u&%6V=vvHXd?X-kU5i`+~lKEXy7Le$WK?1`$2;R8S zVj>QZR5dvej0(LNDLL`9&>;8^B|yUQX}C|*RT&z5=3E1=(@%b!-~!|U306>O{1;f~ z9A?^M0$%!s1Z0=8(F%ISS}WCD&qNi`LM5eY50z-l&+N0_@E@UaCQIxZDm%~1w2Pk? z7<;*@2p6oJ53QCWE*q+&d&~8CHPy3_xoi9w&mqvQH69>bYhwl?jY!HRzn-XmC$p~j zOmD5}Zs=NbnW<#xJ55=~mWjP?wEO zp8l2glJC}+PFunYt#!_KTw5j&;GMG5myW5ETW2S1KBuN{oNXqxZTif+Ds!a6 zV&)Xc`6(j$K*IQ67x8rYn*$cT(9?W@h{`!aSQQSz5Dhpy;4TjdNX!}lEThw9HIABS!f0*t}C{9o&+(gZ$&5*Vo@3uwS~ZSL^20iOyiV{|hZ(Ta4_b zaN-LD5WVDWP29Boz_!;TzHFbuUVe@aJSg$?Dt+rEpmh%Nnh&17q zLq2V~NfRH7%&Vw)ezcdpveO$$Q9bH9!fxHNe;?x4ayJ%UIQj2~uA$zz0-#l#9NjYNKA}pst`Guv z#Md^MbUsF0w4-~jrBD3?e-?YXuos2{%vceF-Sd?%9Aou$mEOVll_Nni7+iYBHDll?69P6`qDyb3!k{CLUS(96U7Q}$`ExIGv zm7mERtDh?jMpq#GxVOR)9ty|>qJ7{v0cnDXc2KmZ+uYa-%AX!h#5*Y-dXqtSFgGd9 z5EQFsAAXPs)c|nMDW>26U69)>Q2<5&WLrx&UPpkquqHvo3a zql@9{dYplG&xPhOFkN5pU7slAR zjtFZSH)xuXM2IuHGc^t5P6|Mi1%Pp*@BN7o(zZoOWdWRkJEHz~^%y@Dv0$9~Z}3py zh=bs%i4X5X;N|r1(e)tAwjOjv9(}gf!neRoNaY}y=Z=U2-mUYEOwsP_-*nrexOxCm zyjnfuv$2>LKFn#fkrJKLncApCwQ=H9WPNa&EDQ^!1Z80<{|jlN}n{Vg*+Z3r)A zh`JjBU$jk-w>@hB{jSvjMJygkZDT$$7jKj37RK+kX9>l1hh%mT6?>c%TbIx&d)JR- zJ(`3f#xR&SuYw5c_DK%YcYDh;2rJ8AhiNK%L1!ork!*1IEzO{i7O8Y(+`}3#2OB!GzouhTmn|CFZFzn58sAA}648 zN})r{7iCm9z{?@QHaOIcL)#^Wl8b}V8bS6$M;T6c-PwUzjR6+q!9q}=wo(v$jNNvj z5VIh|F)~h9jbhr}<={5rR2skolk(HCyIYS`&7jscXnP z*WG0m3~FfcyQnmQIMqW9L&p=QbICmR9R>%)&;RFGy5_eTem#J~b#v5%7)555V~t9sKpik1~fi6#dm7q*I|Fw>@Dq|5)d41z5aolcak zJqhl#yd1C$ouv!gECoeb#OjrOHl?qO2&%L?tqeHSwmq%#EUgBYg&>@H!j@a_(^rx+ zfE#fcYNZhBxX*e(3?bi2>Nmr_4~{hmS~aSjl?gC3MMO1S!W8;4Slp1bxSq9yEH)aQ zG=Cpz#XoKfux`~_ZueAc|8ClrHQo`k-|1x8ymxW|rAj4fmo2T%j*v z+uzH$AZRo9kxAO5(oMHA3dq!=#kAzKv~0!Hn07HgTd}0YxGbc$=48E+XB#>KzOXN~ zT^CGV?zC;#WZGblN_=73hOOF0Vcx;6+977%rLNj#w%bl3*%M^m7pvNrV?I!;Iyk&I zFsnMWV?J`NI(in_(wjeuVLnOv8wI!f!2IthIC0f!$3Ic+ZKL4-KUd=5{{bxubfyD^B^xdig(`3UCbys9cIT4T>aON;C~h zEL_Sw4a%RmRKy!py?77t48q~jVX@oXt#BymSH)v*aX%#nURdZ=K zHE4H9a_I~;=uC0xE;ZfH641J?)LlQz$^Q&9C_m9ucuWmaA z$G+y3yF@0N_{AjTm3It`dBmi)_K%qP$1HE|j?FGv1jg02_uk$;OfRkmC+B5V)bAgk z-`zjuRMcPpxX-C-NGqwmy16^Qx{1juxqEmjZ|u0Z{?R@#I=8%@T2kW{oia2z=Ny^r z5SI8kBFQr@eRO8QBR0)DA#;3g>HhKO;pzFp>gMU?wO3sFkNd~Dm5sWNzR{V**zD4~ zho8siS4Ll=My3~XDjN^Wq&e`%D3fhj4L%sIO>2`y$sWJrzk2P~X44hTXL?k=XHh(1R=j~z4 z-}SR2OmI{UD$kHyT&k)^Ur`qxrYriIvB?y5M^T)4CsI%AM$mB_Q+(ZT5Jl*F+>6Xl zU4fEMih*GSj}r1kni~@H+i({tPnXP3-2jg?6iuyUsS)E3)`z25CFrU(31qMmMK0&K zD*T2li6HH#d;(nB5Ldp&uoFPWpaf|^7;#uGgD97Vd3Dz%ym`$KwHI4}+vRG1Hb&oW zfVTEn;2zY}IE!C1(Wp@DVwwQ{X=FgNGC4(zd%7Aq20f%-lJ@8Bi}WexUuU-JcX;Xm zN`kQO1x#+s_F+UyIQ7H=a5?n=xjxzkfZ7^i?NZ|;&&9Ags)o&~eKnEOnuj()n1G2z z04g+^%(-3YsBOnnWFEW_JRyBpUzFf)iN>oI4vZaWDh&%i7^)_Ax{n3S2CP>3r zI_2q6y@(0Gp;Rp=4F#dx4g?TI&A!kdk>>_UigDg%7a}&HbHVt@!clIdL!!}yj$4w7 zNs$50p|J!&k^!X97{=@(RGZ>KaKAJwUK{FDBNt-4<6%{h-3(Ze zXL5b?i?xsn{--{cnov91iN4Ds+^wPEwn2M#F}UI%WA>w6Os3w;2eAet2hr4>8et)m zvz4fv8{w^`+*iT-#UfLhP%x|jqCbqKJsOG*kHOX1_uSldlT$N&%b`5<_P4 zS5Frko9N`@`-P)!0C7znnu-*D(&O7|$8mkgl#VIh;dJs~UKvA_xfI5k4cOS!ek10& zKz@#Sc&Kf@Z3NULjCiWo+Zr{Pt39S7H}A@tfU^+NUh6-IpZdjxZjt-FyE7u$GkK?8 zf)cVGqvY8y!sXGpzh=8g9(-bH7W2ohPrT){5IWOr@}b9c13S}7LE_I0qbKJ52s#$! z8JUiR8V^|kYwv_34)at~^VgZce0#XGrWU-&_Xkbg(kiPf${Mfr^|l9&5wE~|qdzv*K& zEe|vaJ4XF0vYyh#qJ|ae*ltYxWpVHmtW#WY)DE$EO|R&`BkSoRL$V=GeM1&Yv>adWZH#zXD1%*87c_9368_!#H7hh8J=gP+m)O0yFd zd8hvF*uBy+6AYc73J`nEHf0(M#g>g{@!!2px}{XM#Z-(Lvmk}8rJUR9Tt|!ZDsjh* z;+NIe$ol;^A%VF_yN?UiuaWimRLl79X?ayiE>$j-XR6xJOGVH3Rlx!_@}X(D#Y|ka ze3ol+H>*>qea@?kKwsx-ICcc?t zVjjA_3p>vxzWy7*k@m_0d#}f}t)yVL`ac2=0m>h@SM}U_usR(mNixO|%-#E`>N~t?)S|Hmx71s{WJ-<^PdbP{2E!G6$ktL$Q19W_!Rq4#Ikx) zEbnu!*x@ydWrv2ZuyIy;OvF!enUju5z( zPO51@%iWD`_uoW3IXm#3Nzd0l;NcwbLi*!nBoGm@rxm@2kR0?%Fs72;tGQ2% zCc@TpLh;+Z0B;~a z94`zAL{s(d<&W$2&*@cH5!R#})J&|^I`4c}<}V--Mqd)F+n*LxgJ+1;Z&WYV%QuK3 zGl&rJpPC-yUz%Q_$FP0SWuJd~ZSc7kCYY4a(FO(L7UW_w6qIz_OBA0&X7#y!AV z3Z9k~9)7z7UV=EhM#labK$ikZUjoU{9B|z&6EZ6U4wV4FXaHa>0I&{zaPYBehyX}h z0MrM7WPL(2C&z$@4Ee3Bhp~+6D5{zjdjIkGTm`|zdXN9HOuM37xJA;jP4xULsD~#E zE&&3dM#4MG{PsNltWxZ069_Nac-nTgiu;USu>*c zX+$-AWG(GGU|w=#GsY$o$1S5gijaZ?!6XLg>uw4;`+k^hotneCBn-*bA-psBYTa$6Z|Xs zo|^Ffg&kXUCX{}>OKJ)X#1zGY7wZA%X{Amf!T=!Ia}Y#H5o)vKdh+BQqam^6TXbeA zsp@{nR8x1L+CwByFycEQkQPE@`Wqw@c9743G9wj;7B#0DaKpS1QO!)IJv5$ePRy@;r9wu+6-4N`>7*y3i~DU)u#<`x3+2B%i=Ftu4Qf&FV4KA!lLZZ&c^>*6Hq3L#sUJO%4h@dZ^944W2!LvIDNV!_4nT!JB!BdTfCke06$seVgZ4 zc^5Bqr^t0z(ciDJ^syE7k(7pK1Gk>O>33P{i^y)?+j89=ls;x|f$z8e+_yeQQ$P%E zy|n5t?dk*6wqeW+R=C!om<@sg4Q8dbVH>yK#ppv4tGz^TFJ*2|ml+^o@1QsGBV$*h zUK+#;?@S;XVz}<$T=KnFYr>M-@k%gUl^i2nG(?ZABdFS$-8INv-65mig*w|I1sgt! z?s72gQoDk834Sb4$r-gK7`gt~`P8;cw;0WsrHd~nz`SUrQfAafU>pp!$4VW=p|-)! z{DDi%`1aN)^RscJ=^hWt;>XKIUSbvg#=Uoudl_?kN(Xy_A*GaeVNT|d9fC`OCts5E!h};m5@)W+y{%Mrlu4J zaCQe75eFe&rtH`Unhyrt6$f0Crn<0sdf-uQ?m>OnLlg|NMoKd$=|kfx8a+KTduuau zZXsjX7E9PIiz2g!g+rY_Gx5el+n6dlH326R0dKuVk0LYQEY>e-?0&Fj{&LDbA*O+iNBpm4IBg3uDHhIwQGw5tP`ifI`TO~Rlc(KMoI`8bP=oj4W<8J9C)*UX=8BF3FiP0HLq95;M8dW>@-a8j?JqM@$ zKA+5LaG4aJ*wmWO+MFp8T%^8;Q?R{6zOZ(^SegVfMqRXI*{;QGZU~O7!q%@}s_hh+ zZVwvmz50G`TUW|UWm~(C!gl;#b{v^@+>w`j<#t#Tmx66}d~27tzwKfX?F;ekyBO^| z?=GVFt{QZ%610aNVx*onSLQA+_Yb=n677%W?0+2|z7#e67E}f&as1IUg`Dbrma_xs z^FsZRgg&x`Q8#=xbAW)OhjY_=hqI4Re4Rh%U^aLyvU$Dr;^2^Ujb=WLl6;81rH0Al z7;NTf<9&0ZeA5}?;9KS>obK4%=}0i?C~tRz9ewi|#Yy7Qv1HTH^W*JrBJeE<%?Y{u zcS>=4>S_vFeQJ6)dpgvE17CZZSW5;PUFJtq#-)8Kc~f>42exWyjxBT6BV8`>ABCr{Bt60o~wEcr= zSEKc(2Fqj}+o1<7YZv?E&yIf{I?G%U1>F>B9-UY|F?EUA9f`P;d^QD}yWvW^O(i_m zwLY>=J~IBfcd2&cMRM~*efk0E-m~eZ^5vSw>?uSZDbVdH%={@b=_!K6=%nr`ipD7H z70%;GM?5~oZAnGp{7hJqisAX0_(>{G{bv%~$Al?!`>V%+&SUS8pSC>5sp<&ciyrGA zo&;h%0-Ju;o_K^mdw@`$L42OaRUR2#9<`G{gRYi}LZ6Gp&r0+?+4G;vn>?GaJ&S2P zOIh}-s;w(Xp7|y{lRgs1Z!&nwN38^qmHael4)|N5Tn70BULBmS#ytD_Yzr4i1% zqSLj>?R)*yYC)G*Bg^leBb=cly#Z9O{-etQ@u&7Hk=9~w!X|HU$I$N#HW;&gg`aHy zH0VDp{dd4#Vq$sBVu;dsQ=iC~ACUK5W5eVkv53r62zA=lC??#4I#mmBc6VHMBYHBmCmiwImRo z^|wMV`A>!ZqG^aE?w<-h0AA4?7YJd11}q0aP?EBSNgD>zz|kmG{0E;8Q#1s`l8YxW z(qR;gB+{$L5CU$gBp7k%l}Z50hA@a&b-?D*xKNM=sXfu}T5&^062{lax|KriT!|7- zUdAh*7foi31|WhdE%FwVbvlU8Pkxv}D~m%#DR{=sDpWWf5eG>dTd1K?l^M5ReAvlv)4?7%6U7QXj|Vs;=F?>E z-vZw0iLQbS{U`@PWEckxBSfY{1HJ3oW0gP_DN%gn zP*O-GaxmuaR}e)@2iA&TGi`m>zyG7+=VEuspL!{Ir7N+=!1><~a$ihnOr(AoO(1)C777 z<&1<7D$Sm<>9S((!jdW%qE&0P1i3_52`k)vfCSl7NgNa`7sM<+LGVwdZ{2y8Wex9d z(wG1?X#geE_)E9xrVysFLchBe9*dB5&%5%ro6#}i_8<7rz0!F#^cA9*z@7Kl7n|wT z;EqBghO5TKMnnJsX@eo!JH!Tq_;-kG2GazHSkp6rCfGRZ9-M_W>t4hkYw!{=VFbV= zT84t#!c;9zCW(cRikV@av-Ub2-XT6X8J}}LW-+duTWT2wV(2?*p&uEFBgJBsXT4T_ zi6J0lTFgLEc3|TDBJs|uV1T8ZI)kKSqV{u8QBJ~jVlxgiP(@6=3M_Szmlb; zgo%0R6OEh7n>LNd5l4JxmJz=({X9wd1?B^EKt;kxe6Gnuqa;5b`Yz5%NCNgle2-oo zcQedz<#n26MsnKgg!#qh`w{oM?m9%#^7uUncw*qb*}LkOUuF8mcg{R?K4?Xa#+H!aiq;_Oy{IFIo-+B?1bus{eFm`9LW1n0Z4KyuPiGpzV)YC(7P17%0CUm{~MiJ4O{KpA^w3B=C(ZriUSt`BN7@ zdu_sHenFcVL;@cnB^=(9JcW@P5rgdwBT5PafU^`$4!{3vjtvF1Ka9AD)F?`^64|+D{b0h%8uu69_{JAD}(1Nf%L|Om>z*`Jqruj(q`@ zn!Qv4jk*3C#W}QtAcPb>&&r6r7K)mN|xPy~A+utfj zb1I$%$-VRW!p56o^^)kSuzueF4yK~At+Tb8GG!((#Hz`Oi*?}13KlJfuNC2psuHczBg2_JC*AzBQ7_gaMvgfSd?sAX;?Bh)`p8#7^jwK^a^o*hh$_7ptfEK z_{--rrOiM6TACgdugj~{G3Aq3ol9VBsPMVaQ+ua9Ka!-^kjeDBC|o;n)3vGdCCvKE z*ve+sP<^jYg9uR8CO|e(Z>2A+IeRi;KOjc3pidH;%T|j zbn-@nc)#2Yug3bNjUygT+`Sj8^ZFJu&k)7ysdYrxQ8N|Ee5>&TRRJ5aRmwMM*V|B7 z$UYK@m_r#oD`O9zTzWtw^&r@LN=+vkjj zg>F7S$+7gCt+6YH_K+G1Fjn3tPNUCc5x1JltGd$3cIFo|sfbp_=8K~J=^DAWQdsu5 z><`|B6FG+ZdXN+V<9$iv0m}1T)Dw)KEnLnTa0du*D0`x2-x$|?E_AQ(I0NyX&yB@wm z*$g7`@;I$RVUuq8$=KKaN3?U9%uA!i;A>@6^p-#H_vQK)8(K$bOC6IeHB*~czD)x8 z&|9p*{84+Xj)7?6Ux?1XFarqk%eyGB{lZlXj3Am*3V&3^VL7Bdqz3!m2}nHwaD5+P z729<1uAX*;^==_@e!mnB9+>KlM!)~<7&Y61aQrjt7({&15I1?Bg#ZIUB!bSW-)!sA z0}N-S^Jb3{ZHuW)EMyQ$fE}{eC08DZf)=3xOMWE#l?LyWf|f|(5VB@i8%U1)4dA7+ z4>h)=Q%J8SGEtMZK_*d;EV^YH>N4cLKlW0OyNZs;SA-DvM zx!ao2LIxAWumCjJ9H=7F<(eF#PJ?BYek5)na%VTPoZ)*Iaxup7I~d@-tS0&34tZ8E z0{+gUXbu{^;ZX+3CMXw^I~!jso!S*sjVS0*LH^iui*|8$*Mp2+O$0Xr75mlHKV>6t z8)Urf1j6ebD(Him$=6j4-xI+CkG&1)cgfzL?nIUXNs7pN$H|$PG00&3$O7`1oyaI4 z0Z4*ISC#pcz7xb+MhyeI`1BMdR5|c4z;U*1Uc?=!-3%_ZerUBEPzf3=sJu8TZQU-;`5ziYBAG@}h7A`#+?nYIgn1aSUbVBc$< zQm#=_@REXXHyfK+G zil97UY1Z#T?WUNK5OpZmNu!omWQAfX|Bz)(PGzI!XLI|`HXy^6yV!l_(0LeBb_G)h z-1y#PF-ORR27sihNTjO7v=G)<^eWutAr@4q(IhBAp45AuS;5XBY2nNzVW-Qky&`VC zM{bZn_d_&~(F_lIXiryCtiuxHdh<>?3wv+@X!?ka>b-AcN&IaB%gd1|?6Db!#nk4a$=pCQAUPrK^B>nqE?|FMVLjNmX1~$);?HXIiT3 zvCM#F*s5i|(@-XcYE~6(wkM6){=6JSSrkec2(wIRx#VlsscR~I?RT9r>M-zYYyC4W zZC#S(cfm75$#U~Dng;BWWnG4PD~3o>h9z1^$+B}99`ta7Q)8;gd z<|+p9`tqLP@~G+Zjs%VNLk5Qn2K{!1uF3K)@{w*>#xXob>mBPf$ci#-#$MRizFC+) zLB=wrb91`$RJn>~qlyqGMpgF;{eX&rwB_Nd&_Th_;aTI+0QG+S^U);6(Ow(J4#u%j zMvF$9sp*OzClwRBFjH0QBM+j}G3Qh4aFe&zGY>YC^p#FXwl-9ijKmiuQk5M-OmlL< z3%#jxrvra849iL3%X!O7MHgYU7t7y+)*6>qq`)@oRZFW$7p;pI zYl1kN31{m8Nt<>STL~B2PS)F(wxy((gV@YF^mgNB<$Hp*`?qQ-s#OPi%!mKM=Y5%v zLoN?K799V>=TD2O{_^=v+y9KLZ}#tJsazaZU0yO@JzQ$WRb9bWU!$O zU{X$2dELPHY-xSl>elY|{&87DdsR!<^2W~M`c`Fg*VMvl=g@dl&*0VVom2R?lZ&f> zr0m|&ss6E4V%nYTRs|B{9O|6=f)uYdFP74?f&XO+!|WoK3GZ@&J` z*T4CC$GA6N|K{u8eEplRfAjTkzW&YEzxnz%U;pOo-+cX>uYdFP25-Lp&DX#A`Zr(y z=Ih^l{hP0U^Yw4O{{L)WUuVd7e!%>XudlNiYCmBAm#_B$jvrF|%h$)GGGK&Tv`l!s z`g)kmsebU!;t=9jU*B>3f~l3LBF33dC2#^<`kA8}c_+mo`|9iQCz6WBilphSHQ~&z7JS4_#5~|x| zwDxgjDulc2kuZUPV`X_}(6zDf^t{t)t!`=2wRr$}!BT&5Egj~ud7jr<-_KWXJ{;P1{9o+d z1{jf+?(SwlL{hptq&uWjNry&Bk&*W>R=S8g#2T8`2bJm_Wzb8^o4wm=VGX?L4MSp*H9D~VP zMEbXL`blZLzr92i6KiU7L=w>25V?8Uwx`j$|Fj(?ts23;HkdW}-RDN&VH@&;DC%T8 zm^PVZuN`V5y8BWD0V0YJ+lC?8k#^r+qSt|x*S;$uf)T!Lp#*j^Yl1J$VI0(X<>(gpM06cgfA~Fs z^gsAL4Rc;6A6|Q{I6fO)C#|n2)qmFavJ&VPU7}E4R=QS!p;s?z#W3d~%(5VD=QM^$ zyl1lE6uVt#=3-*Cl544A*qWl^Y|vj3;+WM)NV4I~L=-{~aniCNnPli~2~@#dYR9eX zvI$H$$tbZYik^ZTk`>~C_K|bED_~WEO1(>mPFgU6TmJ$2v@keR~)Fm9vMV`^ZBX_szb9 zLs^bIDoqO}_wTYJa&p>=GKtXs=!?FjO{OnGaw!I~2}Awa1}*8DV%c;9dGGKn_^I~VkwKFkh-FH z?f`GZP%mB1;30ETa8B@lbN8@6@SaQQzrcGjrBHRH|H0iu)NA7gz`Vmy#p?UP*_0ue zbLR&e=#*yobn|ed+VDO)WEz@!6d!JdGdkU;1jvH4tA(R+MG%OiKLK@ZSq!PT4ed04 zyALkeYsMOEf0BMm8wzjP1E?m{K2kJ-3YqeXzJ4sJ%rC$FSV{ z3C%)xp#4>g1!j(B?v#k0WrzoZ*yEzb5FsW{07uT@$G6dI4{_&2Amop6Pmy^sr&Jp| zRqD^j;MSZ7=NX=QpU%1z!ThK3?-XIN)Fkkb{r7BIIT*ZTAIID=&iP}U-0v%eQVC@~ zmZVyIfC(O3F+L)n8i0xliAD_=hkdYz$99i5Q#p25tH?2>?i!&yb3So*O5ofv^2gEZ zsk@>Ba@7bu)h1YZ$S1#prcB9U1`z?@2=CkndWL?y99DTrULt%I_wXbofG9W054|V;H@yd`O{Kgj)4XriR6J5wD&rYh%zbz*JXK6Iw2|ACDjTz0r;H0Apbr1GI)h<2+yqU<^yi?Nwsv)4d?TQi))383;ggyvIjGFp*SvZ0 zY`}nO-T-`H028fQ95pN$3mFN+sGS(@`5|SP5M+oSzc`(5z?Qx=OHV&_lr=8QJJZdx zJhh~bvy4$@D28NY3(tK{)h_yd+Ze9dbZFYLTvl^460$VhY*`A_)hfJ4U&FhKskDkTz4*j)2FG_5eR>t6wGl+X4$EH+JU1cIH^JnGletx# zkv|*C^_nNjPYzTG!ZtYZnWHw9@NXv_oVR z>$_$!GY*Ayro?q5{dF40bzhBT=IM3z^7=Txb=C}W>h0w;JaaCNGR~fQo_bzBe)IBI z8#d+})^+Rr3jkdYUleRC)ooaJnLq!zAa zBE`<4HfmEwdc`blbD+#ZA$mp0>bqi(q007V7v5GJ(iS&`-gIyNLE|q+r8aedRC3*%G-VVRy-Wr)&*Qv z^#ax$#&!i(xYJf2yS85~TV>o^5t3S0r)@j?e|H~%vN%rb$0?^?`u!h7#Y#GYElUSG&=Vu`K7$X@@v z?U?0WqR2)n$F~fBn=EaUYzBdxP>%cp^8$XeJpL{CL(S)*Z~Wcf?8WaFO-GfqmX#V= zS4{7JE7|wk*pH_;sHBLmuIH$1<*TDGYZ#fV*%tU_W!e~OVVh`ITfXgYCD&A7(zdKw zuWZvXZPyMsG#ozo_|pE?&|a(Opp*Y=Pv}-}sQop~q4;O}FHMI7*Ga?W;8Bh`*pQXc zxVF`M6o(N{uo>M^owEI;)u$;2mf2{#nI6VDf}J17;DuI$CI6l2R_nzA2e*qOmyM%# zisRJ`p;n{*b!EM6$K?%vfgK~=y$s_4>ElV{W4@7Nx!hx$qvMk$N4cMlisUB|EGM&= zCkLTcQ_3e&FHgw*oXG1PugcALr|WME41X3lJ%8h*kbd%ug8m`Y?AP&ggkD7?!ZnyO z82DTf#aJJ);SDnCskgdgw7c`S=F|B^XYoPjl0)aArPI;S({v! za2U_Ztj<(nCxl5uL^4~g^)9$NE{C2jh9hTBR?cef&sYl1K9ioC9J_cug}LS!oZn}h z(QvNP%2@qSc4fk9*0DeDOLV;&aTO^)&t5n`I6enpx#`!rrn6iykzSyRUXc8DHPLtT z|9J6C#m&v%ZN1!WCc_Qf=H{|+5&Cc;h<1s8a>0*E|Lkp_xUr1X$tL4-cT%g9S8XRk zG7i#7CUT?v3T@I#jFvL*-4nVmbvE2Ne_u++xT|np>5F)i_J|X?Hf_i?P^mWCakIp_)~fKZd48>fDr@~) z!v4h2s?hQcp`oL(jkAoala2=);SDq6+YKd8l^@p%%5OayuHW0gWr3yLoC@FU_#Mc%&qEX(+jc{Rd6iID9=BtY{Pu2v!t3*>m)P;$ zvi7?;ox5b6*Qw9zJ~Q5}q^R&ek)WS06}5pj7`4q1>sI=P-3Ii*5k0ediX8fByx(M@-vXx}qtUOq*QulE!{d|T zONYZN=p$=zMDH~`n>IWTgp4QoMhN@@$o}He_MO2h>ghFI`~r9M5cR)~ep9FKpN<|o zgx3Uc3WS_-z7G<3A1LNOh2_0&oPPk%(*u|^;dy!!2pS%c2N;Wt_$pWk*eUofV(o9I z-e&iVwlDUNueUwVllhyc-#g#zNaC@cuzx{i2B3u?K6&$wH%B=Goq9czs3X1yKr6_T zXHmrf&(n(*!+kx=bg5p0>k(|f&T6W{EEjfaQHdHwi;B0FKN zO!QF%U%^T{6T(vtg9-M_8R} zi0DFWe+uO~j59UwWl;QCFV-M+P|NNe`y7zdiXjb99bc6SAb!r%eU!F#xHD0xQQ^2` zae3hHMn0+4zRH2yg3*aAH;@&vP5qtp64R*JbFqHoZMsSu>w2gu=0{VeoGkTI`1BVD zMJpB}W*%#bO>7w%uLH0tvc%TExl2e7(Vk1n*1j8e2GO9>$1R9E`w``c)ADb2h*Lt` z^#Da>)AM#@MnsS(*o*ydv@y(Uv$@*fQ(PQ8uUkzs*=H!H;>_T1I=WBNh|JTW8m*f7 z37lKK*cets;BF$sbZ2ZdifrdGB*b(VY!dn^LWmDSaMG3*(Zq}7^tbcDd14V{wa6bf zxi<^NA?33)ve@!{Nf{onS*E;C@`4%}pEJPicp&z*@kGimaeLx_Ej^WKaZx^rc1m$f zO!XV}Ld1NRSQ5k+&Z-~}J_glisAX!n@gV%WVug~{kMvcP9&g}{df+{Q#85_li8x2# zrB#|6gMMkrg7?p(=$=4UYV!hvx1#k_r^Y{x`kE~SlPYl{N<9bJ4hryL*Q|#=&j9m`XZ3)avj0k+)9-%~oK&>#~kbL!XP03(D5giR_SD-|FF z_p%EBRHKpr%i=ui>taseQm-mTdjEiwMFH+b73PXP!waTB{SXX6;G%*_hF5cVa~l>^ z=gOK9#bNq$1s{@TVSCie)1Qi}_OV~4f}Q2VY@aoO~dZ*PC$-dsgBbVj1c14&Zjy7;8i5s*{Y zi4wfAr}KUYCtV9~ulG}r9Z{s1YCL6(i8pg>vDtKvtVPj{ry@|Fl|a%21X6KHrG(@Z z@V$8b%?i=h7u11BFN_NWAZ&ps`(G`7x@&J;75Qd#j+1p>|x`+0R6z26Wtop z+-vfL%VZTJ^f-#IUt}4UK@Z;)&2$o^)U}kE=tbz0j`K^jEIHg*qzbJeHdr*Wb6CYh zEVi>G@wXW|8hmIH+k2%`JJsT-nNmU@49)`3c)W_z4S&W2k`(A-j(&;p$|weUiKL#4 zh+k|H!b;WG+{%n8ftv+E=E_2Vp*y!DVbd)Gu(RNrUQF)l(%_zrsHr*MF_+}fWaZVn z&S%r*3KMqN?=W?Bw>;=vDqqK6@oZAJehK%B2wVvmdq$16cPdWD6#z1y<-#5L=-Bvk z>2%+*nG%KDJ50hXwDzXuEZxaZoD71GB-ZwD#R)-PG)E*Q>Ht%eh0J`}V&8a@9jK0O zj=r9pgBFZ(azA^g+ZUo9Xu+F)r)VRsK>{9(rT)a-XTjn|9AqI4{m=oxLyAQp(McZD zm~aLN2w7sG%Jhq0566*Jba?* z(t#U)a4hNiCJgqx9Sz1O8-SH&5>1dYI9SH5U{*&NbctHpBgw)omD2+NGnMuc88-DfLj^INo(kk&-cqllpq(UQ6VLq?eNUY$=ov6&DDbC8|%SHV2 z>)_!xnQ4ny{ue(tp3!~&!n11~8ox@#koB&+#@)OW^fHnvY^}y=B-ZkIYW54%_V+o$ zM~L*$`Mpm5w%;Tdvzt2$W>y!8JyC9-o3<9I&4ro zdq+wfFMurO+vbQTTNp1si%(qMB$94!HN$G7-zXnCQ@%Woz5$KS>3RyH$t1qfIa;Wm$ zP(`(;9(%?C8s8gLPg2x}0#qlz4I+EcdLlZ#A1l`K0g9)lP z@CQ%~2?ip2)!fc%NV&V!cg&25Y?XDoMX9Vy)k(G@$3%JYB2z{z^OA3A_ORy#0;M>x#qLtJBrOU~5)Re`$d`duRX4UtV)hP<3lqGBm6bgFf6AwyQ)w0f%$)*tX z!IsH}Wabl!V6-7IYX|Ctc4|3vrSVczSp$wGiu}Cen1kD%nijAtWIMBy)?3qzzc!V6)yvd45M2$6*_N8JZY7lF)@s^ zOpLE4)ZSlU2oORB8X^``SOBF&>>37ak?z=pzCec*H)n#_j7{1EpqNE#v|7-S^}~4; z#*wl}=??`ZW>FQGU|X#xI?&8fQ2>zvy?!*`*|V8=fSYp5`*)dJ+&~md3f(0DWEGIg zyo%_b$nUtZ$2WR9xsLbIoGm)%S)!Rl8cj+SrP)^+Rodo8Xx&iddC6J#9gLHG7{ynuS10ntU9NL^2KuvA&}EypF%Z^=m0*mJHJ# z%jyuIDk7Z(dcF*iCBpfKm!6^O(uBIMuVt1=l!1#+NrK~pO=$(y9Rwvs)}V^>GzU+h zLiiy#vp-({tagkk=v6$(1{l3i&f?~nnLuK)j61RnX}_qs^VBbEgS8p z8gp#1UiT5s8CbjScqh`COIylE<0vR^uV@u?8d}+D&$wO_$$r3-^RiIe+?J5Hgj6Rf zj>jvl#h=X<$fjw^muV`rOj^TJ@bDHr9ixUTD5swx=ZTGqm4*at^~VRV0-+ZM%GlPu z#D(Hig@{%*p|M+T(mUQfOl}{8Jx0{oZ5cm!G8+2t7@~+76%4*Z)AOpf^4FX7r(n(q z&kwQK*7VhsjhZZS(yp&)do=cHG!@u&WzzRN^umzzNP?k_H=L78`Kpbe7G_71-9(13N!5k#v*MGbZNAKpeyO*~+26^Deq#(ScFQU*68soZ&LZ5%;!4a? z`YNo{N~dgOzf4`eym7yLgeB#kCFbkC1BkV9|4j)2Yfu6Uta@UqI#i+J&2&xlo7!q% z6+deoOGzEivwAC5O-)u~CD!b~gE-fNpig!-A4=l9?Xn$9zP~!Cs<$hyW^KM+Xl5vB zRt{^NE{SO_Y4x{jVM;>#v7}B$E$tfKlIT%A>*S)nLWH{0hb7-PDnh2%;VWl-Cm^{f+{3C^J z%JZlP?&}+eXK~qP%kAdg9C{TT>4vi}bOy(Dmo1LK*q5fumX_I&ySc z*H4!pJ?80&Vz`Nus)#eWNeZh-D!54-sz}?o$$G2EM!Csns>oNkDR!zTPPi#=swjVR zQ=wKx|{vjnVG&v`!pgc0IF!W1q@91PyMj<3VqqM$taD4jg;=24>TU+07 za$!Z!@I-ZU=f~9iguK$c%7*_p-1`6b-+Ywvk5c|o%6AzyED>#x->!u-mOo1QM=Ad( zK{!z+5 zO8G}A|0w1EkCyV&JmDR_rrXhfO7s_|f@xL|k1u~p^xoZM);oz`;3azAR3+w5LZove zesC#Y(QF+8O6h#h50~;w=C26t#}!>K{z&;)e!cj3{`F7XEw;+PrzTLP+zY2j-l)N) zyz{TxT$OYgr3$!|H?l3}#ISo&p8}Wi9^#f5`vxlv6D=s7m9z@`A=@&ufp=H%68#}r zLu3BXG;3|Xu!A*jO7{EL$~np^1Ia8O>MqL_=8&_*!!l69qqT@ z=7gQRySf*zt|OYx;8MOxZDsQ4t?VYbb0DGb^nS?mMpU?zKl!OSl#%*OZ4x0o>Lq^2z@u1?QYW(gaOgLzT13lcg^si zQ6`qzQkD1Hkv~$tP^RUFFqZeUx$31Bz25|3%jHzV@- zq1bCtxjzYN^R4)`HE+}O;%lzTgAa)@piidp{7c&}{+Ru{2~O~3SH;iodXzsA$3$+X zV#;2q6Mg_ji0BVj*vxCZ|8+A{By!+&7E!oT87?YverReY6b}S1V^wP4M!S(@GQPk%D7N##2jYR4o9TLSQ z>wu+-kY0YhOQpguB_$Z5Cj6u0b4Z{a^qV{GF{9h+Wo@N6I_nHVKr*GnJ`50IS+`0ZJ<5GFADpKW^P&cAJX z1i?tLm(VVmW-4L(sKC9Bx1T!!n^ga7(|i51O)otp0uF|17;rO!`Oj!26fPx}5B}Yz zj}ssZe*vW7lI%7*_p6k6>JIPEknl`szO>4>N@+5DG|7x=5=U3#P= zdz|sgY<;D~^0Jt2gM+^U6#76T&f>JO0kT{`5?^VT+TLlT&L`FIFnyXQT*kxXJH4BG z10tJ!q2%bQ;o`HPw?mn9>r#QieU-ej^Z#`5kdTMo&^#IE$i5h|#t&)fs&E%?Dm${* zr|vEpYtbL6(REMV-^kq`CD{+T?1M}B*k}DBK7DDI{h~3H-}5J5luQnk9aeq?*A{IKRN@WdbPdpu{wdMJ&gI3C25a31 z8y+gEEx;PhWl0b60h7Fq@e29pVv*Gf_0U1^!C*^dZihiZZgWi@n74~=$c3!74ewK( z?f+eme(b;W=wYX;ilOI<|AUJMsMO+ilkxW0E7IdCSN-f_Ud+|vfsSg1j~NU%o+;9j zg^xi~ci=9*YGm5xzqt!oOTR@~>(X4^>Q8wZ@3{$Wz}kBjeA{SOzfI(8w%%jBWH7^FHMH+BPe@uq)W{JomvKV1CT_`hBJ?Ozvv z(cIr`|ATMqMN6JEQ+3*(B>k5k0bezO`o^YpQwqFNULpgEvQr`|Qv$zgmc95PiLWSQ zIVrE9rI|Vo@6nr0rjgbCU>z7A+tU>N)1yz4_eKD-Xp(R`)tTh)Y;c*h|V>!|4rk?Crv_XAis2Ye1-z> zdji>GgFpRA(u)^QIV^%+*`(1K+A zQO8cw7P&~U_q3}S-H9T|uu=6NE*}4Adi8QHbE>Y~K{Gai;SCzaisF3klv=J*+}%~Y_ITQ+m-g3((=%~VGfNE7wY5A3fE=?s;&6qgY=?EHFFv0BgX62ph(Lc@nH`Y0(qqq|n z89Dm67|hos%s=s(3;AsDF+>V1FY;pw2_~AKS8v2;tZ{OKkSx(Eja_lHdSc_^~tN8DD zpcKC|;&X8{^oAu`Yj;>{)L1VJTkkpSyjr$4J=l5AVMF$E_mq71y;U8=YBL0-KG?|m zgCqAxN1ljQtH=zlC~cl-2CJAv-tcLwFsogA1ltS2z3+5;apg5`41Mv^mdT+UU!-k5 zS?%%E+bZVn5iZ!u9PgPA?>S@cr&91GQS@b^Smd=XW{2|SCz==bEF~CO7BRfp3b82g z=ljZFURKXmE^S*{{-*u(4I0XUH^)Jx^kz+gSsh1R6~9@7k!d{v-?t3YMt+m;$Ka-I zla}Mvq#nCkWwv7NZ*9xqRt}S{g0)-*`}V{q&})e{0{fl}++NSAJ_dn-X`>-!*5U1y z?nL{9)k9ci$l>U+*fkC1l?vJLha4<`P8W`W4M}hvU49 z73T6r!8OPJyu;A-F#4QSr-pfSpZ2X8OQs9!+d4)@7xuS`Pa0gfRMyC_WH?9Vz}5zA zGo~Dj7lUSQ@5_$_j2-wmkGS7oP!zZwF1g8#xG8&HXw+OdAG!5YTz0X!tHLgL2;I6d zFQqb%q%$vM!rWiVUq-ZEqF1;J7hZlJx#V4TSAKqBBXk+VcC`k(B*D6(J-%#K_PBDm z(pnLfqde7t?^S0nPNQo)31$&u6ciZW`x=ya>EP7hnpEp%?B*#d#gKU81wQh!d8}L@akMTB0RN=kMZ3xz1DgR#nkCaCh4B6QU@w|cZ z+(tCq*7w}H>}*Ee+(zGADv!SN@wxmw${6?7<1^~rmEv8}bK}GvFrn66Pqf#&=dLN7 zhcPpEbOc^1J6`G6UeT1Psm3{(JM$55z4AGW{G`1FD821D?>~upe|f)BlnGAl^{z(q z)|t8Ytnkim^DeZWs$4m$Lj76&+D@B@QjI#~@P*ei+`9d4Q zN3bBHndDzre2h+hrv0Ju0F^&99x~|e3%ErndJ;mq3Q!Y3LdjAF^udmvhaWS7PEq}u zW61W%K-!Jr$BO8u&~Uasv{;6^0I*l zVsI%xu?hG@18>UH?V8FbAm}!_gTxs|062=w=v+D367n<{8EkJZnYyE7;U)V0OJ=x~ zFO=4jzuKRm%m7_y!CWNs5W~2Ubd#CDkf-4k(!!GiQ>?nBuGt^c>~74Ln!H~`v-^k- z5`4mR70QE8RiR*#3Wn#MRzAfJ6yORD=V>1#X8yS_@HPaEC>`7h>uG~CJ{^fe$OfPuson?pD419R~=ng~?xSsHj?o(3M6 zZ>Lj#4Z|h>TbLL76bYUO(Q0GizK;6@-?z$;04IyX3-e^|fwD|u!GW?^WbUD|HU^i5 zfHh>*^f;v!T`L*6oI9M)05+Nl0;2WZu~cC9T`VfOyku5@OPMXh$M4ed&qs*2zzHos5K~;2=vu3z6vpG1Y$;& zs`pdsyPp<-eFTe1X!2cDk$~M)pU`v84tZs^af8c;ptklG!%t?2+tVFH{0b$!a5vW^ z0ng~1Co<(1_-0K>@pe5iP@bT8X%nW;p5N2`pINyBRf5IE3&P?gXUY4u2c95c>>~*5z&o%Td5~BcT?Wf6L25@iGMno5gmsV@8K3Zyj-AGMEt02 z#p|S0r{z-oKnnHOgRyhETPumYjWW-buINu3y|K;)ZMZjR1 z`0%NCdYm0`6>qa=t9NFz+(ZO#(7CDlp5if~d@^Y_Z42x}Lp(*(MW;fg)zWL#6(|1q6z4bIF7CFkEBKw-3=r?t&}9&j}7~=u)5(){9VB8 zjX&O(T*;ASX+W!Ll8+EWJ=ccEr zSf1pWnzrQUYv;fa=~r|hgZK|P(b%8Z(%2b=oav~LLQ7^$DJR!Ngb)rSu+x;C{%FnV`VFrV3&>UE_U*)A1y}JrJc*?1_R&r(_N`ka{%> z(S=Kb@&WMD`IS-{@I!&<;0vY*Blj#iwp~fclTR`zRIoTeGMy+X%Xt2XYN4Vfi^^-f zslpVF9QC?4Dhr8xnbMM9F|(PcFwcilSrUq^j_|cd<&|TUw92qO_A}@Ar}anb%BN~d z47c9Uw5%sY*$3Mh4<=2w<6cXK2(ucO@y&J>*i~W6vzd>h&GxBJS0*GdSxkMN8%%Ml zww!0PJ|USON9(Q18>ZJ+@|k~Cq+L^HcyuE4bYYG}zP>i0)FA;lzkmpCXt`o{q9j~g zn?U{sUD~rVv|HTh@%YX%&+bNfu(-R-{~bqN4hgMNjWIqvSRkNN-1&3rQeKTVj@lk- z9v3o;W(S(iYRo&^8qzR2F@&ckVn{@*5Y*G&CKv*h7y`O8Ag26D;{Z38$Ef+z7L`E9 z$m_}=+NY+4@jCPemla-4pGlWwFPgCXU-@dej$-fpf#B^gwbT)M4Nw_zlf~Q$e=a`J zAZnU-Kzu7DMSA+?UDxK)nO9Kk@>Ts!i!jBB#JQ0a`lKwo>@aorbQ&~SMA|R9!KBN1mSdH1Gzt%qKoU2Spf_HNOI_6 zC}wGT#H0D0G~Z7@^D3I9JrMB=d4j@CdDk%xpwvtw{U5p6;s^jy#`_ z6Fue3Cr$q>^AgyyZ&~59mby>3K-hK<+u|g9f@p&9?6xMWhsUz6IbP;_7}e?7np87M z(}zfI0D}CrI2H}%{Vb~J{hm{5WPPy$Oivtx;ySHyvEMT0#ncrBa44@qH?KRrLhA!~^X$}&XEv3F-H%)(S(Mu$Af25{$ zql=q|w0JR#!LvmtcTf^&o!%zZOJ1u{9eCp#iyICFrXSb4evq_hcWtH_DEE>~`E?kb zL;qi2<@Y1Fw$I!QFTYlJrsO=-yBfPD@ z6l48<&aYeP=tW3tu>_{cZ}H#21av+VvPMb@YXRpxzaT-H`ST%E^*(o5mKkRWQcrfa zkMDZvnOqw)Qv(p3vm`1dvDv?;ZvkDr=1{L4@`e^?2mN2JZHR3 zmAD%4+SYi_Hhl>huq>W#0?Ay7%KWXhh>-zZnKZ(Rqe9eMk;tN27s#5fqFN(cLB3x? zhid;8o_+Qzn{x|Y{7?~u3kA_+-){vYNN1sCq>@Pkk@Z$dtXAV~jfiuCIXebX{i#W} zmr2*5Pp${aP*zs)jMwNg(I-|9_|_7xsO3OdXIU$2!X{WK*#y#(I26=?ys_mq5XPh! z&U`z{`5KXk6dnoSgZx*aZBTIyhh%C0&vd*1ovRJqB6T?)pk5W=>Y|~{C!x;xt z(NOBOxvl;3;oZdP=E$XoIsU+U$q;$J@G7IfadN^s^K}je%uJ)!49@BC8mW0uHt;Ew z*&Wwt8ck?P<~fe3`Lw^h^ac`)lRfWQ5LTD0`3~62UqONyV7dnnze{e!$*L?BAfDx0rOu5$ViiBvDC= zGOGgQ$!4vCjp#gx>5Xl08Tkx_y*IJoY5S_ztS#znA1q&nOfV%(F#9cIoV*RGx za%qRrVwM{dcp2&5uc`!WzR&8GwSqU(>EuJzhU@6Wo9TYLtbQ~xSLz|hkIt7o+!X0q z>HoF)qBu>pnpDjwLE9|Pu!q(GxJZHvja4it_#pWP5g;s=qF4X93rAAuSH1*xfGi$@ zqG0A~`VfQHm*oIrjdcsDc={&O_Scus2}Ojsp#a<)x7<7P4a}^az83~{6vjkj#0Cz< z8Udwk@no)2sB*SL)tMwOtrc1{70)muFl}U`H09FqEE}Ro4nD26c;)U6-2*z{bk?jh`E@+ zvZz?Pu)J6)7yD((}h`Da?aY$ zVE;+T-bU|m$mCG!4I4DH1bWTdZ6wv_%G#?8?X$A$_hjqzXKT$U)%;dkQ&2inS=usC zI`ENgxRrH?Kxc%-el#a+IKyyk`EU?+`0e;mgQ~0?ll`8Ey(oYZM&o4CU(+((@vd>u@PAUB0QzVZY1%&l3H}k+H*HDevvL5&c)nXK?(p zME@w|39PFKoVW?!RuR7ECJL*1l=8I_qF_mxT1geKluoUbF<9EVR@wVO|8mruqtYuDi)s_ zVVxQ!pE_fmIwzmT^EwStK24cAO%*;ZojNUJK5gqdZ6`jRw{<%2`EZC6WB*@Ec_(Kv0D$@q2%vydW9r{eKgMPvKs?!n>7c}vgW=bRFc zh$IV0bX-nJOZT8x^p{3xzg0l=?DG2H#EeZ)Y*lmT`Q`Q4^n6HCPDW|%=I-I;)ooU3 z?dio;R(V~@*Q%4V%fpki=!~zI*S970Ek~yp&D{e(W*5JFt$Z7m+&l8aJtE0DJl^eN zqIYcS!1$C`Op0$@`p}P=tDC#+{llsG<^AJRpV-uktD7HlOEoQB1LM;%nMIe^ce{rt zX73~W$ELE%>bCX{^Q*p1JreozMVrO_WKhxGjP!S+(Z$_9Z*U9f$ z4JYywX+3XjPzZcw6n^+}1GM=zwVF}Brr$+f~`@{3!XVO~R)Bd(uw7q`c>?}j{D z|HkA+DZPfBL@q6M$aeq4d)dG5D@lXV$(MaD}9#_*UtZN^nu zlHauYNe#5$(X+mWHC7njaQrBsEakn(v`A%(*f~`53118Pyd}Z)a6r4%I5T^ z@89)Y_)+1i{G8odem9`-^321?cZ*N-bnwTEi&WHKEiWlwyyk+%V+gEU0U`n6VxXMx zOf0{{CE@$(gjUDGQPX{VbyS*8qw6-&=SK%&$RUb=tFG)0YV1$3lECqs_ORB5koPYu z=<Ev)Ucq+v`H**?6` zuwR^fG}O`W+QK5*?r7WDN<^!_{JWvv8n7xt<=u*y*KYPwtg_>8K;2esb1-O&G<^HB z*hxt{u0j3N%aniC(^tj*)YFN@Z&QVy)r!kXbfkR4gUcQvtC~ zUoiu_X!ANwXuDq2f_WDSf15M8-@O_MkU%IE7X(TQ)^yo-bTy7kJl~XHiR==ykW?d; z)j<~b-R6=#i4#(78{HP}J=PBuCYoQ> z$nXnD+I`L?*^#>0o1|^+zr8M%-rkpvtd>ztR#^1Zi)r8f-rxd4R;u<8=X_^luqf*1q=M1O>AehLr1EWnBlWX=j?sSIQV z#e`UV4RsF(szQ)WASfmP)OV0mn|uHj1d$7ZG%LzlB!d(wd1i zK~^+O6BIt#*J#_9jt&Tire?u0x%j~Js_cJ>taFJZmA(QW$b3P^d|N7K)?A%NhW@|p ztb56^Ey$N|viMni^+p?fj|aiYNmx&&Iot?$@RkS~quB$|0YHg>G0d>t=o7AfPUe^Z z)hwpF!LDYx4zijFXgG{Cmt!)Gs|pVt9Du_up3Uq_k7AKcPMm(=0wT_#4x)-96^x@J z4yXSTH=bAB4jx_zFM1)U4AmTpQ2l3fy*^U$k1h9B{101xI#?>iyQ!$Gc`vc8DYFwy zGkBLc6wm>HXV)i&Z^0xUrb&yP)4kRG&PW{I5s1%0xu#1oKL!s6x~Ny{4lk;mYRD9;rK2owv^>oF5@Vi;Jkt z2DDR;%u)-vC@^r3fY~+p?9}MB)cRb9+ad4@dmgEu_}>b9!pozvLEyhC?95}-mb^Ud zn(tp|cKMDI9bt*^3<7R*W%AVz6rtiN$zLmpBFB>(A4p?yh~v14drR{Gx?i}Y#?KWe z)k2EY4Tn(-H5iAnv~va=i-$i$86vXsp|ZI;N2)>X^w2T-ULeE>4PuO|#LdpD#;4t+ zt12lq@l#K;eK&pONk*dYv~AS1*T2mj4AmKGvOJ3 zIUNlp4b3YdSA1SKhgn~}84n2!X1f_CQq5?~*@)r9Fr{e?Lv1U~SyznLpFGMV@tMPs zU-R+xYAMcrG<==t!D68_oO%WRf-IYYJcYFNI*pGfsZK6AsyaHPI!0+en_f?xdM=%B z9{XYr3e-cWgm>xY3y15Aj!L2&=8J`8N%ttA#F)S$1Z{S_FYX zcIoy6Jxlzik*mc~sm5M~e0_{(eE-{$G*H@Xdn%NDkjmcHCCRno&*ywRG}vP!YhqMy;UmVsZk z)ON^1ar*KpzHvp%DXaC-TCL=Tk)&QY%i2GG1mY(6QxV zKQ$Y?RfJ={DtAWMdPa@la7}rjx{S?!lo|JReVq5cAqt|Ce!axrpro87$Zho=}lzEywuzC zSC|P?(Bdvxr3tN|f`9 zGi-`3n7e9Nm^o}p{a@_eRa9Khu`9Zs&L}=EWTE)%-pG`)wY-wa{2|Mb;c8 z{Mp4(bL9hlYB}?tI2JE5=bqs=s_?#g$!dWQvzVl{_~5s$iQk~pU9W`@)K9fIw2*kU zA*VNB@p9RM8OKrzVZnR4u19UzCb?l6He(?zVbvgGZE4A+Xh~PPLH^P5BFR$wizTez zGGJ$e9B1=6!tynh)rYx_CtB;St)=ds5?+QdZ%Zqtq)ovxs|v)IO`i!PRYNNuiOr`7 zEA^jN+%(qyjy*vb^>9PM&{nfBOYM+=jR27?oVV8YZq_DYTak_pQ7WHf0_vlAO%mw% z5*sYzC$`$xtnHY#Y4vT+9BgKMZOEgyM?TurKHSzSwV`O;7N4{6-rasHH<+xl_Nl=t z8)HXTWXJmF_5|}zE?G?e1$R-vR-UJ=vEz>X+nuw%ox*wBr(bR5Z+A)-qAMJ^Yr=SI z@mH&~gzLg=>dEX>SFBV#cN^sUl8U*~rJ1Gb~iuERXWvjtCk7ivevSB^!T z2eNjKaxn)mm4lZ7j;nO52CWBQ7995~Ox99&cPi=p8=aa}={X z%#Awa`rxEXa_Cs<#PaLV=Jg?T_K^D4DHz*%v-R*;W$^_6D+(VJeXs;UCX7M;6ti&Y zNaRS-(iH1b2+Svg*CU79xQ|+S^z!(K1l=W?&Shf5xm?Oc>Y2;6or{&P%WwQ+WkVOP zf+I@I9E!^x;zMh?o@2=pm-pw#*>orLhj_H%bJU^;S6tZ1Fpq0KzH76i>#V=4PQ?j} zQw+!B1$I$0ZYx*bZx;OFP6A%GJoGF=PDfmquIMaoe)gwWMyKyI+=4RQES|UxeQ`T2 zKh5zweLHaad*03L_h}#XnK-9A#i3iQ^qH968Ew4VBY9`Z7iW=h$LqD#@axS>0_o2Im{(w} zb2yu~)!b!}{FTw|Wr)?4A|>r|_z58uCN^(oW@T0kD!ngnq3+9;hRfd1Y~M9+fibMIsFcjBJOqqS%Q`KsE1Azu`3RoJzei$i!b2+{y* z*Lr%qa7d0S;};HQ?Fc4Tjg|ZU_*tMrF?yArU1isXNf-iU={_beb<>m-_t^C*8s7tG zBBm-^oQ4TNpA17&l%S4a>uA0xW`@v!V;`%8cqMU;{D=FxHcDv9 z)kDM(56UEt_niM=^GO9CO#7DeOHnC{OWFOERH?9wp$TZ%q0WA;aa1Y1(iMmYQ5tA2g_n8ZE*$%C&I*(i`3o5={WwVYn2{1U=Wt>}>Y z8HX?X<+BW1i3wI%7D>$gtbd7l?0Ydk=g#GRIa^s%=23RraqQHFM*iBl1FI{Mco6$~ zPh|EjV`fv5@LIMhz#Vk;C~`tXcVrAj!$1spSBnte1ARW=B*X4+SAr!(sAkr248#5I z#k__etZ}ndV(-0`ltlh*p9w;uqB-LLUfGsO;thCU%6QNI+AO{;Y1z)Jy?PWbd$G-= znK`sx=0`7atM%=1F*){gRDjsS302?ug|!zaLY8VV<5o_6sS%(Y796}gIezbL4Gr< zhRZY*-)Lu^h5JxF!6iOH#g2k9P)toJXc5A-+f0E+;C5`VaW*=-0PuwQJ|^$liGEY1 z#P(sVY-focz$(HVJcbewhDc%*W5SpPi~+);$HXOj(Z;XHOO6zhDC5?G8ECS9EA@Vd zVyHXRs`k=i-)s3IL?O{FmkN-OC%YtO3<1Q}UtLx|`gf|2dITQ#< z7(*DGjluM)U|c%a@a8~E+(%bX@;NvrCw5|l+};9PtcASd`Cupw7Z&{!RQX4oM-JJ{ z%))6_^}HZ#=KLakJ~~|*=KrYWRkAm-%Oan@pgVX6<6MM+h?5{-1$KF`BH4y#a?~s0 z#3*xf0~(HR#;iX-9*(X4^0i7bmj*?A?Ofq=Qy8*V7dFKxXD0}^VT;{}6qT6@#?5HM zoQRPHv8kfsP_?15a0g;BMZyR};KA6P?YRC&-w%eiA9}Ddzeg)yed@2Fyg=)Qh>t?W zVnxeR1e^u4h`ZP|-cXGfFK`u!t*~oi+GygMjH^6(x}r#-MEEf(7BacF{j#=1OSPiD zoO!$Cub4b6Q@O&;V?*|^WRljwqtauaOB-c((iJOJ!jslsf~Zu7p479t!@kUfVOJ+= zo%Ch+M{X0Y=;?k&xtb3tV;0vt(}O2Abz@jOHaHnG<0JC5Wwb?hY2>q$6~F3+p*#-M z>9g~Qu7;McB~DJ%bBh>cMYSxBO<~b#TLKTcr<7)G z_v&M*1ZsC)zz}F!=5*uf%qC_49m#~{TLA_pNJ1c?`O=H$4%#`qBE{|g>4Is*{jLYZ z@8uaMth?SZyW<1avQMZ+(;Wvv@04MjZts3En+vfR{>pk_YOO}ys1$<_&wYk#L&o%U z85+==e`#Zb*ov9vGNblnrkcojBw-~-L#*$+j~04Oyg4FsJD4wa>|pg+6)m`@IbFd_ZM&l?AI z@zXrx@7D@ig}$Eus*paU9#S9?&c>{;h;x(NtQkR=l@q&`rav&)1@rV)5)+rDeESUf ztQ67MGr`r220_On%Iu$|^k|bIv@%8Y{i=O;{MIYs@S?#O;MYkIW-)&r^2rBg+v-_F zO%vaX53j*`ankyP4uE+v)#?VEp^!4qJ~L_|W5zU~qQgbdFqb7;ZnOJ3@yaF?>3H zx2R^H)xm9~Bu0OxNUxy!={!ZZ4IO?V_3^10qekJ|Do*Zt;Atw&mCoOGGU zGn?EnomOc9fzozL68}Jjkpvq8C@fRWyeCx|{HrbB@(HiS*ddmYgKT^SWW;HjO_{p# zB#(i$CVSO>h595LyO#mMVuC=|gV32m=rQ2Ts7x%rS&$6K@9FmpVIb@hW5#9(aaaz! zbZ)?s8Yq&6(sG_Na~Z&Z_c@p;&_EQdRW}32@xWmGUR}`6ikAC3Eir<#vQ@l>T>h1h z=Q@T8ojLD^Kba2Y@Q9cZT<6wG$?}aX@rf^L6RmQEg|K2Uur*8y@-jY3%|+0@rC@oV z@xu&8s`=!hfd%}C>?%ZMB;JX zc`d{;Z)zv^_&c6uL=rD0i$b0{tW5ph(ZeEE3vXrS&1Hb|RZTq$+yf(}oCPIy21pHK z-DkLRYW7~rFl9c`6UboUo;mF3Vr^-V5eD3-nV4IO)dYLaL_ObnXQSt#<<7?fIVDzQbygi|+2@v) zD#V#q7;u*wHb+--ea<=g&@qL?6*VxMt=xu4yS8$_#`AfSliLD?bP}cFzvAxNEAcSq zcK4e#Q$%YtOM5nqee1OdyDZ_R>}}yG3tJ%v$jy=6oi)TgjFkyHB}u37vk9Ao;1-lj z)}TY*YhlD|C*Qk-nCqRDagLQq#ij$smL4l>@Rl{@V{R*gA{ZpMK!r{AvyBEOHyL2FBRa zG`Evsqj1(8eI8EDUmUr}ls3wgHfW7E29Pxh+BU#+ntXek9POG_wwp8U z;(SWKsD{~Y^?N~VSg*DUOT>h55t}z3b!M6Sv#kF z8Qq?-7b6>4@K@?)UDnOu836b?gjQf;_mJWd!0IacJ;l^ zjxzEQ?&`?Bwwbb@uAu`pAAhND53tVkVC?@~;T|TN9KO&R)ax2?d^OrPFnW?X%)0+Y z-9h)ZY~&ut%kfM&mQU#Id&oMZdz7a{@T9wxPX{bd203`-m4_ud3|EwY$w8FQWtPs? zlq(Cr`wv7OpLhA5$e)z2&{q7fn7kbCyb|yFKV$MLOAc~2e-rtziY>aQD{&Rue-rs7 zs;gnk0kQKPelI*5_!r0Hj(EOF%xYtdn{ru-(dbi#KOu=1}Wx| zQF)}8|8Hvfzm6frJW|Xf#XM5XBgH(g(6kEts}N^U3-kd}%p=7-Qp`Vkh7|KiF^?4U zNHLET^GGp|6!S*R^yrBnG#wn?T*mEI|tD0<=#$Mx#PGL>=F73T4^_DL$ zL%Q_px`@o4&NO!!taTxho_@>iG9>9XxvhK^Q;yP7`21Im%9x|Yf)(!~6~N7do-PB#EYIx1%oDpym`5h6i8EJyyo zh^oWyYLlEg1zkycPLsZq3(2?t<>0^hYDDQ(=RXq6#(N(q*0&(U+~YXSkNf?18S5UlDbmZeb>s396vTs6_Y5^auXhY+>xh zrTtx};;l&Qb38bSrTSP_nS*)|)uRGmQ{Ze4M|S!Xu=NQub`VH;Jp1 zo;7s)T*tdCij#~BXm$K>j8YE&Cw7WuJ&<}6^$={Nq4#^+;Mfr#$(3e*|t( z>akz#87laibn0$q5=%&j?#UGE%c)QYv7qOr;q%oI7B!LiI$G5_I=k90$0qdersC=! zcHmCy(oDPZ=)PrPjAJQv&X-HP(>}J>O+#l)--pC>3B(!*e(aiF0`zcKrpZrrS*T~S z?i#|zD=Qv+DGZ${I{%#4Kl)x%FQ?|YatJW^QZw{Pov~%4a zbDt#UAW^S6c^a#q^O<(e{UQ|**L>CYwRAv=v!8T+_$fbPp#Ie$3+oUI=ZMAp1dkkC z%3zEo|A&Lzc&x}w$~;Srfx&l!ss8z-9fRt*c`KZSMXAUY+WuwI$LkLlPGSsvpDZ}| zFKp0GZKpJDvFPsR8&;!B?pf&W&o4C2OB{aH-oRU=Ltpe{GP)63JpI^kAtiBDFLUi- zG@WClt-r|kbMb~J{ow0j(QhL}O48kPLDY)*Gt#B>b0d(J7+Qr9W@;T^2*XlY^3Gop zY%#9*xr8l}gXbwrQ1K8fZA7#nK&)bjv0-ctGEo&W;eNVIB0Wpa+DPU(Ng8Hym9T?bDzp$SKG7wK zzalYVHVRsETwU!vTa~GpLq~jtb?eG$@yKsXLgmZ@0@sF0)_7Cb6bDkDZFE0r6;>hB zQKeIQA-AGDu|}wAKK;PL+hF~ad0okF-7(ez^w8qmfBmIaq%LAuKfu(mdwuoXLV9%F z40ppwu0XG$!NiltVnfZcp~BQq*os%xCXCDWz}#HK5?Z|x9cuY>*7E!9Mm4sTcK3#T zL6vLkyrW8;%YcGsH>cNvg}cb6*vn1v;LUG{W-GH_R{1lVR;iml_}RW>vVpvH0ge)c zKO5c{8iwMF23tymT;K$S35E0OM0)B*NN;GwNkz#?3XT#;)L4tIS|?ao!^t95Znoay z+l(5lr4;BS)7?+F*u2Zw=5*T*4c)Fw+V4FJm0%!;OnMySjOA4_1nXkupcwr$BNr` z&vY0xv~MBXpJ81X(%dC|3U)bO9q zp>U@oOK08pM=oVYiY?BK3rF9qWAPgg`w&M}bS{dx4rc}Ql@rbciwAu;$Gh|P)M>}> zqK<;5msq`%X){}&oa1DblQ=q8pyK3Z+{sMFai`b`@0%?M z`61Wj8uz9x{iZXM(ed2D-pGWuFyASil_QbY!QBt!_CB zZhYiN)P*gqjq4Td&diTbVezNXKPQhj=cO?_C0-mqh~K6ScV{Vd=T1G7$*f+%IC;_Y zP*%H9^^LnUn+Nya*&|sGDQyq&%F~Yy=f4F#H1*GQU#ubU5A+J>^asaY6+Se^ls0|* z%p~5(eDeIY`o-haa|`Wd%SmA~K6cwQC!0U!MpkAHUS^Krt5)GAlcbj}-_Ej_FWu<9 z+~hAk*bKTXFTKbOVngnu^5k+Jg_nMfPrZ6B{llO7Y+k;hf9i*M6(}m^6>lljaMAhj zGFa5xNzU8p(`=~MRhZFcc+W*t>Qz*sw=B*;$Yomei}N6iYpG!GneD5jPqcg&SAo;s z&+ELy=-;RCHKvkZCldI;Uiu_I=F8~0PWyC~K6yR3ehroIdEdAlv+14NSeqq(Q)BL% z<>Z@4?+fMfP51K6e`8ffzZE>`E1Kq;b$HW-_gmEOrgT!FG`_5wz@UEfRmJ1qpG5td zyc`<;ylM#FD>}R`o}_%K18qsB56%h+X$och`X4Itfos3_uKWP-Z6L)hPKod5OR9H` z(KX~&h=y?V_Ine*_50q$_uiX$)gOa}w?p)Iz46P9@igulJ*>t(vFyFU%DtiX3ilQH z*K<7qxAK7Z>u-$_KM3G`FMP@;Z#zf)D*vj;!~bF8J(*tz|7%5FRT1z;Y>7r}vw?RT zUw?|f)5KN`PXEzar5Mv2los<6P`z8Vx(kHdMPUA(C4x<$fuR5fDh1&Z1jYnM#i9YD z+(+e!l=mNrbznk)WWt5M`>6as#e80GFuQim-(o&p(CRNS&pMFC>2|WGcoJS1EM-jt zErMsY2a~}ZahE!B!__DQu~}@#*e1%Dh-~)}zHdt>tAyWT==k23<3sRW&GX=@f0yGS zc?s1x3BmtfjtA+}Cc}*(6~TC!5e|}Wg{!?R?MfB)N%oz=9toCVO_Xil2MCz}cvs?5 zd=!eQN!{KJ^V($1-{RhNZ?@8nVN7#riI@08N*J@p&{Mm_7J?fL-dCdTeM7X*J{_d* zsRx-5MlrDG1a)l!3Nd0j4DD?K=J-h*LP@sp?56~D^#|gOcV*+J;a&LfZiWa*a<2>m zg?$MMvRp%f(ZgkRfG~yv3bWgJa(F1EZ4*QIqvgr$7s5xxL?k}uYxD}I=tocv;Rt5N zNYItex=*nPk!&$SJWCqkE()}da6)XlZ1@lw+Q&dbDi$7c88;MAT5bS^y6%HG z?SZ;gMzDh#1U8K_v<@}moq{MF{qRaj)oi$C{opdfzWE$Y8D*H5ZhtG0!;A561dp2Z z(R(CPGc{aAD>o-CbX$!ITr7})1`Y*M^w1s#4pFhRgViEqr7iP|SXuOT6eKd>sszTw zqC+Jx6W@ejh!o{|a#3GrQN`CAY_`g8VIWl5oULnX1rnKIO0pFqS#DT2HuY$6hnB>C zCQucqN{v?StcnBq>`aJ;_SHodg^e^yHFGqF#J+OUG@2WTg{(!CS`e8ZLa#Cv?G!#S zl9V96aJTF8cVNwWI=8#Yj`dVmhH0R2O3P``L-C)0syn!TQ1g9nwJgPe+2D?~K?UH< z!KQ45F~oJ4inA^X4AD2om9Ko?Ri>L`7_&lgQE5h+G3%cRDT*+C6&{u3*tY}w(j-qp z-+fRxRA9}^!G@KZlbnx%b?4ocUWi7yRZe%bmp3j&J*)VP+2xYd4R%q!kg*(%^qh$w zNx%$3VYh}Xp$#;zCMp@3|BqkDHK)OwkhvM1nXk6X)0y+cca_Hp@?veOQ_c~1j27; z__qq@s3Alc3s6usu!HJYbz-3NT7t5o|i5dFADO=#UGP4ESynG${_uO3JY31UFW0(CsRHgt@f?%*mHh+~Ku!4L1J!s2fPw@v<&ayTLRJ{p>&0yGG;;rgY_$ zp!J5mYQn5~XxvJKI2?P~D4YP4P|xkBppR@C=JGlPx^9*F$PaJAb{L%$F^CCv1g8HH zG$#HXO{$_g*2!Io=DpTWJhj>kz1I+O%}Cbx5W?g~B>5QmkAC{cC4EBN_K80lQ@MhI zzPF4sDKLfKGIEc_$HBc-)n;>9nPVmjdFM}kWEJ`YND2rT? z7o$@q<+K@a1BO4&5&HC}#pba~$;-4Xjb~Ex+mz?mrJowM5y?l&`3hQ!2??kUkO5pk zxD-5AjGt7Z^*lrIq3l>`Tw=2BI_F3$_C)nSWSQA~N$ilVRzc*rw5@@iPAK-|=S+k;&Gw(;Yb0o-~Wlw6S7l?3;n4)ZnsEx9RM_T1392 zw<|Oe(jIMiwL;zomitM{9HEboO8$9h9RfMX*X8H`4wz?ky7&tw7nd$E2vG=2q`FvH z;{w>x8y#=t+`@@YmeHBaJFlMBq^i%&ZJziTrQ~R?CBVRQv|jzSA81%HcAgAa49Uj?uG|vSK9wnb*s#w7-&1bx&Zuo0+*_ zN=m%Kv#b zqN&F{F}F3kv<-`cnZL|vI3m2U@fpPv-ly*xXxqeZVIJqa{g@9VcmwSCr_PIfz%^5E zB7PEcs@E-q-sxf9gSdxpb6fUQXCLtQAks~9|~|nhrFVv)CT(MkKG4-&^_Z`GkoPO{`#WouxzlmU?9^k zx>5>opjSAt?Kx=*$KS21|Dr%r;Z=R=e-VJ$vLx}sJI0Fn7)9qcj*1@M^G)Qu81s*k z?u(k>^u2S!;=6T$87Khh1Ht>07yC$;P<%l@K{9AV)UquA3oZR%=m!h)pA9s!jaT$A zAZyl#4ig^&{qS=i@iFA!IP=g4bcAIzPWtJRn;(nWE1Zg z{V+Gdls3U1AVO)yB@KIzTA}JVIL-ya9PDGG%etnemd=X zE3c4^rT2jppOGwViL8%-eI%RWgq||Wm^p`Pk4TofVp;x-5v_IEqbr+;mGLc4PTg_u zEeQCYXoNU@w|Ghfy1CAgCs|m=>qM|Gl+VM7mVuFaMcf@Zv7LxZF;f6)3b3xq?->)6 zED{XFrP|PY+MBYG<$j4Vdmdx@Ks=Yu)KH;_@u8(GR|$l{P@8)uR{(=T5H?3Ro*|w} zPjW+B`5D-Zo$m`=AR>|_=282;55QtxehFQ1id^$Bj=haB;=o?!P{|R#iDwB2dFU%E z(z+<(xhmR9eX`!W+ll{pgOMo=B!R&UH8z#BWn^OvVPiCf(J?7Tg)*QR02-9yD_P8O zAuOS~tPbjI*XDBkBTzA7X2lVxGUVqSFm4XNYSDUGGNE^YIU&6ELuyS(&Rn=4d_xVf z_RJR~cL5M{4EJXb#Cfkl;pTV!%R618ih^c$d3guA3&I-~a-DeyYnmwMT*J9Fa^Ce) z9&<43REq~It;;$OT}TWrNQ^YYnpZuCHiXFgtvE3Xj0CDMVW98Z^-@Jw1N-BmTK?m( zPEAK@409GXA9ZnFbtWlw=I82y8SBmY`Mv9Tv0x&i=lL8kCQi#vSuJMSuvx&jwjNd8ZA!mom4zz7Rdo4`{R!n%i7?uk(5EsnB3rkL> zNvwEQwy1Dz3_yo8MB!Xloe88321EDb+e`{6uGPy zWu!j$nHYcHV56&9ta7pCi)xb^$L@i({gk%YpVKBpkmHT?_M4JiI2|a^vFO7F*?Zm+ z`8{^Khb6hhA$c93JQYqElM)Bbojk)5d+(BhIBfSYPMa={;#8tSan2&ch~mtW7kReN z%1TPRZA%Ai38rm}CrUheIV(ECDx#Rm`fRE$Y~K)ZMI3R)-j*P$sV0heOC32%Ykf8A zc**J(FltnGbG7X9Y`Gd%tQ!}`t4g-()#aNOtUs@?HwNr#<&`!EDStWG`Fz9qrPZ!M zgzIa-PRl~6*?MVfoSoT~U1K+w*75FF?6TG!^7av~wy>@amD2X+?e;LOPS^48RA%2j zySl{fx`Jf8d3U>2%CujX-Fa~5MC{$MaDUFR|B}Jon`-}arL?bL?`JE<&k~hi0e1ZZ z+$w8jj3?Yc0(bQW_s~Vj;Lcv`oPFEP-q1?P5ShcT*~ z36=fY1B$7z@~JqU>D2P+OrDv7@|g;r*)Sf5hW{9qA6+T`rc{eO8HXM03J^v}@kx}^vj|E8Nt4Ur6kZM-bkqP-DWJ3P`z{4X!d^8foBSAb8#3MmG62#9E zvo(^>@c8=f>MtWfJQBnsLA*&T62v1xJQBnsK|B(~BSAb8#3MmG62v1xJQBnsK|B(~ zVgx@K@8dtPx-RB2Uy#Z^=l zMRX0o>}wOvg#__P5RU}$NDz+%@kkJl1o21^|NjGsuL_pG3emngz*ez)@yadU(*97W zQSU0M@hZCK>aq1bk=Kv7w2UOT%;>vHWV=pEtBl3;NjSgqQ1Ow<^?n{Ym>KpYJ;3&(-_M&U+l6wkb5>>YEyV z6O`)fr{dc;EL1AGnnRyn#wMJtJy}udn?)c}`{z{+y>LUN^@P&z30FTTlW!9}bql8M z=S88aMPFFs?{DP4U4^`pcKqt)*9!;zzQ&hzR2EB|`o-2=cm4TY?Rjf`Y>b$2V8d-J`}ukX`s&Dt%_m)o(v|1GX}zuSxO2h#5Xi~MIIZwK-2hDdM6M9bDU zU$y?B(#i4h>r&QQcn$qQI*4A`Sb)F>jFCn^6+VGjLeo*W$_?yR6%~sR{|+cY(^1Sv>LN#3#uB)+4`OW3O~*_1ICka`+nP+NIG7w7 zS0&Y`p~1S4^zmLZNZH3mFk&iKAT_?+SIBX0_tJRcTM&`wxh+T)0!7C;l>CqmnQbs+ zO0S_dmNg7YUc)~qQ_bBR%8`G|ODniO_PC%Pag7OX((KUMm$X*x$L;zu$oEx6Tq`|xOLQQ`HB{7CjQt^-(4YH`@ zpDN8HS;M@{SB1k4n29-wIQXoc*>ZG2>^Whql;K7(6vH}9a)<#Ul5Q1KLS~q5T00oP zV)~HMCS#V6O+;zI4SEGs{U{)E5Q`(pP9d95w|F`*>h@ ziQ~%#Q&K$_=$2vI3kia<@13>DSnY+#J>kY!G6fh+^@#FoQMF3T-%*JVF-kZiB6~<^BS{x$DGEiq-3|@c2WupHbu$Lko<*jFJ@QnP8bL+U7ab<3HcA zZ$>kq;%Nl(s^3zfJ*s*MZh0=M`aq(5I3d>%Z-y7~q)GZWZ_5`{;|>)m;O7GoHUquXSgejFYuS+mlI4iPLhr#hBWT*uAyh?<`8?MC09BA5_~U@O}v^(FRM2Oc$aX z)AYK%9>?r!=e#%g9|JU5ptgQpp3@KC+`3mBmsG!`LPH^y!3F;?e!E0PiXi+&^+UO# z{nyESW5;(4)v|(A@@Ita_4Vx>fvwc%s%yFL18zdC3NKv1zShi{a_>lXM4sFm{63XZ zlChgzi61Hr3o2>&4lT}mbEkt)0)sj^7fEx(rHc0xUXi-DvpW`a))-l=7c-?luB)*h z(zUG?5X6h$Y=0^B4Wl!w9;GR>21SCIV7G*LCzx3<=%F3SpW7YLh9!qzzUfhEG)q=| zuhqB#{H3&SR2^S{HeTQx_3SmjMH?D%gyZjbvrzFg_E4D@Od~?{=VOH(XOX|m45xlD z18~rkE-rA)2&QIlE6TI(BnA0o%bAKj84QetgJzBMnx3MGdt++=geh_gnuN3;I5kUc zBmSTQZNQL|Z^tu}W@+ocC4Q|CE@eMO#}Tc05NXTOmS9uIBf;`e5cLyW;S*H0C=)h{ zB0bo@_UL8unb#2lfFF$l{lk+U#sZ8;pPIbPCe3iVJ9Y&r=L7;@XEGE{tfwmKU_vyA zER}CH+%=D8AN*D@G@>dDj z^B*i`4|)>x7@1Q_nN6n+r+nAjbFt3tg8Eorfpua%eZ$fsO-mGXzdu_v&+CYNHvf>_w zfo%yTR~{tY#N?_{a*l@~lJs7FwS~n@@#a`Y3jCu@A1=o5AKLU-|JtU1a;M&fy+Xs6~ zD9_SWFfyG3xnfK(Ma3S)*vO!C?1U7480JYs-wl z5oVAeW*HP5V;MAxB{(LexDy2;gM#Y})O3S8NG6WLcJ&w75Apgm4xGXxznfOcoSLxG zDa5hVuKa28hS(+k((jl{rA32tJ3ylozcL15E%pAOVm>mGrdeT)xq|3RS7-DKTK-7( zf$*ma#5%;Rl8_fcq!2C%;jhep+kk#3S-Pekm1W}?`M@#`+^R5@A+&w8xdCoPs`D=~{UZZy&5j~1)R+fVpOor zd)F7!u)(;7v_gL;+VA??pdSsoBd;6`2FJLTRGOQJULBQFuPx=P<;+Q=9}hOan#$yf zC=u=`iF$k+nahdLB<)v8Al~Z)J*;ud7n}c(%pnQjrhWPTb3hkR_^=Y_H2!(+2v_ zH+(+|A7`Y=?Vw-fHTWOhjr4w-GQ9A!SzG1tf^@#jB0|hdt@V_*7`82RR(rKx%GKx0 z+^@2*W5`5-1XAQw>;0PTIuEMDr9;o~Q$pO5ZotR42L$R@FHc(cqR5G%A_v~RT*@b# zpYHa?7p&KQ9SeWdZfd8(T6hD2oPvN6YoqCFWdP`hf}aC~v2*Aj<;rAgEZ*+<%wQfE zaR0#hifA%IWi%{d={!W2IifWjATk0d7G)xa(DpM=_Twki=;9QNfCz(I%}=OtkQsx- zqio}%76T~!{^6&B1S25bs34mj;7kLe!WIGiiG2`S#=PayRys15|9A+y?LX{~<(e}MP^ z9e#kfKzlQNj?#wRV0=f(0JLS{q5^oVizn+#Btd$lVRFYLSxf_2=U5ETz3fw&EEYue z$tz>BgF##!tcCJq>gG;TTiK-{6JRQv1H(lBb@s}c$!y{>lt$%s=L$~VGK1qdf@cSl zCTRsV6GEqAh9;dwK^MZMwRB>hwTljCKrFHaF}_*HMCBMFXkFyM9)l_~aWyjf;&z9)A&ew0^U9W2;gyW>3XDa19dxm;=AE zpLHxQ6*CIR8J{>aagSs_!T+G>Nu}f&##(PAZfY*mWuC+x={SU-pVnQu^CyOejIcxJ z@b^MgY8&_RdSuzuVH})R=VPS}^WGOeYF4Htx)-@_Q{?d#J^vEXUQTAJL z8<3D~A3>W6#$G}wiKV~EI(7F5E6*#34U30l%*)gHI7=*qJNayZN$ig@0UIUb=BIW8 zBAph~)>Lr-7(4 zWJ?-jcdX7@24+(l9>nb`Bq+T;#=bK>CK)02rgSBN8+-`89HyO(UnYRl$Xh863n<76 zz_k)Df9b%wxhqik*@ZQlrGOqtcwG_`1vPU*ga!LuJS2urLuRg^( z(F40FSuE0W{#A}tB= zCe``4lbnHGg_>JcQ}XJwZ5kC95W-QOv|Zk(T0vY=FI`<I#RN6{K0(0t-#b=nh*b zeYVE+t%RTsQK~h>^?ACqEj8p@Qg z_h69Dyymu1wI{JG>$Q#i5!T(2Sr(he{S&6u+ger^#@WzU);&?yUsCpSgWJ7}d+-4L z2WxQ;g1cvldl=C*M8^ZaE*sH%Iu!S6lyh$Yzq?P4C-`~!IF)6KWqHg{8NRE76|=)s z6wg!=&lDrYXeN)Mq(hjA!$bzpNJsg2AEJCFLw{zXT*I4(ab@3dh{yk`d<2zuu_4=q zq+A%R$#u#KHgTU%6`VfePa0o)XGz7zB9SXGcw*| z_450B{X9eVeB$7QSL0NL?<%bFD(-O2(P?hRanzEpqolI8#_4j0`?|aGc7X40XTPHL z@R*7R;T!V%z^Rv?3c#!a2>4ORt5E3qQQ4|c`S{Urj!qx)gXF6~FZj{5tI&;{|774{ zIPqg5ys9wY@Pive|5T`g)2gsO@naWOnM+n-H&)?%BJbkIo26mhz2aQY+SjM?Z+AnHQi=t3{*%GT)0 zC+a5J==NCDUB1!%g{X&iqlb~Gr&Xh;lc<+hqt_cz@9;+Ncu}9UMxRfjzJ-mxm7;!) zjeg%mU-vY=9u)PTZ1i6g4cKf9I23(z+4$y*m1P9PRY-V{hL7R1&R#3vRk+7$d) zEJVI3{v zQ|b|&W)6=_$|?QY_0uQrU32FT%fPs)g_WNplh(lr)h!(-XBR^gGofiYnPqirTYG2c zS6O9sN2ljm74;cK)rZGtdxytynMG$8SEUVK_m56ny81?^=H3-mdBvvp42-%*r#VL? zyG5n?CcN((9`}jQc%Ag|*XZQ=<@LtS-uTSI&cTsi!u!+n%hBoi+OOaHh9}}b6`x&P zZ|xnLzKQuUG@eynzrMYfU)_Yn|497*e`5cU_#cV?caiuXiT{!KABq2w`2W#^;EcyV z2%8qt2Ej=DkHr5-{4W-T#Q#YAkHr5-{Ex){Nc@k)|496g#Q#YAkHr5-{Ex){@<{xT z#Q#YAkHr5-{Ex){Nc{hQ9sU=F5bz5nyQKUw5A0KY>JCWr<>*Dz$XJg-_TPC-$BNtO68}VKCF-Ejxr*h{V&q@v zaru8Jo>A%{doSNH^fgl9akvIJVyw5>ruQQ*5YhQQD>=dv+BdPJ0A#`2)FQC?qsgGS zSp3pyWia7g`FFVZUS*1=Ej9lSdw1Cs*W2i6yYa>)K=9yB2MUko*22+i-9 z@ti;HoWqMDg}i(U5VfIDrC48mT;?LY+Aw(lIXRrWJbVn+;XW?&1MckEV2J?7mb`-6 zgV>Im)NTOf;C=j%ZwG*t$YEmmj+4mQAYrMQa#AEUREczkVz7oF#G_+CUY_GpK(X_) zf*0km2{X1ha*{6rQM!D{JtwfwDm>RBDZfw=5Jgnf04!zzqM!px2^Ha{2NLDSW@Qx- ztw#WMO4uT?Xj3E$IipNj!(;1X&jATj(Qk3QQr}4Qa*K`O(Y&8wmhfOy@iH0}97umg z_JLMH$5GKU4u=$;1ENlHMo&G_kYs^CMuiK`DjF^oF(b~mI*J4>kQ-_WBGyc{%#oTS zr3I_Zw+kZ#C^4ZGnSgeRkvR$hdpTOR5l$9WuCK~8pOpI?hTDDcG_iAty+n3>B3KUM z_>ad1;i>#t@r{-7O&P{0OgPwC)V}kob$N~x9AgTx4+8G8rE*mc)w2d{iiUqdXhSn{A=23z$4dU~ zG>|cxUU(l}6dygDk8CU)%3SJApOwTVCLXoa+V@gdk<;QmXDq^J+&+c8TnOIvCEJH) zl4;jOI3A>(BB$%Hhq$2lxDw48kWLy3&U(vesD4ycyB2W3<8ZW|^VFJk7E@*TI!jNi z7GW|MIvgMTaYj`~-BfMP0bMiNxhxEiAp}8_i>vpO{QOTH&3I=<~V) z;kGqXxY!eFWD>*wLbvX}#*Mh0|>^`uNKU`aQTpVt_P$Vc- z;;c2jpjF1zLnWa_uev~Mq*crEr8=A=^?4vfP_r|8j+OsQ!}RBJoiEDl^S_t7lcpEz zx4%$ieF>fWGLExYtfMVEias<=+p>6*Mb*ak}dgD~d(BOJ2G&pR~O)C3XTAi&9t4@bt=?R>B*Xx0c^KOKA1% ztsI9h&ABh1$F1HAHeO5@UP`RmE=jo=u0qCEhP{-{ao1o@SSh<#pG@#hw)GIybt;~9 zVT0CyAXYeUJ@_^dvaFanpxWUTDW%Lo)MEw@34Z*Ka!z`{1#Q2RF zFT*$*gTP|L_|(c7iDvwjT4wxtmb~>^xJ}vS4V=6Rg3XOmrcH$_L(a5R?i+SqZw|g7 zqxuS?L;)k;!A*YMtPf|f$dPEGi= zcOmE5-pZePX|RSp=CDAe}X_& z7@HO9oYg@VHTYkZHp~=U4(lXm8-zG(gY=s6zJ`T=o$oqyd_HVOv6>({5@oTf=d*H~ zI&6U&6?xY}YMJ{Kl={h-20(}1rdDwkM><_cvWr$7Pe;%ql;bucYfonDTt4f=gQFp# zA5*l9vyw;Crq*py#}sAOC9TKvP-EGVV+sG`&rioGC^nxDt(OtyR$Q#?iEU)GZ3-Aq z#J}1|hMkBioTz%+Y?5v2w4OAr*c_D^Y{efQ+?*^OAI>G)fCWyYWKZ+7PCp*m@O(YZ z{&~ujVylUJYEx`WGjwX>=Di5QXb}{j6Y;GCQvTW* z_nC~TA@VH;@I4s4R}!u67`FUO_52JM!9JACerCt6RM1{f&i?+Zy_viHBgVPBu02!U z86i>@!EGP9^7VNp*~Pn4bkg7@;tx;Y_66p?`Sw|&zNo<5NI4dtS*uDE`O^z`lUIVh&hfmIbN1t zW_eux8o7L2b~Jjt93Z~pV{{@obqp7};?cSyjdbLdvJ+6e`eAd$UF1af{c11C$(H-{ z~Od%6uUyVE7P3kv?GCU6&$f9L<@4%l@UHhUL-T1M&R8ounhYI7^<$Q1G6 z{+HB!>|eOZNLLz^!^qi~P>uWF`S(fb@8jRODWcxjjJW;HV@O7N$aw3%)#(b7@s zkM#FG)9fM7)g765K3=aVTZ*%=Za=^Gq2%pD)~;L8uFdb4Zr_NdOv=5S?mnk?Jy(&1 zpV*@==zf9SL$u1hQ{7`=ysB2}5e@X{k?vtX>al3bBGmP$d+Of$_p$omv7pSOBiKEM z+r8`iQy`OD)7!@$+xb2-*P-3!?$s)2hwW|`-AVneTSa7EQ{5AZoaY}LuUxw4nsSa& zz31x4XEY=){9Vs-wm>|H{5=~`RyyQM$YkhRfb8{Yr2if9=erjR0A~5c0?2%sSw_pgg6<)GKX--x$%G!3dxd`{_NA8g zp8`h0%S2Pl{DJ^?qNRVrhcK#_Q3LcX6@36yo&a;8k4h(?j^v;CpRy;6=)+6=Uun=8 zNhuY>yw8@^AIqrm$7=tAW+;(GY@o#Al6EA8&-LO+hHX7PL(~h0W}Yz<9v1*EI)#prHNxrx6+Jii$&pJIVzI2vQOcwr{j*$O%c32oOf~T_WZO>y1@C~i z1l(bW5A=L@OH;%ttP;Z#x-GWidk9Ra8e zqVkD%>{ftZMw4aMkK8t4;7Mrz@?~&-fS@_akAilCox-ZH&9$!(CYA4Q9;nIp5tiz_K^$V1(!ivolE0s>rp!U7mY zMPm_~m{aQjy6_Ul?4^60GJaE${@#&Z`v(NTrh$!912hwwi8`umiHN_`zDietiRm`= zqr`Ei&-zgou%YzR`vnAWegOf@oOL-({{aESB%@?y3$q!}f0z~!mTDGB$a24c0LUNN zB*o~&14Je0#jn6(X5s;eQUZu;MgX=fS)9TyKBuBe4n(C*N^ENpx^N7xeFmU=37BDMNL1(8`Cyh5#LhFwX{ZU&3b4m+E|+g;_w6O)<1Z}Cyjs{ z>}V(vIxm(oa3pS4=?!*iM|8f^$A$93r=U>gx}qd3Wy~?q;aE>6LrPTo+k2Ff3f!+( zFrVh`wGvJWL%gH66w1?` z9ZbYZBKP6hX-ZWiRf&X*kPLex!{fR1YI0UajO-g?Mt<`CAg@CnkuzEQu1l~tKeT4^ zBO5;UaEGiYIR&iAG|&)$=7T~%(H8LZ-Un`r=<4B=uP$xr$9t@^TqGR!bVGkqEj&e+nMy) zd`JTH5#Y&H#ZcV(#6dWI&6$+RV3`8v=}Z~LpDLJ6TmEEM+rCDxuJUUeenwT5|^Hr<3X)8wX>fF*l>Oj-9%M?0J)}5{GE4796uI z7AnJ0CJZA$1dHra*)q^6XG0!UEHqY?x-<&pS}Bc{wberf$b-82GYoMj-w&B1wj)e> z5=x2@PK%@4M<5J^h%;sN`#M}?bWhQL)`{<`h>0`bETOp1bEh8z7+|uS!@h%c#>P$o zBQu)=P-83LY4xd5M6h5n7_pEzt~xN`Qug;Pldxh$@k)CZ7!)Zirz4ExD3{QDKEMD* z@`SGAO`ff^oRJnrWh=F#NLkot_deTwit~x>&h`Y$Vn>5&Ba0Nd% z+9GMEVtlBtVtR@H<$fM|mQD7-TB3#2Lg8w%XKwm}^nc`n0KtmEe zgjmNubP(CJFoJgom8I(UyQB4myE)Lp6+r~CN+$4{M-*%$tuL>d$eV214;UNNe{$Gt zl-7q8xnTDmm;X<93@-U0~rbwA(SoJAseQ9vvm&{BBcVh2Lbv^+-Vc{w_4%j; zku?=PR(?g@#ahJU=eO>^?N|llll! zHP4IY4mQ`3VSA{i?%--bPm?T+BsyA(wm)AtEHh;l2b>jceOuiqvBc}KoGpOIX7l}t zW!+h1B)FM3^e7>(a2FPmvPJfne;{`&Dh??F_Or_L;9`U=-n_sp%$#$tE7^FP8R8xR zHs5%(*Okexyx@`jLv?1vae(}?eAxFU`%SWBA9Q94gyg4f78JK&PG$X9SenO;^^mjBW4@~gtFHEaoJ2rr>Q%EU}AJZ0G`x&xG^Xang z>gxC2b7G|XWeL5nCjIeY+RXPjI}-iCf|NL?mECpuz3q2r{YhsXk`tdtXC(rNm!biZ zeTX)S0R7>w66uprc)-->fGK#uw7l*V4FtuGSm8X~Ry$Pz>s?34yJOy^Ps-w#2=>_s=ii_e1)}XBqTj57V0Aj1iCeM~4h z{!Ato4h4XK;>KbXCqDCc>UtKh+BE?sMhxZsafX>*-;3Q$pT3`#~r>_2Hpd=OGtqX``&3GES|l6BNG3Oa>x_8ADmh9Rc|Ih8sU@FzJb zZ7OS4#!ZDjtxXpEzy`C{lAqcbg3S7X^BVbuK2lA#L`fFnZ*=r2AFKuNJ46Zcku{zH z_-p+&dWCG^_*IEJLu%+Uzq+BoLn523HeHM^N6|WOM0(e`1c{}Bq+~j`3j7CdpAUXU zf(u5W`1GVm;#GNt@!ehKgD_68gsKDiBGP02=&Fwji31F^L~V zp@O zxnOmOlK1!;1G36YuS$I4ZJe}P(zsfdiNwXmrw9End=Pbzp@wX?hGc+fkde*;jnINt zYR<3y%oW|FEn^dSA;LwW>q%i`I*EE!(e_^glEHP-8{~x#DO`kH|sScfmWxj<&zV5`Xr3#ro zimC8SrW+ZpySk722AW4iss|2zAR)bWMckK;xFQDnfFjdRNs2ir288hr>hL=A zc)I&|dNl=@65==k1@9v0LpZlS8ZRf?@Bcn16q7DUJ7x$<(=oRzSavfP^`R$(W%!Y@ zXIoV8X~rDXS|D^j83xPfi0I?EWA1cf?)*^TGr#Qh!N;`i?o##YbM+Wjiiu3d8BCok0iE1OPAvqG4ats} zd5E{Ag|1a9SxL`ERJ#kawVKtUJ#$|ga{mfqS3I+vK*<0!9#U&nXqwNH#ykW<8J>|G zm^oTrDj6voAG|qo?qjZmEfq6m9-lxQBs<=CE}3`;=-YWW%FQB0&GKcdWU5SlO1CtG zt#oDwGFhfI<5FrIaO|LbJe^cJS4K3OXZ_LBy14SVA;x-X0LrqM#j;d1x3F?7S8x4e z+ zy`Zwah=0ZZBZYNrWizs63ZF|?{+w*V8g8e7j%Uh_S3oB_FY$lbP9wQUKU4 z7ug&Uflg`5FF@}vxyvv8K<6XJ=lFqVd{);*N7o9crz0nqF6Fo0|HS{>lBb=f@B5O< z`-#e@vdVAb%kNs>KfT2NJD~d>iRZGi2bK4ax<}Aj+b@uzC&ZWd{|vBt`uFBNgz{{F zk+qY(;xFP!gT#Nv|E!2+75@?c+rj6TAq7_eBUzFEBmU>Nlg(j8{g3#+*DgTd486Ys zeU%mCCH_xF1fKp!{BMs~9FO%+{BMsvS@9bGR|&3i2<^Vc|Np(>f2x1Q|G}>H!QXj8 zg6l&fd443+|48TgnP302oF}x7hw{}0SX?#pi|ikpTHV}@%Po!0ENX%b9G;%X=a$yC zcW>?<7=I7HxW4s_POUMT%ZFG8mV`u+c_;0JgnA-N9)PG(&{#S$Y`>(Wus;1?Q z?cB-+-`I@Ml-%X@?e*<_|AfrNwXMFe`yX)yRgH%y=cRRR zJ;ReH=a(D1`?YP|QJF=deY5!|+j_%zgX1npfM_hY2l0Py;3lPtbcp*Av zlsB6N0+Twwb30|>EgOlxwHlXqxXh*z+>hecijC#oh-PcCQ20ANfh6ISKTTw*oUkxu z_gtN=m@4(Ld||p=*P`e>`d8lCq?x)NXAu+h1MOAXi55hc3M#pSz#XYMzx(UTxRxW5 zy2jk08K&x7L2EOdq|7NqnwLD!THs`AW-H)^6J#FtMnGBo!?u}nS;O&jYu|jL8p%^=)HZN6hi0U{_<}i z)73#3TJ3FwQ#OfqzxCxGpNIQvZ_#OR_cPcy#MU*>GJZIWG7)l2noSu6_439T2&pIE zF6|0S*^dN{Y^G|sk;8)BC*oS2@;)r@D+aqyz^?YQX?y=^<=MsvQ)?#|= zv4Pk2t>**Tq0d{-Erzdmsd0jUh+fYfuD1JTG2M%FOvB|$ch`{w=*m^TRLi6wru&SM z($yy#uZg!USJQPXH<-CkA}noJ^Gq!_bx2Sh$8-HqY|s?FI8D-hyn! zCl4Y$K%Z3O#qYLf?#P4tiT9jWUFDArTJIiV$AoUDBTIQz-u{3O75XwvTIgu~!Eh=+u6NIIa&Lc~`E z_sQgVCB*nc6mQi+_{g(}ARRPY?5B?> z>lWRvhv?lR9kKuuE<9zqbO;WBnprC#V9xJ73HTju7e72DJ3I?LeEpkd0Sx#|^hCdx zz@V3*Q<}{;U=M~b49pMdl4>Rwe93M1J6wNt0=CHcS$zT${np*O-dh9&*uhH<32_EM zRJGaYIJwWM#N@8TRt_^Xm4I5G^E2*Zct}Ec;VD_gyLFGa37a5D5b`0y5HJ|)%TTAl zTBq+>r%s8OUO-PrXr=yE2GN{C_t% zegSlGZYO)M4jd@P86#m`f#U1%M z14TIvxl_EwQv;<(6$PBtg<;a`?B=Q*PL3|>A$yYQHr(hM3m;ej8QnL(ud+aT zRv>V#04PoNV@%%m0l<(5%UA%*RPP5pTaypEkPnsyAbbWOngbB+e2{>V>L>tMdH@^` zK(QL9n}nmsN}dKsq4KedVJZ6)J7iQXWK4Uw@m!vYBxDSdy!)aZRF2G;fBY}nL4D^c znmi}d$U1e_6*Ubc1@r%wI)G7NHB!8$E{?MT-Co6{Gej`Bi$%=QMsNaIVj{q>KKjUj zW4n-(yNJc7mYL&x9dX3!3I)PzBYo|OO18$3-Z{lgn{D*Z3sKxyn!fP>yyWyxP@ zA!h9M4ByURB;dt1cu=-M17s_|bvYkrVkezy08Sf_-f4&W*1x@M?r*l5=rgTJrcK7}szr zg`{SZX<&S8UrjjhMKwr}^-5L!)X$?j`AM)`!nyQ=Gp6`_I$-aeR`(QOVFGll3Pe`r zC!OrI%Lwoxr;(WKw)$k4TVN0;$&fpqo(c1Y=nZp=qT=v4zI*2T@J#XsATbJnWFw5U z^Ubqy3=MRd-Tq}f>3kMWKtW!OMmstSkU{BuOyaVv!m>e0aG{2U@IO5RktzMaDxYT! zc8?)nydFQ6sDS8Ez#WxH(X{mvP&A7mw1XfVd8`eFFq(q!SHqYricj3Sx|+nO?eQEf zr~0($jE1tp5+pAXZ`7ufxJ4$6(|yLlkor^}sMDwf*vkdn<>DRBtX<8gPuG-Lt3}1p zTB4Ax$}eP3D`)>FV~|Of(-LwtpLTMeb~aDrZ=MhMMpwE$&x!D*oV2UGrbz>DpwvXE z6HnWHW6qvhBTak>|I<>pb$bR)Y34@`Z}h7E+$GNHrLj(J&dDX_uS?Jo6X6l-qA|g$ z@$NqpT+619+M_Bu97fBLUOMvra>2F9YQO(V{~w`;>(##q`ejwCBtv=~MEV4Qs{r*i1XKO9@IP>%wcdHX zzJpc7+BMWXJz#tfuxt?7rUa#D4GVvLcyg^1qKCn)hbhU7MYfLbV$jB9;45J;`1rZL zdYxFeDqL`#@FasE0z`tiK`z8)eQVH1yuw0L_H6#V^r;`dDd=*2RpXIgA86Ho0iScvhCUF$DPHjV}Id zMyeWlc5Mns)(e6fgv#oK5w}`cw>D{v-Q~8#Mr!%3w$kv7rD#Va;%lW5mt^v`P^yj1 zyS8?hjSr5EO&^WRrni*5S5*-Ql*@QNNt(dBnD{eoL&CQ;yj9c{c(q;nwQ9HD?U-aw zZQCbr>yFgvozxlJ=or!N7{+brj~JTinlg#(P$%#3MVOZR?IaAE+AZ#U4XUZwEebeQ#x6yHj#+#{kn5kBoEe@OQTkndlm>C@I zeg~P8@b8_G?tM3{@iE;BM63r!SAS8lvfe$R58u1O)S<#wQPo;Ozktx;($bD5+?NttE)nI#J1p*!fXLUOAr&#(qm zQ^{>ur)yA)&sCph(8#UdaKhQNqu+9}meBLHT7kJpy}oUQvlXP@mA9TvYte?8?T)vKTRVbQ1Rjmv$PId%P70Zh(jNZ;T4#${v#B3X zgG{qqduP0L7Rg%Xyg8Rnv{&L8S5LmqbJMQPEYG^|EaThwirGkz9&afWZYzA+bTQj^ zvGK|~iS|FKX+1f(sXGobJJtQLaievPZ*pd1azaLPak6rR&v^~ixE*1*i{QPHJas}9 zyT?C%Xw|zMF@dg_Jg?X;)Ji>>s=+E6{>3+an6ZWHHH8XooO4{&2`ybLG9F!?W~CHuLbPGWzVy<>^rUOeP+(kZC9}rcL);fpYiPMJ?$Ho z>;n(%GqcVQp!WVm4h1Ld|(8`?z^RF64t~gel6h2&< z3tUAqU#~;2h%m3IPOh32oUg5~KdlPOygSoq+gFV=luEdku6C|Ey7q{;)=4i^4wlsJ zy(H$mDMxoPsI#S&ccC$J(W7n}1_1;qPW zd^cN(`^1D77oa>s@BZ4;DYC9EVOJ~Z_C6iSefy7F+WSJUnS0MacNrQFxn>VbL=RE6 zZi50$(RJ+$uqCM*(<4}oNlGz0g^AN0x;OTluF z3VI$qv+fFx9!r9c;>jMSBkq->9)J8i2F@R1g_r;Q?WmRV#M65kUViMfEp2*l)gAnB z>{winRNZQ}Ie;_=ZJ)jDkn-rV-ETX6>Y;NQ+w~X^)){%nJ%iagNavZ#7WfrS`QIFX z(&zue0hkZZk76t$0hZnYm-9)76FgJ%JSX&o=3Xp-zJDx$g%=B;U-`uXIH-nh_j(^o zLI2o$w?{hn=M2$S426Fio=X{CX#N7D<#utuN3w)Oi15x_G6T;U8K=Pqr4y!|i&cU(8M^^e_CXonmml$-J3=_fNN@I0&6A%lNN!OLl z1M{8`39!GB)3p4M!eo|z;5?Wr(x3~dccwi|5Ec+Q64?YwBEY?UD@efS6Y57MiJhYJ z=yEcrtM^x=BqjH9m)Q-jKEni65{Vb6(q3Qy7mQBI+Cw^r02C)75EUm}+eS_FRVjo$ zBLoyUCFfnHhm8p58rw`)5}RV71KUjy{(%78M5+_OUeDL_-`^i=Py`WLe$M<_ZcVQO zBG^{}h&M%n$;Dd;#ZkmTN+C)iSmB>He!R!A%1sxgB-8{?RCSWryo)SJU z59yg63*8jV*-ZeO>Vu7fkm)lH2b=1PO@!7>&>jYpILDAdxZY@y*F5>Zoo|`PJ?#$YuT7Ae`%2KjJUN3oV>vd&OFF6ieb_4Ul71XVLg^}=&@+x!2k%5 zBKuefw$RTB0%Pdo`q|ARPr*xmW#ue{YKC+!E;LOI@SoPv>QBK{!W8V;SwD+%?ut~+ zxF2?)TraToQ8XE|Sdshd$J4LihhiZpO$8#vz@>&M4^Y0@0`;Lj%Dx9!=}!fLnZZ+? zA|Not2W$&g^ATHc_{t&jZnNleWR=@5nhLx48<)5ylLwn9ypb{M6kD7Z_k#AomO-y$ z%5?Am4$}(+kd>CZ4Yo-}xSi*5mFFrGDE3t*f~9zY0Fe66eywBCoQw@&O>5UqrNWZk z)%7AqF;{eI9novz>b4M9 z+$wZH{db%VpJ2EHMLa6RCu<2~9Q+-?h=nUGzN69hC}REXtaByf8!giP_E)`h$M!bZ z9;{UaunP>3Y--Ak0iIS#sG9c&e1BVj90I-s1l>H%L za8s~82BJBMu)L=1Obv1J?mvZMA5Hxy20(Q?*DGwQ z6xe#P^Pz2X=BtSdK%joJJVM&cXe2*v*a?Tfo(x1z#D}Nk)_b ziv_>V@kT;jgc$`p?B`I(9PD0v;*aQR0&1WnUnq72`P;eaZO|lj9$PdriOJ6rXr`y1 zg*-CR2QB>AaQOagA*%jSo`=g!^;C87@}gJ?6-b1fzL+k2AwY!;czjMD z1liB9Z?JFz$$>CPcp?6T4{O1XsZNdzEd|4^M6@|K((!jjjG}0kSeA(GNr3hprNYMP ze)l-u*jy`(O2)at3Hz!qlqC^p#L_|Z@#J0~XTWMifcVCksxneFb-lx}A>GlcKc7;q zo#7W2Z+_LaJ~Okf-hSbmz}IRbwIOZ${Aufky>7_s~&J^Bl`bescgILmpij@`A{(e{ z7UQ!HP|`E~#ikB8DuQ}+Z#!vtv~>kMf;P0Yvmg+2>a!tF7s?51h#ZwJR5}j^fxP%l znS*2<7(oQZ59n`9O4&cc=l@DH z>VC45|44nD03hmS1l`V|r5+pUHT8(p+ef%AZQ8>9CXeH0kBKAs5W+(^pmKs;EjPTV zS{$S+;@1}?`9&_jk%%G>%_mk`&fXUnnUV?|6O%}N-go|WU{v8lfwFg!TIjFo8Ynip zzF^eENaGA*gEL^Ni|n@D%o7R51rWeOc2UnaKWM|l=Vl_qJ}ZaRaI0ThCijM@4s%Ejbi0Li`g$44qCBx8Z#e+}Oc*k3c1{Fn8%2 zKgZO=#@!ZZgKIm-mEl{Rc`T7e{|=C4Wp z2IJKD#;bKIfSfGuO|VCABxh9A%a7aDtfz=2luDtNX+6MDKI~fb?5DT{yf| zIGLr3>(N=wmEb6yYnpcp{TY~L%XkRsB0lMN$nf_FKKEWI4+uUF6e$D986Mc=7C?-3 zCsIl9OTDj&j{#X1z`(|byk*4Lq+cUz_yu%8K+X$7RtScnjU*Hez$Z(G!wC3k5Xduk0Vz78<}3{f!5P?(yp z6BJP{AsC4;k9ak2pk^3Qv`!I4z(Yq#^a0dsaNPP-3+oJ^aI&(E3v>O;ZyDq`8?+9T zL2ibI^jL5R>(_Bv#{>bWooml9nbazjfX`VoV_4YR4D1@ znTFh*q)ZOkOg)(>5JL*x2O!?71S;IqzJu<+*b5e;bEnZs}X$JT*{D z+L(xFr=ZTQVxs6leJ8*nP#gxCB@F!lMGK%3S)7tz08Xi~9E$OK^=xq*$c^(VKT7&X z1?=VLK83tsMQ>?+3`F4~cxB6IW%UdyXqpCofNIYI&4r|zp|}tzTQhAdK?aGZCS|8Z zTOETslV*p%`wilds^GHfm-tEE+)2KgU+d34N5<_KCVhJDTA%W^_#AK`4JLdKhAKqx z+5@?}>#KBu6Z9fvFkSIr-5bTeb;W+6&jdx%R94TiY}?J9AJ*~4ntxHNDU4Zwc0Z+R! z156GhNevTFv>v6k6Y2u-?j)AvDGbLC@xdubHedkEsp)J@y-=_Iq7Z-4%n6H-z=$_a zt<=AYcENV$BiposUi9%1=73mpyR1Dse6!FbhG>PvX!RlkYBRsMLXCjw&vDZo`-XrD z29=q>UkZgf>v6i+W8bsl;%leBbWf*Zz$c0ZBwiF^fKvU`k_%#roRS!)@%A*~_kW?J zhtSfC&oMy#`OIYu54?1Wsv-jOvWW8~nM~E0f>Rizz7@p;Sti~y#=;i2C>Iv#T7;PH zYjs#Aj2t8cSyX8qx{EM1n|4>jzO5Z8)-XTRfY7%V1+?BUU1{RC_ei!V?6s>{mXVcs zFBf-?L^pFE$>Nqou`@$D-*(%~wW(W)8JF~ECA7O(8A_LgIxzQL$fn0Le~n@uxS8)Q zEBPE!@>{oL&^utD6TWTaD4~yeBxtDXgjuS+BzV7MR5xHO&uVz&XdI(7s-fEirxRae_<_~1jv~Sp^w4auF?q~OO1WS))>3o{_EXZm+&w5TYXYu6g zVh@yM@DKWO(edT<_|i%#IF?1$lV$mVWi>76ku`Xo475R8wgCcda+hrifwm;ewiH0y z>Sfz83|Gf2t0*?#EKZgkPS$88*LDBp0;GWs^2!d%$~Is@>waaOoi+jeC+!n9dok8_ zl`k#;==7%S6ne7J2(kd$E-aKuVU^DlogSNZ@4=Q|3cbIQEWaWGT@XoL`;}feK(1}9 zZ$RbVTPIgR<#!S9@3l^D$RuyIzCPfT?jqVex|avXl|PNVf1a^jNn?J39zXs(dEoo{ zcc;9KED3F@fhW(EVz=lIt`RW3^ zx&Xno=8@bM|GiuQ)c@%Me1?YyP~5`<$X*g?iod8b)&^!K9}UbbjJ~3q8CY8z2(p4W zxj4DF0L=e1(s~HIaKSfs5BgrApbPu{k{BDHwoBBq~t!xZV%$oa0RW^5CT-}V#ECeQGrIl1~?HyfR-({3k zpIu&Ol+`2^RGyw+9i5&>q!nD<+!fch9G_h_cMnX?E&VR2a1BrF9hr0rO|T1zb^ICc z9+f;WKJ6BntI zU_4v;7o*NVb>U>bQnqZWY)#R0@#iYb<$;>w*>e4^pQLiNCG%D0lSMj%wWW)7cAEpK za&=|PP2VmLmIv#~SKEBxP|4)$E7rS0-Z1G7)mLuzMp4P7$v6Dj9!%u;x-!&IwL6+2 z7E1Q9v3h^9K($zRxUuGNw!&yI?PF8z@nXH>;mT|OA0^4SpA)NYxu2V8TC|^+;&QN` zpAp1(P>>UEc~Dr8S9DNRQhRVv46W#4eC_{V`+xY?{{OZAf9?NY`~TPeUr<={bXD<+ z_s>W2qu2ibwf}$Z|I@8s`~TPe|F!>r?f+l<|JVNiwf}$Z|6lw6*Z%*t|9|cOU;BTY z*Z%*t|Nnow|3~Cd7D1b)3jU}6cQop4o&e>~|I`1=@-t6z_s+lc|Bl%Fh3PRfyrbV= z`u|fcQ=#CgQ9sF-{y)`7G_q(YP2ehvM$kew-F!5{6eL8YW1-->Fxk@Jv_RG}uKayr zDqr$CPE>F*)P`@mJjl5u`nN^&pQNm^c;_DplkJCK|4QHzO@Bi*ABc^JL-2SgUDvzAT%}x!Njqv zZ+gG=aA}?U>1uDjLvmB6&}H=vez}Xg%GNv2|I+_2ZGZZ7FCQ%M(*G~*Fn@O&arP!i z(b(S+MsgohZg$Li`>ZCIU?vJ*@qg<7U6&8_MjLy>g>Kw?muBH${opiN`xbC^4>4(=PP<0DYv)})aj0w_ck0km)kG!FJFHQem)5l zwrDi=xWHi`xR98iS>SlSmB)mh=n-sPZTlY9yE;QH%ztFm`Y2ZYwAlv7+<4!_h@jTm zUtGHLrE&L5viH<9~f5g;yr@}J<}2m62Z{#ozPpq)%%^#?{}luvC}m+crA zKLhAtz@1qV(jhDbou`w+%*JA0Cq<*zIsu+wSV+ddYya_%f7SlJoW^ZjR$U^-+$>h% zM_rsA3qsWJ6#uUMDgIsigHzgXs30GyTPdoAsx82OtJ>Z-|7Y!w!$AV%gr{WMf_!GK zBTN=kN%?o}|H-pcAga?hqf!yS5P{Hu^>?@Q5fHY9hQkR<7y>V*)M3!vw%GGf`4aq-*uMn-7b4Eay`Clf zt|cAFoq#|nK|nY`?~@GW=c!)*C0=j&PUNEhX#N4dB~pI!y_VvAq4Ls1+IB(QH>)!77UX(_@zp&F`%JUo4L6}rUhPpZ$Yk2 zEvt)~wquDZ(ER_e{IB>g<^Nf`e9(kE^#4@;%T&kIb8>Wx%Tr!_bTg9wG=QmYi4EBs znk*q6Uh44OlW$g5_+cKuXBGakvxWjB2`m6q@hJR=@}XV&m?>Vh_Vn=&W&fkQ9CjsI z${4b+Vd4$}3V@O{cP}&4?x$$d&!T#iF9$!%fuWW3sNk%G+IpN7G>!{qMGR3TY2pza zkzX5$l+d2W0daM3^id0&F`2u&+Pc0#)BD$+GIzeU|b18pkxO$ zOY8S23IYI@Jp);S9Jw-0p(9JtJ{%TLu|a!+nx^VfzMQrN(-tOSn3>1{nLHOJ)mJ}( zq=j-)BsEltbVhTuh9JZPSuxRxgPLn{o?5XDU~WsQ$@O!5Cy{=Zf7N>#3r z;o+E8MM&1O&i+*T@ACgM7ZAm{pUDJ^KM)HPr}o|p4M`RVWSn3-9#%t`3E!M)pj3YV zzae7HWc#ghKcq(VKiIpgs5qQ{QPYiUfDkMR?(Pi{`P`7l&+FQuex0;tk9++#f#WS&WdY#xcUzj-vrEmWul(FR z)zM#L!NjQB1!}*H7NLE#kvWBZ()sZ$bdn?EL6bCSNPhb0eg>Q>c0!XsW*1}rXxE=> z-Rxzqqmiz1YX=X}ng_pka3rp^C@d}sq=E# zo9egV?|F=)rOw%g-pV=9y*3|{F3YclA-Ae79{B+p-9e%0;aOdi z5nWjMJ6*wFE6hx*Q!L4|NQx5@dXux7Q)YUbJ1gL_6>hmzhy2y0C+hiEc`Fk2tFsGh zS9+?y^p`L>11c6sW-nRSrhwY(&Kj=rU|v2viI(Rfnbn*Kd;zI&BO<3Tsz(Jm$4X0%{{^|c?4B$yMo}xGAGdCv73^55dUpEQ9BB;cM8pexnj-eajx^EIf zKfcju##h|*PB2=M`As}$^g6QsebwglmSOJFCI#&l!r>-4%;-j9i;HE8)*ZI>{$iF! z(fDVAvHQiQ$geGixoGAry?2sAtaHX{WyZhWn*<|lv(rX#X{>Ux^7BZVoSz$Kx|l?o zZS!Hx2|$}Zkg5qbZDT}k|M;`5y1OkLQYu>21RPitp*0m0+qvX1^|slO2#J)o=alu; zl}Oov^WCwk-ssgB1(u z!7!tBIMzX$Ms)!}Lw*NeA$Tb%g})f8TN-lUn|sjJV4eE=01IkOYi9lF;Q*f0M*Y>H z64T+8f{mk)O~~3o`FKhrY`zJ~-5R3*OOdIK*ZOD3p^ujh7x+;2&*2iuQU8+-A?8s> zM@66TRxfXB52@Zzk?ueW_i&8v?-a(-4wey(BcJUfA@?KL_s660tVXwSsj)TfnXI*` zBH=mO<2YqI=&NHJ_v86-Aam4lYnI(|%-X8(@Dg&v3RGjW$ZTW4cpH3d&1>gQ4gF+i zFCcC&=xxuHY0n!8{a9{~KL!>4W&d#*dj4o1i|$bP&Y_dpq2uy6>f=eH?n#2q;B}1b z?b_lWD0Bzh#gyc*r|9qi20s-wKMH?>rEvY#H-n$(xmUCY7<@qZD}xBJL((+5H+O_X zVMOuJ#~|E6D?ZKt<7hr`3R*i|e{yt8ImNM<#7YIfUf00ma|$+hvh_JT`*hY3;^Qu7k2psl8&H=t$oaA3gR z-Su^#i?w2+(__6cW1iokQ8MFXbL6O&<65_1hv@N0T@<=sxR_jQMPKj@R)0|XAlRud z^v#0JU{v775!mdK_2x2;)s=|svTw(Q@WLfh$JNRHIn6o)&DTpcTgh3}Nw1%aOYO@P zUvBhYe#5%*Bfauxy$S%kQvAKt8#w-yDy!*Wra*Y6R?Mr_EU6=@yYb(j3+E+*+N8FMY?aBbGvWFyjOm8xquc&%;Y=8)>* z^!K`>%pG0WLxt|fnN5VHQ_>y+`aSsDJTL7u{Hnd|L>q;lfDK=k>eI=)puF{^#AvB(|2~A?mslcgR+nQ)&G0l z|MVUAoUCd!Ik}s)p`QoySA- z;C(%vSG9#@RyBjD2}^6X*UxI3rge=u)rK}c%f{4_ywLlV+6PN9?(Q4+o*UZ^NJFm! zW3y}}(8MQD>fz(HclFXEY!K-Y^y^Xd(1$qGCrIgW1f^k;?Q0;{;}oI8Jm1QMfe%`w z&G6vC+{EK*zR$?_uenOz%Md~zcOSaIucL*fznXoP22(aYnr2V>{y@HFav+)SDF53F z;Gh4Wya4I3{Ryl?6u=P~>Txm2?BAy?h#aKa_7- zHO7MpEWg#u7aOeS>+BA%?PUBZ#Cs}rYLkIzs90OL3mde6G$0?v;$$Mf@rjcPB z#Tvlt?jFhZ#<{~HzJyGt8%%F!?YzlRCnH6U)% z4Re(M2;!(C@{5;YY&DJA8tdOtZ^bN-gM&X73y2QX14RH?ciiKX;8m<>Qk30y$)d~$ zX7kdS-wr7gA%u6wp_U4%(>~h)HQLI6DA5q0X;S=aU$}ziEZ}itIDST?S5i?v>09Y% zI{-6jNHkHyi{UH6S3?!k#LUlH1#FaBjAf-|UI~e=l}pcTKoqhB>Ch`g1Bo!?Q&9$P zL%hR^#*PTw^k^)b*9C)1Wi;a4X%v%qCd95iKzik%9w0Wc>j2Qw7S9}Dg6vpWXOj}C zQU^hHXA+OZY>+5ABHgJ1o+|G67Zc!n?fD+0AF_49{aRpzNyC5Q?!rT4ajI#<|DJFP z{PZIsgoc2kqNe*DzPI%Npg;$jfmz5A_YUO)yE1Af`c9Xq0%pU2WEU>TW{~i$H*}Dk z&$b6B)c2biAedi#US+7LwcGM#E{b_j?&H&?Hsaq+ZdAnZ9`?y%(bw+@WXaU7fSTfC zlLK-PAKM|6S`Ov+D7ECu7zC~4I0z{16v}WUdV-TZCKj`@;ej~ z0w5;A@J8w}{O;Q81^Dpe=G~DFEbrb+WJ8Cck>%eooDTS}UQ=uESDBt?-)%a-N~q2g z2av*B(JRyb4(W(TD=p!iWPIb#1_SOsta=R&mcRQ*Z2Rj~^UCu{u1qYD@YBB{=8GRf z+7on;_1#XlDt!0M&xSrA3Nj#I(tAZBfY5K#h}C=LA?Lbno`V_F6srOUl^PURc;OU; zOo!=*PAewnpN136Nc{eZGX<#DuZTs%{dOd5fD_OnPtN{l=mDO+12E)ZOX@R=V0+BI!93h@6CPFu0%TXd8A8`Y}h6soyRs#=D zeL!CO!;HnDb+GkOMPbbL)6xMsoxox#O6!>@wuVcuh?|u%QLPE!v}8c`Ksh<^x3+|_ zN4!c^JY`%GHBI}_h-b)T@;1i;GqN*E$PPJzo;BiolTS?g!h>){a6n!+5M>QT5kBVx(Xfls zi{ijzG2)d$ zK$h3BMURy!dzp4bgP;cd=12ey1F#@`LavZ`tenfVX2jspc45m3UudJxvDBnHqvv3< zjIn-)HJYWA$Hp|3p?kHJ>I{1fp7wtDsC9?l(zVD??axtc;D*HC-P}m+Pco{H_K9Ec z+D$!}t$AZvlD~J8#UfP5R`+${0v{pk=kWfK(ZA`X-3(BhF!kLn!Uv84?v68AoG6oT zb_?yyYqe2!K7Ys%JclHN&(&R{c8snTzJT=4U4wPY-io(&sCU$Xp)%x~LqW8>GLUG} z`uz8IsFg^iL&_1(Nd?RjQi8Z)u|x@pnU_0sU$t|AsLB8YV#9hl>+{-@C^MMgqI3W$ z_ZRf&Jxr$7kLFl@+Gm30fl+rK%&@p5^e=uastNEqAp@+9d*3O=NW#DI!_65kw`_9s zq~)oNDzK2;=et2ItAiCur$-0i6(Sb?DZAqafJfhC1CU%j*IcrVFgGQ15*Ejcr1M)% z$PpPV&4|pXd@MJ3m=mUbbX(jdI2&@YzS4uJoPQ{jAX1>I42dyOk0P-HM**gQS(D`R zxUEPlWDy^hS!%xvhFA$J+smGtt~i*n=w1dO!0!zmZ< zZ^$V5^xVw{+(NuF6t=9tH%U}JK?5y6{@RyZY387W0vw+OAKcedOT%#}Xw+hF%Hn{m zLB|NgI^TQ3WI+$_kXzvY?wGOiN4dn3C(^7W&hSR>i=eFS^{JL z?bO{2TMvu>7mPhkKGVjk{-H*)0z?E3xJ1=g62-;A;6JX9hHTa2J@6xtH6NeJP+z(b zA|U|&-lw5})H?dX_Mh5$*Ai3)ZjnIJ!;PY$xnKJBHTl1m4_H6`nj!@>D*ZaXjJf@d zt+ds5l2J_cMtYbZ+j~~0*^F)5Zc>RhZq>y*j6%*IXiVf))Xe#isU=9E;@}23{6?9G z4cxT?of(l*T4ez(BX2#kfPSPW{tE_X3S&rJW8nq|XJkmKpoym+fPt*cDB#p_`0=KG z?_Sm>%xXQ)DcinpdeaWSB+Wpx4GJV6B?n>?an3e_A%H#S_jmI8Tyo34@gr2waZ3(x((odjgaX-* zVr~57a~2Y39`qE8qQg%bKUX@A)L&WG|8xc&8Hh1%h?%hNLbSEIU?_!|gLO_WaZ8S) zv5pgwi!hRT6EFWaI1fpf;&o;=6{RtOJq5ruciTVrk%ycNE1hhOOlcPzV~!FJItPZzEbw?tf9_L}qW1*y^zs7?8FrE}OmN-(3(50eb)M38Y ze-8(w^WBOjqHK=e7UBdktZlGrAo5)2{6);YdToS8u$@doWqvt{ox8~|xhbfKh_Ai* z{ycBG(SUUd_{uc*)#oj9Lt{TzD$R{p7{4hObcG8ZM*vLz7qx%~HxJ#Eidhm*I-#Er z-I#xiim+^xo-;@QMkVpM1FA7WXfdH7r4|$WF2Bna!8EnzkYre? z)WG>_#)#ZiJKRk>j9Ap#{nUcAX2~ptTISK*i@H1NI|lloiPo+|b#ls)EFKO-UaQ3I z<1XN6azd1u*6hw_#A)*HMiiTQ26biCdd;R$igfBSTue z)HcupddVHUgDre*LtWl%LaY!;=N)-QZ~{k>ex00zx(g^uxu_zW0u(fEl=(sk6GgJs`8Lu zk?qQ^?=FpQ4)_xmgzdb*i5GXbokn7`h|-SK-gnoYQN}@*&IG1n5qK`$Nn;E^m9t4$ zvdp0en2J8%J6PftBatHN^oP7|n{~(S2I6&3zcu>9Vd?nUV#W;8D7puz1A91=AO{u8 z*3M|F26-X_ynNN9C5pU%>iNJE#l2e!wa+uj(l;2{^HnU#zJ-__SV&lc{k)29DJ%hf zB`E?<(PUlwL?R%D8`+#ZsjaMi!d08>&h_O&3!Gzp6<6`%+!rUI~gmgSv z9;@u>JxMpbrw)n z*15`Qw7ifx%VYvsQcym6Uw#>*f-GZsJpHQBVWsf9$e(*fW=w#Y66=+{X85jBWMElS zS}OsQ^J}Kgp8ndNg$@{#F13w=@`3t_RXx;7t+KoU-ntQsu}OG8*O#D~)w(^z1`t)= zfqN8lS3X!L(Pg~e6~e4TRAEnEG0Z7DTxIJzRr)(&aA@xH?*V45oC^1iim{(T<4{{4 zisT9S!BI-1N#}hc0z2tB=4r3jldLS}n3ca7D*tFpOz4MP$6>BMoEAWS_TXq{w z{j=9B;+R#N2R6&Jte+oQ94MhnV$k>@mThX zwx?o0L;|8{y>D!H7}LM^4tiJw^^lJKw!#Vp|5yLddWu|qip6$DP<=+~PynMpPG6W} zt=`kGy7)l2uVQ;>s(v_! z-Yy;A7~9{uOFWL-J*7KXEI=QwtN+5-04VIxwd(LOhh1=WDG~cNWeqI75+K5kC{=@K z!Up$-72)}D@RJ?#uOnm_Uk#Gdzxw}J_9vcdl;vu8?-R6j+h+nGck10g{r?2}tNDNR z|BxE2=l=iqY3wyS4$6P^|4t~)i2tMiUk}6hri`aqi*LX|U~%U1SVQ1ZOZbh0Xq!DK znB#3~?c2mNyyDt-)g14eYu|Tr5D(T8PjHaT*OIJrkV0xnPdLbKYRUd`kfYR*V{=jv z)=`jgQqt8?vT;)J)lrFXQcKlQD{<0j*3lSn(puEfI&ji?)X{z8qz|p5kL6@Ytz*dM zWGt>@tmb5Du4C%tWFD+zp5SDeuVY!~WQEkRo^Z0=)Uo~LWJjrI$L8W7tcP)sadFbs zbFy)9@zryQaB)l3b1QN2Xx8%>aPeBy^Ezr4 zQG+c}6a3NhEz#@zF_4y+6aLtnme{}iaVV{E*dO8vTjR+-B+#`c=r{wP?SL0UAa;0i zW_=ryTv!>OTlTAOlaQl{x5TWH`d_PCyM?u_{z*BJKMGejcQ<$U15VFE~$wqzp!lXq_; z5J!@JGYC(^ax<97yks+k*nMv^lstrfD~vkDax0v^sAMaGxoK}Jl6`=FJBoYGayyzI zT(TV_c)hnB3q)qvi31T>?ZivdmhL3T^X~5?DoZl#CaGyy?IwRVFWpVib>H7jH4I?@ zrvTZ)TUUnR0xmo<+Q0X-90;#-#t@+#>->knF z0xyOD^@}0!VhFq#0xyQZiy>g)m>|uXgi4xH5}x;B2)q~qFNVPV+ZRLN#SnNg1YQh* z7enC15O^^JUJQX3L*T^_crgTC41pIz!2iV%`2V*d;F1>aWy+EIk0DUc@#}{V75-VBF zrRlNE%R-)ZE5&t!$xLLo5(&Fa`PhFM0#+iK)*8)Av*s*U!;#&F^gV zZkFad2MDVDg=~!pGh}*r-RqLukEW~A7bim88{~p*tu&XH=H2V+Yuld<0iBqoYxkCZ zA!x5(#tKBzSU1*zw@3SF*JM7Vg&qzI{r03>)8gcIXH&0ChjYraA;1>u zIchfUoS44?p47M-b?b1+x>oTw^gZ_mohYroIcim1(XX zaCivJG-lb98ax{UDBcTHSyz>*U*}X$>idT6-J9y)9s6kfYF!q-@$CFM;bg(OdZp<4 z>+tP~H;UlugD<2LW$o0AtSuAc+n0fhujIH&4-30%Uq<9Up1JA!?DB}5{{HjfA_L{A z{Ug~2Ep}MaEB-BWKolShh?*Ccjs5j#Rp`Dhxx>DA!sq~B6@{`#|GHCz@AxnjDOetG z)tlQ*ffFAGLY%tk3hihP{`Rq&x&YCyZ;KMQ4hbSBd@_Y1QeQ0c>yaEj;f2fT%_(hQgBYN8+ruWREPhD zFu7L;d_kA-M_^6&4}VldL@VIV@4(&nVcGl9y&oF5xmF1On$Wx6iH-Y< z!&Qh1Ac6$ydu_XWe@=<>?T9l*^#V;nD(^vTZ+az@KvLd)ERlUOeSPBPAeLW!@|U0% zV2d)I1Vx}=%SDF@s9)`CK5|O`}KDEVF?nQ`ThEM z14fV4x>1#IZN&HVJS6CC~3)#QfcbmU&7QVil7MAfHx=ApMD2OkYr15>Z}LSalmwLljvDp!TwgWU3uvdXULM z%&3(wwF+u^otOL^(;sbz*?Eco-(z~qp?}BpXmX5Pa&>Jr(XJeMh?v~}#PqogJ~YVx ziXFokm@L`iuo#p?xmwloFp@?sIx{S`MQz*EreMO1Kd=Ko4U1sY%6AVFhFSO z{zUKM`#BZifQperz%l<(NE_u4 zCdosC;ujeb&$EenG-VNxJj445c(*Dnb&ksw4A5dWU@sdbdIFH3uvDRl+C2uD85?xW z3G&OCd{p3iP{wg9L%?Uooy8d7&gJkND{503vdtx|8~blPJ&Z!oUzYZ@0``>(sap|A zB^CJ?#y>rMz$D>+^z>TO4{dV)+0zr8?o9G-tFn+J2}Dz|^h*GCOhWA#NtghQo?-h4`OyFD>4EJ^fn79x zlQhkU|LW;+M~PXu1p8;0x@UQ})PDV|r;os#RVA4Rj`FDmb@1yQjx{K@=2{PCDSu7VbIrS$#d|a|I;jgfzvA)?o*#Uz zq6(9nwEpqOMtA_soB3^W6(MqJDjG-xaER>9Y(mb=(N=2efJ0_3n=ZMzh z%0BB=wEfQX6(Y#;Ed1?xot*(0Wt2lV6`#Wec3$IBnX`83?o!p&Qe6HL zhsjcTe{oH872?xUgZgq~CVxGWX5AA*b1+AP+49duozi3-nh~8A_3Db`vdZ@5F8r0U znqxc*G>bfKC<>Nw(WB99666~=2**5?*0THnb7gY@t zRt*r`8U8+TqUmo0bbsLd{mL_MgJpRG9l9~wZx}GOfgB@%TV=>_x6$&-D5k9Vo@euo z0p8r`Ai-$d+lVM;p7@&cop}jCN;_VM0mXP}T6#V?*ob6q9;0J3untB?NjgTY zu?6!p{?2Lq)p?UP%h+yaOW?7WDyE$=MxR5!l*!kaVL*&~ZR?YYN$sOCv*Z@5zDcyH z@wtG>2ZDCqEEB%zZF+lSb}S)In4T!|8ehjY^V&Acu?h2&2|w1hgyPN``HmB}DY>ty zV2o+?chgu-6FDqX>2Xs*1heo;)Ay1)%EEH;1Kp|vVG4?znnk*wi%JxEcljlE)v8P+ zU3Qc-c6FeHTI0+bS*4$@cejqrWbw=+0p_GS=5==Fta9cUO}oatU|s04c$T^KT&c?1 zf+azr?Ht%&2rQAms{uAw^ENM3fCOx<{}j!*8;f<|g*e$ayA5c0!+0kf?u_U{AaijL zBV>qUmA02+gL{mHFKjIk*>tkkBGGQIZq>|eE)`R8UAx27e;_|paUd)O9K%W!Gbb3W z|2aNI(l*P&FJ&)yO)z0xGlg|9oYd%E#WJo+FjZJHV_fZf%>MTSi$t(l6oG|}Ipcux z{x|bI7i4Q?Tx&3;b^5@*2K8P+QBBDl2$dkb=z2ei*1WWcxxm*9HEX|*-8y#ezz=NQ zdu2_{W%*5VFM`#YZtb96(x!~Hp^@OQsVK79*IG~BrnRG@BZd3z#ZG>aP3PKX4{5{O z_eaUdw!O4#18W@pO?%nyN2$TKpyfl8wxf}bgRv@`iH-)?=$z`*n%d;GaUa+=1W9n3 zmSv7rc|L?`0WA4P@wngo<6;x@3a|VsDbt#;(o)rN;@Zb`N#-pAsqH!KjTr77UrDgO z?ykPs43>Rtvb~uLbh-+<58giFZ8~gX-J7#NK{kS}@t$3SF2D?z9iLCL?5_wIuW2oA ztL$!?jPF=2AHcTvA&iez*5`Bfxw|JH{+#GxIQEh{Rx_UVDLS?apNd_dB?Z<77=ADHs=^LtCu{Vpt;Z%cX8*vF!ptEh<4%6a2c8V_3`hS zK&P3I(i$(DfUuOA$htZ3#9kEJOl-muB(ly^Od^48&Es)dXX?twdx_X_DbtK0eNrmR zr>~GrqDZ#af_ybJ;;Q-PidE!Fb$(Ud=@W$<)#NMb=(^PXy4We$AZD2}`!cX%ygpc1Rwk9m~HoW*2imvGT&Gt*IL)i1Eznj}wl)Jg-Kf0c@O5f3VZ1v)HSj>}yf6XL=b!CPy%SpWMG40Q%|w z$pIi5nw`L!M*%F5p)MAa^jWx!K-{OBy=G#Is{Ml(Ji^EfpFWcl3>AFuQyzwp!S=F! zH`v~96FydpO1as>yRU==2o4454u$lgf`Vth6P z_RkB4MK~>lgRCxS$A9qJ931Um6f1;chhp_PZ&C-NgHSYb962$93K2YsgRV{q`h^fo z?f|fZE2f1&gx&;}<%HsALqG|g#2QhVT=dPdu+Mu~Vw7;)rm=b7l-k;ekD<@-&Wnv6~ zUrf?HY15_ONo%DWPIY0ZDDQ9(CNrSD?LsM>%$d$`8ecTmreH+dQwYTM`V@gOWjFx* z6y-FDhMjAOi;gYiIQbSkcPb$S&XK4qFf_rfpd>g!yG${h^?Z`xlPvvI8A4+jO)C8p z(T+_?jCN5~`~5wWqKyVJvpj-4#|$nljdcRUpfGnogVpDNgxVq8!^E6o{fva%<>|Wv zkdQX7-D7 z!8QjyuRgXF)Nl&<;G&9$=h9&EV>#k>sp~0SSMPD`=Me-AujwY?(h>zqod|8&Fg~1ZyA#v(2XfRC{0@ZpQ4H+w zh=4etz+t8QbL-!gCCrJVDcu)@AexKLaohA5f8^hxP4H@OvP24wTovK_49L}xLEfs2 z<^luw1RvM2?dfPF{J5$5uhf6b)osz3P|3M_ICsYnO_v<F=}B)DVa?}$`pPkgDxO>rgetz#g(G~5LnOb0 zRS-E&)+5(3i{KJIgWMSY_heGn9NujK6IIc>9YG}r%d=`Xzc3puAjQ9*`2I+YW zqb3VQ8$Ss&V~SuQZXgmls+b`rBU2)^D>=sMJ8Tu?NgD}AddUwmIEElRD&kFsyhL>M zgx25suxak@l_hC!i81SU(b_^|7M1e2QeS9QVOdt7LSSN<$QeUpDUFM%;@8GcVpB+{ z-f^ODZpm?z{(I|BL8F2ifa9p_&!3iy?W>$ENiwJs+`&>-lFq39O@Q~hk+bBDia8(+ z4Pdc!S)wR(q$(4(&<{^ufY8Wff`qQ6vWc&JJ!&F%`60e#T$YmLRhN{)+r=sS$eaT8 zG7}Pw#Xqn&r5D;PHjuZ=i>hWST35}bQKRbz+=rAGk zwYojoS!EpRR?2w%oYRZ6s{Ylwi&gn^=_|8P=X>Roh~_ro;VRGi0X^?C-u6z)lkZE1 z`k7)L9oI-0UMGh&R~-Z$u=`}|uOxfxe-Es?5Md6!*n(^@c)l+5waUPCn++5M>mEEs zhX5o{Dl#6RT#-JUaN9NRwjorQh9pc%-gypN+6Y~(Bmlq4kqY-PSQuBv51ydQ51G9S z4!cDq4DDapf4QZxqbrq<(ME{J@Qiw0V(O1gKxPa5(Br(Ss=P^QT8j`v3aZ+rSTYM+ z{{TQbLMNR*n9DW zLwLE;Q}fKtMGD5^1h1RBNk|2}iTYL~YwLFrj+wKmCs{*kqbi?lL69$lLa;M^6!?A0 zb@i3>Ikw`5`U?D41rlk;r`2DuA+MnfUiT6%^Sf4jVg4x0CB7OBu z?zQTGkDYe8EB!K-K*s9m#kWs-LGnVcai+lZ!Ns8Zay6MEoI{DZZvRZg%&|0AFD$m*Y-2r)<55jNyIsvj4XGCh)NY{;Pz zPZe;6RsN86YdtLtxEU za(lk76Jwy8fCY9tsxr@%Z;F&^8N4(Nn7d12hSQ_NH8UTFO z3rNTrLuO#4{^*i8lKzq>}mm45UqxHuzyz$o`^vD%VH$rW5jE>f! zL7PCeTvV`rvbxbY@rE2dIf6ir3@``LYiSS34~cfogdx|=b)$vZVDuPYSOIj5)O9Rl zuvoZ(4iChD&psXAz}3)u6CeexFhZ>}yx30$jpm+GlkcwPo`A?_(AF^l=qqp-?+7GU zR}>hVasdbAaOOrEGZed?n=-f29-~_rQ5585DQ|nWl+FwQw+6&>l*DU!FgQwbLfIe& z;f)h{Lo!(IlipUR+1AQa(%;Eg3hmAL!ahpgt@~Y4YV^tJN#Lu3oL6xac6e0&ZCl#5 z#(#si-*3HL{1HTdV7#bcLaMPHUfRW|owwB}!z{VUjO_Q`YYT87fq!ny4L`o-v&mLx z#D1N@t4hMhsjq|-f4;e~BSdZRz3)O|{Xr73wE_*c2IxP(8>hSI!$-a?yAMnx~x*00^)J*Xta=NWoRjl&U2_@ z$c<$|a#)*k0|h2U;if5IqfD^b<4SVvCh&3CxoS~)57N-CHoXY8$mtHCpe2LxaR1<>X?QOX2W(FTu{1c#7^L1x$pPheNEkqm&W+RaJcV=WMiXGz6O6=+)D&W@vUj$q)=J^ieECF)h_ zg0SRVN@amF%Th}Je4gb(6${{poylhy%gVs<^4#$pBf(nT@hIc&TKe(o67p(KbyuTmSDzJZ&YI?|yOCnI={yEGw|(XU{9L2KS*!;| zRR>k9hfP(70?>{7!M(YoBLc~zJiFrr`)_H`!|SRO*uM+`Ug+_)4Yca$EJgY}I{qRQnLE;*$|MlKSQ^_u(!Pq>A!M6z7{w!JGH-xVY^GIzB9JJ>5;tGKfdwpzn8Up z2w*b}JGq;yep)-Z>u@mLtDYWUQ$9VJy03m5ugt}-fg@vwr>lWyV@KetLHNfIIE8bm zLe#85GGIrxs6lpMM}c9Sdb<7F5I{?<(Z@V}_r2yB5Wr}z!N{&TYyY<)fRLT=>K{YE z5i7q2`|p1@1UPW%YX65JAXST}#DV{BL!g$xfrIcr41v&EqS${K0@)nzUJL;V%?1er zZb^#9(y`n!sSPsO+_J?Dven#j%?)y$-137B@)O(&^9>5?+=`F} z#S?C&n+B!7+{!48%Gf+AgpDd>JgRh!s%$);_!>Wn@Tf^OswwfPYc{GI@Mu^xYB=y{ zdNgW&KuWy6*k4_Q` z${RZRrWaOHimJlX3qsQJQj4mheiVm%&mWwaiOwqaOUkNf>i9i1cXn}I)zaBHG?rFe zJuo(1*VYq}QJ7p%QBc$TzmwYke|PN*0`P(WR5Z+4A6B-2%MPpBt`82YyO5cVYWfIl zj%tT!%a7_tc@K~3CncGV8)h_YjvE)u%a5B@+z*eNH$s@8EjuYT(AK@8a_G;arbFnj z(*dTFw#zx2llEJ1`ANs)_2Ee;0EPLq3z5+Fv>TPK;>eaWO72;)L)gZUP14>aml|0%63&X(*NOVz1F(5P%m1VEF|BctHSO5P%m1-~|ErV4UO> zki?vq^rIy41p#2+GPa2?vdgn}9;N3c zzGnAz4NS7IpWM7hqjgxQUyCGoWTthzy4Jk<@uXc7{A!&PY2BU5;GS#!BD3jQ=;Li8 z@XpO(G0#9#XPxc$`aMe;w0*tg!2p(=@T9;AU$uIPzmaxjfT+QbP-TFU(g4sGLsQ)N zQnKg8%Z zXOrN!QF!C#d-r_ODn9Z71Bz>-T$(KbLE|rSTa*L!G%>ISlC{rt=EiCXTT+2r*_B%i zq)|-vOUzh2tk=5i9lC7hMx1k79m$(cZ?-9QOgikgapX*VyiMvdw>6?nrnt7b)*=Pw z`USDJKF*o^LEN$5-tN2H23D;g!P>o{lBT}?JCkKQtSLJ(<0*3B0r3uQ zMS{=Dq_RqqTk>-|IO?X0Z_K{v?Osst%G&JON1Gw?m|cC{{iG4D1)I|GHP#>4-M%st z{2{w={(r#)pa%V9EtC%-c8S8Ufuqs=HFj+%QO?k~lYr&Dh<`T>1y^r8pbPLS^ zux(L|bH}Q^VuRDTwEF;~$C{ZdFNFUSL?95-3HxbbGHOw{1hGhgcw*&x5rF(z8+>7) zK;9Lsk6;N}OTQ-6AYZNEru-06?yvz+OIcU;9jM%jiiDVe4vB^!a(Iq{~@iFRVwe{AwRS-U^MYFAe z+1Pp?;Z__C$=VKU9CnQF4HJMx)NElBir|5)o!{5#Lj%^+AzXi0fpfgflXFMyVB2B! z<1e(;GX!?YRdzz|cA_12?Q;jK!rN=GiuIVol_tT>IpZx-#f5?6u`D|*W2mpF-3C_s zevI&uyZ$!RU@->zUDEzzIdnS&dctbGI(`JXw!i2gKVCD1G}%wOoSf^gUB;Y@Wt?0M ze7L1`crte=RKYg>a^d@+CrBy zXt0V7faAy3M8!n0y3abDkU0I2AK6CWl&y$~3vu*~aC)3`bbDoUpz44VYlkdy)~awe z+u;<2di?#JGunyMP}P|=7VP{M>zER9M%8(ULU!s!dHy=q5x4k^EY$g%%z4176Qc+e zhwY3Z^@O!^^DSQ;F^UU`hZ7H*3(NXBD8*UL$(fe#;w0JyPwIrpVgCVq!SU@}aPUY7 z>dM6C$|>dIh3+=;-t8fp zL!`P*)k08xUj41Oo9e_Ry15(E_gYPdHZ5#H-QtSRH=KH82KsD=$bhm+Q{NG}0f-P=C zJf7SCakB~Dz8G`olikq4+o<{5=+v55`Gg|mTg%-Xwg8&T~tgg^v1h!-Lf#%zJ<@V z%7VWMQr{fw{A8!ht%FNd1`oa12jvdl-4;G- ztdAWc_rHoCVQrm07^yz?A&(JQPeQ#9HGdzmCLWC;56IBR>i<^_U||Al2?elBhPqOm z*-iGfnf0p<$`K^{aQ^SR&n;g=Z{ZeWk&ON2(`7J|8(=$wzQ=se;hS%7F^Q|%Ag$qG zH2qMZ{7|s1bd+J1&&r_hqtvqlu-J^cgALe4K?T60;4)jDlJ^9m6LQ+Numb_1xOA!& zmamOLk?;7NkM_=}hTl2LfO=4ESa~9b{E+%oK);gW88w+x^BLf&Kqt?=HWh zeE&x8pTICQ3?0(l-3Bv&Lx_N=lyrAV34(OT(4cgKbc2!(AtEI$-Cat>KeZmyceExrZQka{z7v_~qD@T*;m?@pBKaD}vZaPFnaJ%H`Q)^Oq2 zSk%-HX=DSUgBanYnT9u>hciaTe_$1vMZdQA-(a=mS`xroCi5P_Y7-q0> z73pc@6=|0@2+{+!$}o>ky}fUW=9K9{DgoqE4I@r;wuVjMrcMrVs%#|nevgD?@*FX$pvxu zo=Iua&_s$La2-9g*#P#KV{J^#SQuE*A~_G?iZK&*PqFPxdOY-%7P26X@|n^XmI#yN z2u(!{XmJK4PX&QPi9TmyKW0oQdjm-c~vjR!!2zzO|VldKYcyei1 z+H8wI(f!_GrEyHKio(Js7^`s^e50A7!?|T&HL7~QGAwXP(GiBFW;#VSD`zBXAfLWFC9%oIgtUDPZk0W%)ut9+>2Dv5NyqfQ0zpkte9tmtmNy0 z0|Ym!LV$zGL>QDGI?)3Ygdzi=&d?VD3UhAuVlbw)@?XPCl0gY4D{q-|@!#Q^Nic7>VKUF%<<0RJekVIZ|q)@`VQcQP{=86>U7?~9KDZw z7IVEhajrJ(jdNaibz=5Gmaw6o7`TiR6V^N+PED9M!RP`Z8CMO9q7Nj`=(?i6gR*$o z59b#qoD&0JABcPV;2!QhZb(@v6iJB{$f9VWtUxw56tKUVo3s5GOE#wb1t3kSsP!1a zP&4?l#taw0V(tQFs(p|@maCvPAX>#9NTWF+?RV}TONNjjDkSq<*FcX9D%NAVXNtxQ zNT8N}Mo7~gFa`N99ss`#N+lj+xd3{LOA4hrkx(A`!EvQnEsGne4By2FeLEW53^`U2 zc&{ZNKm)K$jYi`no0m9w!zp6kKBqI|6>YCe%4O!MOys*sGRZ{_I<>qr-^N|*U$Oqh0PiV>ai=o-J)MHSpaW9d66>oN zUT7QdjSd-&)YrYta`XVr{X9=cT) zi=5#sCpY6(gZ-+bw)wlN>>z^0@t4&3iww?=Dbb6YPG0SYhLP?|KWk6b4?dqxCi{uF z&);10bfRwWs$r`H%eG_FZYYLhlb@fuvDj!@i2PlYL4+&nlr)`$*~ejm{8@Kq(qHfo zg(IG@8KIPmF|e6Gl2^IGo1xe+{2<(53%UR*a*HY^L=Q!&CN`fzo(di>Bp93sVDkrH z5SavEF^(2e;sgNLe|do6wmf{H%P%ZVH9pmuh61lMgxQAUW3ZslZ)wuE_Y2w%UbuJ~^B<;iMoKN&0G^2f5$c%_QDuNjzY_@80qh_a_-oOPBznHgB zDkDB~zp^ip*ST0b#EKo{*(cD#2a%~iv4v{}01K0mRQ5(UX~HDoco{QG&y(mM7281# zttB(sh|HaRs{8hIBR+?lB{%E`X#ia>ui(WDVb+1U@uxmm%fBF0XRHk76iLy<6nd!$ zY1%=pL(+yP-+w;;7-j?u8bH8bJt=9UV<{#KNLGI08c2c1$_7nLOlLnCII$lbQI{%x z=Kuahbkbxaij>IYA!2;EZ3^7#0Ze>hyy&uii-X|_ga|O6w#d$YbCPVU|IA|dp-8mJrcXGP__ zjISPZbVcAjLT<@b-i%=Sc>}CQ7tP<=R&iRr`>5q#YxvNwKf#A$r{3};av6S-G`lLt z8r>c1dr*5%PO_3b=yld!+g3ZO)vHVFw;8qJECkjT+%0HVTM%Y_9)#NguD%?JrZRz$ z(yaIq0e-N;b+L=ILkt9F#HGd&*N9#Z2K%U{#Ipk&z0YSjJ?B7+--S!K8Bi#VcnK?f z`L*-D;wj?|8=Q%Q_{ieiuVW&FnK6Yt+_yho9Dz_UI$g@Yz5be=I<`1SnmhspjVfp9 zwRF>UXT^x*{sI9%#6jm60iz&bj3#6Z1dJ1AkHL`m(my2|bL>#R4WG;`wj-BzzB9>R z8UaAg1*H)dQNCRR~`_PQX#2%iPyN78C#QZ-LUbB!|>F@F*xIC1F9?$&sbQ=C{CG|S+!Y@cqXCCEWb6Ew@z4oxiC|mj}UGTEEdggkWMT^6<3g^ zzz_@16pNM33QaldJhnNEf7tKyDnYI(OUDFV90)Z+ZvwC{V@aB@&8_eV#xho|p4yoF z^3G)@Tjg|P4SQo|#tp&3UO7w2KcERA=vltQ$Ya-H1$6VL{+a;F`9y^)Y7M3h5(Uci zB=k{KZ1_1gd1jJ5418_{e0_QNNHbzOGl42LVBQQ^Ulku@q8`knmK}y+vWSp{h)4pW zyyntTY#|8+W@=32*a5S7Y!YOJJo?Xm;;}*KOktYOu41Q%Xz++<=);Ec+pf%&)6Id{ z)d%I~D0;>F`CjA{cuilV^dNL}5vWMMU1Z zi38bfD?8lD5@wJ|FtbF0Z;T2Yhen{tcvR+zO+qwmaWxrJG=oCODlMMiTL@_vD3T%n zvW)lfbDpY`F5C^M7l&*3E1M95<;p?N>=K@7=dz))b*Ms~_swyf!e5vvJ`ya@%U(}Y z!I5sv+-x_{CT7p$*u39M4jy{`aN+r@)E_cMKV%z|R_+4!ExL#;2aJ96Uly;+x{)DU zEoHCGwCF$vgGE~_OI)Gj+%QHAzd@t9P&>ORx8fqz^ITKLB6rr*b0Skh+2VPamHO_Y z#ioI!&y1ZXjXpm3hb6n>3w%f7%vYCOfCYwzo}qJU($v#1bw>_T6GhVWdE7WI3e|1h z&sLj`jIZoASbNB;c8VXaB!!{yLu6ne*)sC`ungHpRLpk$49n}|LW}e7mB9I|wE4m_d6c}%6T|G%uXvL&Kej(B zD>t%@u-eh@wo4n{O$)QF*WdGj@qM=HZNQ{%8vdwbv!{dP?kErGIOqGVN7dB_Z&%;$ z(z2^!tngp>*fX5)S#n>Mq5>hxkL;oDb(-nac2KaW=+jT@@^mm$u84NyA2?ObN#(ak z@DHBP_E%NtMpR@NRebXg8SDXd4)3Q8@DGO#eL3V;>Z%CesTeT|87+4BKD<9hT#0C^ z81Dd$YCjpTa+r|spGb9>lsxDW6_~0+{;(SO?o|1elYb_vcQQ_(&#rPdTX9;@VXWA3 zM!xXpq5aQ3l)$$-qJ{EXm)fesL&2ke5P-wg zHbGll=efBmB}nxw-O+(n?>1)juSfqv0O$ly>ELHUm8WjVGbhJ$!D|2Y!{1?lbwQyk z{ljxc_=UdxHCg2r*y+ZnIy~iX>@RdT<-C~9e~UV}i8{QNwg0nO-O2bKAQ8r({;voC zxy$CG8jyxC_P-H;<3H*lV3b!4&bxmh0MxiZ{RnQ3Fn-BD2!NHMFhQpF^S7_HOLEzD@Zjc$cZZ|H7II`qY(f}7o27n5-C^eW>+RDH?C$kA*t6= z&9CL8+?AT$HKaUrnmvrAJgu8Oou$0In!Vmhd51T9$4k9QYkrd>b(<|B=+Yi{^KKqylhS0!X9-sapb>q=UFxf`p`lrCNgJq(hWi zLNug9by`A=rNapR69Lc#fdG~(5Wx7iw`Tc6pyFt1ZTZyH+Sc5j$lBD=(e$CPptyv% zgap9TT=cl7<_=kIRnoC6T>!?&8 z#D~GL$v5%u-zH`a{g^(xxZ2#^pPXCVJv{bBeE4;C@nd$OzWvMK*i?K@+3)kK?foOO zcQIc_Cvz(sH+J@mYFj4J{r~CN;u^aD|DP2H(EUHU|3~-#UksZUXx11mS0cEoE>~lk zA4;!K-CMj|Pu6j|+OUx$mg!A2KfKz?4X8K`z9mApL;& zZ{92C_(GScMhpX+#^vw75sut0OhWOl04x&r0L0DlH;v9aEEuyp$OJFvvUKY~jbHEE zM@d~EeEC59-xZh?!pc}oG_b%+AsgT}3c%47J~hM+#HaxP!2k@*Wqx%3&u@!2{Gv)L z;m7Bq=|ZokewNR99~Z)i=xKp_^r8vls6zIKEUjNMpVj3weMa~H=>DG&-T$Nee{}zk z?*GyKe|9})4!(TOH}0JKk?8&(-T$Nee{5-V|Bvqf(fvQV|3~-#=>8ww|D*eVbpMa; z|Iz(Fy8lP_|7Ym_AKm|>`+s!*kM94`{Xe?@NB95e{vX}{qx*k!|NnnS|Bvl^8Ch}} z<>f78bnfunJ9_If?!p@<+PnGsGJ)$VQAaR_`XXl0JIVSg)$8h5)I9Rt-~Rtiw9*^5 zi;Co<_4iv>*+-X%5}usD{eOJThj^>Z{_b3^>mqBPOU&!y@axiW@4|kftel;cwCjp# zpH-jh%8TpjBY}botMU@XA`OB2=9N`{^ZqBkbvRbdUX~SdH?sD=E$@7%R_mLT_6yQ{ z2gmB$rjPX*>a+OtML||Zm!8V#uI60RFAnY(B92kU6NGI%a%p9l?{w(M%LNrvBl21qY z{hXLf2uXM{?&9F~DaTN{sP%Y-ZT(74rYz3l{?0Eh%@3epG6B2a+~b9+X`+t@>v<+h zwMw)q?ap|$!?8Se|Mvf9)*l1OAi_wAnr`{OlXdz5R|VZ&|JDMczSLm!r9S*{&bORn z@S2#&!JD(Y`yH{EXG<#cI-o1qQmDyt+J#SHU=-mCW*<7VD4{p-m==h5?jaR&?vWRaWnZgJ4oARba*TCdwbl}iQxgm9*G8)@2IrA zChSYUqcNjb!q^w?@Y!asKmH3Ydz(jPoK266%e?{W1_zdH=5PfHNMSda-eD92_CaFe z@8bBC02uBw!sT9S6Y)Z7V<7$IsPV;P%AD}$y;Q6(e2{W)Q zDT3$gpiWm>*y0~1>N4m&5=xElN;W}7 z6wWNK$x679ww;e9v5UX~`5lvmS=est*!(UR1i-W8Kp26cE^NqTZCZ3NQB+NFq=_vOW-9KQCK66 zJtyFi6LdpX8x3g)EeMyiID~F%+3h@ebGWnEQh2T})NysHYo~tQCf-GX5J(_J)zW5= z3B#UeCWdjWvpyK@LJcE7BK1!`rFUXuA;2&@;dKDUlDWmC@D$Pje%dVGXV)uj`=%Nh zqODee2RcI>egq~yFAQKAUXwM=x&5qDTP5=oAJ;XE5ywSD%Gb0BKLdKLb!%ode}Eol zH7HP!6FGF!DlI_nff~CZ1Xzv7i3C_8U8DD~C{4(_Fxl=ZJ4K(UIk16bf?fk_7^4@^ zcb$7;YP{q~(P=^21?lw!FWLYzr4dp+Ce5u|EuvETdl@-IhQxZC3BC)WGcACjVI0Y zL5x@u(wdxAV520wvQqg`USiYghp+_&f1lp6qlc0TF6psNa}J+~E}*V6;cKL%`?a0fts}5LJUwZw(Y7Q)9-AfOIEzSd-Ja3j@3^ z5n!Ai7)el#>wYvX7zbAl7%&ZHBG5af*Q`q#TYrl&V+2f0*DY=Ed4KeMwyhSDF)9Kv z5?)z?-b!_E>(xYQgP??G8`wc=n1J%k;)qSXOn6NoX5-*DsKFRQfVeQ)*qwRWD7~3~ z>Z6HxE>>MKHef}B)FU2)H59)TcwZmC+i0q%?29Fz8+^ewHi!Xd7mwFI~d5z{BZ47;vw5&bkju3LE6Iy07rT?kF!4_-aYevD)c=mQ*4jj)Md*{&3uWAj{} zk7fhqP#BsDK~M+_VIY>mB>*#7M%;Hef|(C=le8^^9~_gVU}$nE=*mEJv|}O`2{~GN zb{^{X6=n*xT1l?Z$fP&bmz?=nH@5{m2v0Uc`L+*iS?f1~b(5K?v}P2rUI0PNrSQ^& zLFH#SZWD!HNxh+zsbp+ov}qugr-%ob)^!&dqri*o-woD)L4ZbN>+g~W*n5P%D$mnr z#M#;(>Ug*da;^IS+t5vf1Tel@27+9R;YkP4UzMzQRKS zg7J~vgnq|ZxRv@3D(D)E0EZ<*rVrB@Q-#&Ucs2kSKOm^jqY4pSX%>9L)sL@}9OJiR z8vJs;XUfB1sbbARp=DZ4))l7UsH}}uGr8pXx^?k@!nN~N_u8C9t0}p&#s`9`t^DSa zE=Qra1>}pD?}_t_KM45+w+d{KI!gtsmsDdsT=pN#P%e__Ojp(2(&JET_FX-d7pLr&iT zMKCNv9#zEpx#2H#5&2A)dMh#3eVvVkRwd&*eL=XQ1uJE1gfxzP04B{cka9Mb^qAgK z;8(<;5?nN|He_2d$9ptfMGV$QCqIOkeatKWD_v}yb~&VPyemTt;QvMY{e`F~Svru4 z`P4$ti&oTFT{#?3vRz82g)5^BC*RAgk|H8NY}qKnQVf7JQWMGQ`raKlpWl+B*6%}F zxC40t2Qkuf!dJ5z@4%-_J5+mi;Xey6T7a=M;Q<&V5faM(+wrxeA{2`S5eN~7U~kk5 zPmCq?h_xqjHf>0% z71ILuuRgbZdw}<09#oPoX5qz(<=$y}b980!GjEQuIo)RYfOD6^Wi?Kv73(+`_i3s8 zS92+ac?Q6ni5oWGf%59OAUeCdzV`$pZAcDJ-7Wl`&$^u_?iZ0CJNm);6X_W(i+E

      *3bCbrv zJd=V=A~DA@Dg*I{C}(1J0Z`9oOfWgyd8x*4f>peX;$p^UKP)-NreZ4HIDBr0X#&DsO>D zQgI%V_mr8LjMo${oJa0v+@X?p%tCW=g-ey6Lp8SM$|r$H{7k3ZCvT*N36%G&i^bB_?YcWeUWuF_(% zuuCF2oYokJ&EXU3FyU2B&wRlS)06KIp7&-D+10;-0EEhvqfJptaOLiS=>;|*C|Mw8 zM=P!$+Bbo~f4O%5kr}lWQh2;TWX_nlos4J#pq&HcP%xaZ!JtSpC3SNiJ9dDXnV~6P zlG6gtzs@hoUKnbwO2ryivF^s5FDq(xpRACVc>Q2tm~S!rp)BZ;WWXag)-}IX#VXy$ z+Mx_9&j3v$%qfZoo`nj_EXr*lChPzv2@vyL-t_|X{c=}}#68OE4>DQ{gr=xMmaptj zo0gPT3l$J~w8QLQCtj&!TiiQei|JmW=`MuEk$SkYOJW8*mE@3`B2n;XBe^aN(%X0` z`JPf;shgb~ch^!EUOd_g;0G1qizbP|o*y+rYWD$HO$s=%K*x{MhL~B$hl4@CfT0JZ zcWtSVX{j%Y)CWVcqat6)DjTd0fa};b@t0{jwxzX| zo_1T_*RP~eFarm4{oG;-a zQ#L76wvCXuHl(HHl$FPnH8z_9GX{)3Fp=0UqG4U895;5+u;8#LYTqW_?R}6R%4Ca3oCq7=MsfdE_oxE=p>)ga63o@m2C!<9nW5dNvf4=sx|3H>QFn!@hrL1 z)#$?A=n6aCL_USjc3)EL6~Eg76XhjzJc+6nO{coek`AduMH7=8$d3NkL4%3Iea*bP zEoNbzkIMV=KelPveInccWLN&#(=H)s7aGCKqHW(hKK-R{U&~=HPlD&WV1KWu?Qn;~ zNYBg=ia&S8%6z3_v@YyD)xp>`ZkeDXC3fWxeDD}6buawDet+Mpr(#kR{=-QifVOhl zC-l1&{X|%0GrNFW#(|%EW?>q zayH|fqOt^c=~CCLoSuOW!jx2Dt3pf+Lx;|hy+)A1p7_}SEj0Rd8-Zu^-h|8 z^m2!t3JU#_{LlVhUFb}^`pih^+^YIqUeIvx@T5=i7nzW|#s0;4$Ytu$u~YSRmC#L7 z^-YJ+ZJ+a5V)f2o_1&TnYO@-3cyzlc_#^vhA5-`mCG>~t-~IpZ@#+KK8Z0?skkauD zevO;(F+d&r$4EFqMHuH_{eR7T8x3x}Fkad*O6%A`w+7q^!mq9gXRpTl+y9RUpOp(Y z8qpAK)es*ES67u0C_EQ)P8J0v`UYt;@ zh%jB$GW`)@HV>o45oMvSV_`a_zPZOLB+4dr%DN}Qu2jdaAJG_oNUX&-TjweTyx1^4@T9mK3j;~XczrT)uL{wn9PGCt?aH~%6NL1*ePUw%Q zFiyQNiI@m=JxYX0Oq8o$R7gxrs$NV^OkAm6TtiGkr(VKXOwzhu(pgN(t6u7zm~?o( zbi9~MTD?q;m@K;gx72B}G?uioZnAQgwDxMUekW-Y-eeOmX`9w$n4@-_h8O&H zsA}ox=9cJA>6reOm=WpN>6X|f>A0VZ1c^)nb!!5XOd?lnqL56I zRBMu)OtMmIvW85GPHT#>OsaKjsz9Fv*~Q(1BAGVj$uhHJ^d4Ni-9RQ9eqQmzb~fe zmq#XNS2uUOV>28=6PvpFvi|w#*dHC%cS+f$^`912H;QUo1Cw*3Gm92hHdZ!vg46PT zF0T)aOiax$e;FJ(I6g(>mhB!Kxkjdx*0=2)o>Vq>_I>|xc=Bs?Yp1ER7m-)~ePZV9 z;`$gZ5B$%n1OMDZ%L8b604)!o~M*a;xPG&L;RMG;s$uwgZ31o=84HZ}}4%sAR7)#n;#w7)_UopxW8ZYbsjtN^MN zAVx`u#84Sx8>VN5D6XnSg09Q}8d{ZyQ3>&#zszw6E*r5n)k4_CO#y9T2-R{0HjXRC zFby;0IT%O*KeGgM^;CopMST1w3L!E(5*p|G*uu=pST0n-!2^Ib5oACZOH(bFUJUqJ zVF~m|r;6+*8V6+J<9Zbb(L#_ZHT)51d0^Pb)8@-31`C1vStIYy8%m#6+G*UITZ~O@ z7@I}ehH-w(9_*QtuIq(3{xC<&188}m0WA-p!7; zK+6MYdBD04Ef1jO0kk}TmIu)C09qbE%L8b604)!of# zsPnenm@RloJ!$FLjxo>#1reLfYMCT17-M_;qqj! zNzm9bI8K(V%7o`?xrN9yuDs-0Vuc(&jj`E)X=S>bXgcg`N)tCte=bUARZ5lGPSIh^ zGF+DazJPhtlwoR`pkpPt4#maF_?=yQ6%}BXA!_F5w!)ch<~Xq`d;5hguAMi|NW`d& z&)1I)v?CE zxF&F5&VOevO}zG4eSML6-BsLz+27(poJDnpMZBo_6JiVHVT%V?mXVbf_u%WAkDjRY zb!+uSJXIIfDK^k8E>)M@kcMx(s4|DYUf0mxcy&mvH_We{UH1HZV|CwBmBK0-uwr~= zRp)3W_{55!X~Rr%)8O!@LbjFNRN1q|85^o1hpElLhntTJHncabUiexSJ>3dgU221U zxcVONEV1o!C;HgFV;zp+jR?n zhu_l()tB@;ECTxq!qxjCQa9rSY2v0H#2V=)q{1DttpifGLl++;4(p@}_D3?BUO%%z zR6R(0r1N3;MMm6C#;$eJrezG3wY?Q@pXSaxtL@idJ54gXO;)@2eLLFh+l9q7rBjNy zRFTE!JIS0@WySo3{+77eJ4j)>_^I81O}j5=cI;v{@8H`}f_7YsyY+DUa>0g1s=cP- z=w^RALpA%>j*5;{aoS(&1;zHAiz_{h4Yc?6Q@{>iI2ZdCMS7dIb3FIcLLC%;?wNny zAMDuuUS&Vh(SRD7(i&TQF?w!>+;j-TelX4{FeRut9mY4a3ICyf&}(&nwuygUQf+~e zZ}E}FT-8C+;{7E!|0MpI1j^)pfl3yLyJGrR(yV!p?mig=wJ9s=A>r%CNtao_)=*ESQ z-u30jV>`YRb~RU@?uEk{mZs>M ztypqiv2CGbSv$p;xu9GnT-=@9JS1|w?`%1!KAu9|>z1^2@=5N~}cs zE$iW@BOJf<6<&Kv{xb7_?Hv1B`ortNsZaO+oXB=sKGay06q0?UWGS~~1wC?tkyy%) z*eJ>^Nt7@=Cb5(7`dw$?E+zRJ)bU%TnLzodOjXM0X%2%r({>B^Y+%q`hx|-X?o4ZX z;icDojpi3R)*kZ#9&pYxJ*lU9N?ZC~CI%($hC&KP)_Nuv9@h*`rky$#I;$_XURvgu zScjWhy?do1bbiWy{w(QSy!zb0*wJRo#QDO+MX1gp$Iz9;#7%BCTHRvW^1{=4FW3FT z+u6$-m3HC7Wq96r@s`>!cH+XH8t!v(5zzejE%jwk_+x*m%Mhl=0XmmqQqphZYa-JA zkp~X(hp|6i#!O$vmUwr;FZ#p0>>ni=vv)n)X*<9E8Ojk)cZwhp-i^6Mi;*Sv4*QIIKm-5$T&DS5B zz4L^OD}@|O`>(5Ud{@h_Yq)Oejs!|{8q&N3l1u0xnpf8TB?x?dtKKb@SW7o;)wh=T zCYV)zrl$06z6t$u^YDjn?7nZ$pPSmNONU?A6Ls}H*1x`Z-5~#*b?LNp=iE*Od3{au zMGZ=MeCszIe)ksd8`Z?=&0CDyh9zIQFSo3lg_B> zz|dW<2&Mp(E;H3YVFpt3>y_M}Yn+IO7?{XYjAiDY5PWJ;hwWn)WCR%ps?5gKBp{Mb z%58u9gc%-9C6~x=OSTHcV9-$@#*kmh!|^EiO-2I(gK_Za;CQF7K?>fN6$Z1mswM%X zU{b9f?>+X3QqITP^xS{tfmoV)w}Zd(0N+fF8O(~_{+xfV!EU;4LmIK0)8t0oM8}QM z4Ku*HhXf(qazn%9=m-ftf`d!N2y@vh?kzhlw)<^q8R2@_Zw#`OSvlS46shu4Q)!g~ zJ|@`s1ocqqhlqZdt~x0Ss$cW^=Qm5&>fRyWL+cngfK8SxeA%_qOWNdFDcUm@s7fx$ zaQWNI`r}OV>!ZW=n^(h2y{KdH8k|@*8cOC{`gBtdYW#;Ws=BDR*Jo?fyNm5i`&O)X zTPePPL2fSI>}cx<^%?{ zZ9dRo!@saZm?RItu>XPp&~(mq3^q|!4|Yt z<7Xra!~bOv9Lhf!?ZJ_AujsSr=FRRR`fCut?daD5ILlDUGVG~I16;AE+}*w(r|7=$ zC!G8CnDB=~(HpP_InAfgd{K76*3GGXMER5Zcfa+pg+7Vn@<#Ruw-Y`CLhW_uBQ+;! z42dM<>Afl(46veyz;H);WDit8c)bToNdLPJimfKz)r(tWTkuUZY-HH`Cr;RUJ;1T?Ga+(UkjNzyu!&>^wW;P?J2my$>}8(8 z>`apTU?G213I);qlpE-04T^K9IhIrLyCCzblTRm{9jKOejOA!ZX@V58x#t60!{_q_ z-#?mL65+Z1P+H<-m8wEH3whphlLl4!wX}HB>(np)HTxkSNdS7sPKJy5UC-t~q$z8~ zmx#SMF0#Widl!};ltiapWq`NpbF$AAV?Jk)RqQVB59Z4k@-#ii9)tum8CZN^OgvHp z71w%IQ{V*xLQV_{<+Wg$Jq#Bkd*t%YO?u_4Rw@jqVc(K8!5A2#4!HK_`3t{cy;{EDpIq4V@T7hq*8YOU9h8 z5=Vl8S0e@-&3a%1#j$-x08G*0Hj(8AJ9?n@UXkXR0uD3*l)T5RMz_=ye>m9K2AIjh zlyg+2cT~b&kVF%}^2stvWgtPdDHdyaU44+?z|Xk|vo2h4_B4VLv`kq;10|NP!Ng?V zWv(kM5^&8>ST{V4teIdx*oBnHOqSs&oWe*ngB9c)RWylf&4J_6K2`0a3?d5-@e3(g zYItF?{R>=n4wbKhZFSiTzMGv^feH7S*>PxRwAf~B*bGj_Wr%5rfZs9@e@0{uu)rpk zmfFeKHcE`E1qp_bfnsn?ap`G#aD*{~L*~2R-lJ0>_8-NTTJBD-Cxi-+xP1#;*D_Z} zvdjMDsPhm!WI43JmF_L;AKI8eWy3wJD!^0NTO5THn|qO+Hf=Qu-)1e)#v=1oxao2q!zP2WBj3Tn*i6D_9b5!CLMQEkF(WZ6f8U!|5>x z&sJS8!I$AwOHz66!`N7>{-wm6jR2@$rKrrtVuuIR;G`Yry&xp*#!K!B0@pzCo|s^2 z1Tll?UoaC}Z3i>yUcTH3Ju8!Zyf_=>QUPxDd+v9$e8#s6QeBIDHG$+0((ZU^@(C1$%Ypf26tQ>sW|j+$ zNX5#5u=kf{zvIvh4pWl*Gl{K4B9W0%s}%J!k5e5_L}C16#9wp`r|yJ8?Dy3ee(Cay zAJ$gf@~tvqwZ4>MJdKL3c)%g1$E)b%RuB?XL8?HjrQ_B-CrSB)Uisl2j_moaGS}`1`c(nx_SdT%Xzr64BwQb*Y4< zQs%dlZ>D}`e;kSW@*4&}pi{r!{{tsbOfy72Icxh`ya)`r&#;y1X8tgOvbj1+lzFLCF=J%Gqx zdBEmd%iQc#Q!M|1^{Wm2?+>DQtH?2T+os+q6+Jq$)q3cXQlqb;^QfVbtCCD)x@{;+ zuqBIB-6a%wHT=ctvY0$^|Do8c$p9+xys_jH`})hJ>^z1{Fe{g#JgDW|30DdW!hJ}5 z#_XOroORm3m5mkP&CBPmcz3r-MH%sv=B~Bn-sl1#9d*szw;oLHS;*Gqflmc z7JMS4{4*ld5ccsygrCA)H)c$nO?%l39zl=m)sGn%_*=>q* z)qbBH7q%fy-03`Ua%Nbq3=D|gE>;|1!9pm9*w{1A``njT4Im}geXz^re-uEM`U}{n zKYQ4JJ3>qLJ8!9D8<1|xg5>`OUIb_iyZJ0UeXykDT(V1jCfT--?4h-qy+?fIGxPJQ zr*{&3(Z0G_a4p-ptt9O#{>XKGnpHHB2x-xDVSBdJ2}vUYS!GMz9|WJe@7C_$@z6vN zHX3!dGY%k)nDd4kbhD>=nVcoawkWl4Ll?Ih6nC(@c4VS=i9mZSUwgaXuPtO=4;dXu zFkhf78AtCTN8ga&UNIiWLdSRTPH2s%n2oQpmad9&^ebZjL}aSAbjv$1keG##5NiV4 zM4)TNc~HPSKWG6Iu#lU5Nrc2d{=kv3RF2g5sxbb_&3tynh&OHw%orc}89{cIAR-HY zdJzCGQ=lG;vl=5N6&c=X4mB~Ayn_+ozDV;v3uHyW)@}?2cYy~p@6DM+ubAjZ#2gTU z4nZqWLQ_2TObBbpA@0bXfFj5F@R9T?K@0_D>T?!Jd@8qaV&agW(q;gZl_8OZSDtl| zVnq=!B@@h(7hfUQ&YH*WqTn=^S;$JXF}-nJArZ}Gpn7)4z{0m_4D2t#lF3k{S4=>Z z88;p4`qM0oLybS_`NFAL{bl6xpUp5>3TD6m#bxqVF_sAtUq7}Ea!VTD6EFkB^E1lK z#K;O>L(Mp&*f_!QoK;Afo@B1mRi?Mg37{#jWHTUh^#QRt!{VCM=2QMYCK=H@0A?z9 zXhx*P*2u!DA2CESIVuS^Qx3|bsWK78AESI&;5!N>;w~V1y9y;^Pi$cGj8OY44=7jV z&n7TS!`aC&A&=h|u$4n)t4xIinHJmE4sOkPMcMfT*^l?*H0sPA@rE2-vT=be;C2=T zuIqYgi_F+i%)up0N%s39AjaK1mD80*ZX|04m7> zus20|;xXbo28V`>ma>YYtpWJuoP3x$5-cD|Tk;<;Gdj^Fwx% z;tdl{MJC>HrnX1}J7vQrWt_SKwM~lUaYDLQi+MlN}ZP1=quGc)89Nh6ym ztKfu9U5bdu94z5{o?3rberFbW)I2A__eH4MP+9jH#G`CH$+n;gnRd0Q_T5y( z7`6%lsWu6zwt1;|j36=-MY0DwZ@_kWbaq`Q+(jb1QFbK=Rz)fZj}5R}{yr<6)z*!> zY(r!RDs3C2`pS}nBlQK(?;@*ESzbRuWNP*cl&W7@LKCIZo8%09?)P-t?|CD0iFseA z@HWMT1{viwc|LYwwj+1fMzn>M!?)u~?KCR1?c22-BtFWU?EXU`IHr{Z?K;gdXrWf) zwiohy_Bz{mE6PJEFik7l;07MNz_uN5%v{-Qr z%rEBcirWA1*zS`SZ`ZJj&G)_HIX=1-J{GfzG`)f$V&&c-&hJzE{x%iOZWY6JVI!!0 zH^Yii`QGoU=EGD1UdI)^;L7pyupf^qpOIEh&=EK{%CBehDv{h?Sj~B>R7vO@u*X8c*l^e2An@)#oRJmJWz3Yi~8)1Ul?1CHb z1xL%Bno7^~g&rz{1km7vv!qK8++&ew@TEI$7s4^-a{3*Ai#od;Eah^oFj z6#8>s{RbrkC>>p+z^FQ*ExMYSU1vZ@7)$D}JmB(+%4I}e7+a?X+xYmFSlC%v7!&0j z0`?M4a3==;BM-RXy%rvRUxQyQOmP1g$GV@O-ia{yI3U7>U`d#G>-aohczm~p!C1KFtXfPsSINfNtBw@7GXmliD ze9>t9N5TZB$%I7Gl)A~3Nz#m~$xKMnT&l@jPSQfD$wEW&|0D81%>Qo5v7lx(hrxjPlWR`?w6!ecw#AcTSBxhGNb$lC}I{9^8)zaBH@IAexy6^jV-RGXD z4@D`36@@j;|0|jQ|G9V3009~xKm!D5fB+2;2#U?B2egav27QK+yCQ;RR|(@lV;GDW z%YETgiuuw71>$8qRQ6O9#yFu-%osJnnI|TZPxk{!z^lQGn$JMoy&0-{yIO)h?ghIP zzDi>>DR7|8NidJe?70QvdECitP!--G`X(kkp-v%H^t^si} zBdY@_`Avy#w4Z2`C%GS_8BU8$5Abr?r+=@olKM7_1_BV}|vIH6+Km!D%Xn+6>5TF49G(dm`2p9t!9P%2v zyBicu8_)m&8X!Oe1aKlWK!64a&;S7%AV32IXn+6>5TF49G(dm`2>$;L5Y#)|e{22d zVs_-|cd<~JTWfjhxlwAO-zlM z$*fog`R9A~vtPqJ8@}B-aFTv98SnFKYFyAZov!^sxZv5+OXO%*zx~tWo>$xC(>*s- z4tMc^k=N%927Pb2s-I--XP?j7kNBs5MqKqpbY4Al337h9eA9lRLTuy`CS_0x^e=y6 zIdqBAd4R-Y66?DYb&d9#U;AL_?Z;kq5}!7|UQTpXCM`Ia)I7gIuKwnuic^0|=lrIW z@hZZj<8}7M{EvBJ$>GpPzaL!BZ!0NXN7~|2xgrof3knwlAe@nF958;`u&rWX#q`fuhZjb4|0S~#i;^IgQ2 z^X{QuJPud7S*gL7l}@^Z&-)T}0Kv>}!MH_{ItDx^Z_2&PIa= z3GVI^+#P}k3GVJL3GNasIKkZ|xa>6VIj8UK+iUe&-=GKG>tj;Wn$)DK{?G5x^qC^- z@|^f32uMZnJ&+W6?6H7APGin}jz~y7XIj>7YQkUU6l(NmE7opdEII%X+nc51o7*lW z-!pfEo3--k&9euAeRb`)4pO zxexT8il&Ppf5O*a;#0lm!j(S%3if^x5fOQc`|AfW@qBh;>FQj@d>RvZwu!Mh?t-ms z{aeuhs4PJ!WO+0~k^0z;#KZ@mNup&)$J71J9tl7N2oc2yp>*yBhI9wGG-LORAe)N$ z_H_?WceihL6JLpjmcmdnh+#LD@H6n>{O-bq6({!YLF|PN{T6^mj7G=@3zmrh1M`V9 z%jmeet~tAxks-Z|OpO%%BsDS-m;exyc1Xx#5G_b}|D)LXu^7^`7?Ww=^^ExPQUJXS zP{Wa!Fd7?6CW4e);*nDV@uV+pMugF}PfV@(zCZw@9tK7xf*wDc^*K>W1}MGQS5_fX zoG$81*)K2O%p0Alr3}>mRFZq2$VME&4ogWVFOh;pPd_WB;5uNi4X*FW3=B-s6$T!U<1Bx}n8g=8WaO5t?+(?e?0^mqCUP6(j|Mb%9Q zOm?JHK1kI>1}VuzAk~IMZ=j%aK@&v4N|1{gfF*3@QDAKc>uCU)2H1h37W7J7%Qe{T+$#BZEbbQiC_HW*Fl!ox@ zk-S-+Tv*OL&}dK?PZ0dWDV^P-XrC+qg5wurLOGNuw%8?wH2MC_fzi8E7dSYe%VVQmfW<;qW5=w-)w!q+BjO`xQxlDL`Z&!WdJmQl-482Mh-~F1_W-D0%b@eF%%#U zj{y2_&Vm9+HRb4353E$A4~rz9=k{r#|30gj1`3r zFhm5LI!2t`$F4soUf~1bq7o51I8d6VR4S(0W~O>XvGCtvVP6etB1z&dCrr1IhR0J7 zasVmY@~C7J13x9w=Rs5$8m5VaY6duKNN`ZVDoKHc*i7X(034OqLN*v^71%_K<3ntw zN9=|8sXM_2hNhW?QI*!2neGc*$GnLUHbQ5C8A}vEfeM}*`wSxo$!r^N&WPk$_e)?a z-rdd!*VkYCa2c{UJYQ!!#z7PSV0s{ax)4c(Fn0uoT};s{#_;eF5Kma%2CSe5D$k|! z#;Dy_ew5>;`*2DxPm=dHP4XwAsz^sZIVy=7x0;76i6_+DLc(07EvIgi`nU4A#`cfh zqDe1^0g#6|71UgI=3nBW@mx2*xP4I&vRqv*^fb&J8!Ar9<07vT`$S_oDKOmO*2*+1J z9UG1+m<`ud1=l=K&D@MLMB$Syg_goEb%mzLkm*UleL=*W2K(HISo*ipTKwqgZ?G>! z@$U!{+0)Rg3IU(eT(ai)^cE8bN(-v$lU57V(-lt}iL%ru?R$wjWTUyFmeja`y5cB$ zkFRt8MS%Mv0?7rdkJ^PouT?DNVXI%(98n}B;xqz4JFljb^KhO8zS`+h_03!w>(Fq1qA&P8ijy>fGd?Cb zQje_#ku}quya7$2=8x;u|BT_7lU!B({`P zSNDwds9p5vf>$@Ics7N~w-xGl?CN*T^xa+b^Mmw3U-fAU){dH5hHzHplgC!FejnfH zS3s{Xzvx||u5Age|Kc#n9$lkcS))E)yMrsg|5^6?O9$j;{jboECu;rYrjIYatru_` zuo@e1!tbGCsSs#3?gBOrdez{YH;@MnmpBcrRyTmfxrlzHND~|HXp8{xMx#fD=*5P2 zG0YI=O}sFpnfFFXW=1%JB?Q?dc(I!#dqyLDo0N}6ME23-#UHxdfBk!+P5R`R<9T)se;?01aD@#ypzhg+XdSFINzWaCi3a_ySm%1 zdZnqB+k5TmU3xW9Jw-*`HM3FMUF|<+NN{_Gv8_htyk-;4#!`D~KX%20_bjp}t#0`& zidD^v_a2PIY=uABt?l_Y?8W{u2b1nQcFx$t?+fW$xZ<|CDK3O(W+{arqLkjmz zzVGX;Ss))bh*fG~Ylv{JOUO6J-58pahrxStw!Xq#u1^wp|+a1LI%lw^gr>2`O`6g-(Yf-~p{5b*oDxn4Bk|O+wQj?R$;5S6d zIWgrbKji8$`wC=mDern^a^lR}e918Btk&+l%lzk-Jc(Sz1zod{u7`D9-4(BoSX`IwU0waIKg767 zW?ws2yUL;c5ysp5u&^&bX|8@;Ra{#h6nc6*uBfdeL_Rp+)UblkIc<@-C3>W#&QVNyyj4=<(4t~ zR)5IN58~#J<{nUeYsYJAIwWp^aO5m)Wyk9tA$7;7=DrFcy$h5hQ(2*Ethn;n7Zf9~SP>D0m-Ha^IkPA2oDe?sFf#e_xPs4}^J$ ze+3B6Sy1%Y5~cqE2omrPJ=a^~3?9CvKBT#`eRXF{A9~1K@Z7b2@X1m7w*HWd_n3!X z^Htb0U;44o;33=Mt{dK~DEzTh(=(%l{vUuKj;*-mxMb+D`tI>A|FH(|sgCubSh}y1 z=P42N)MW9rjr7zU{?vNTT*YfuT|z8uQq}V65sW=G;)!;Z*mmDFWOR9Vrm|(y_=p^P z+e>?Y*L?2dUFtt?7$74`m8KcW@fminE{~&uyov>bWVYjX&+`n%^Ip$BP`**v&%$4y zr_pH&9DMtvUq( z1DD2c_Qz97zXAkTpwT1-T8P!*)#m6o4vU%ShpD2mbOHA(!NUuqU}%nXK2KGSz#upj zLN><>a;OnHF=3fB@uH|?Mr8$R6bKu1p_m*x@-35%8|_32%w)aYcg*6IR_FbhDw{i& zfF_T-tJC8<){SlsgyI*f``Td*7;1912pdC~0#q_7;)jBsZe?D+2!THG0`LG7{`)W{ z0(R?!(9L2gUrsxl9uZdkerGXIC{iPWMlLxAa>y!-C;o5z046{j6z(AI4*^k^p2`BU z?3XEEu4oXAHd%z;_x_DuR;dkvi(_ydaoN!P7)0p#{%R8|Oz7_!x)O}{6yKF{AhN0aEY*Aix$q0Tf`6qJ-E5e72jNtYzJ{8+xNPT%^?| zSoi@7=2Tof5e5|>lOCoGfGcZ^1};vs3?k4BaZgt_QuLZn$^#n-g2KR*2Ybm`fOs}& z2W2QWcmkLNl`vUk`0gBk7^nkUZ7ZXZL&Kb)M_Mz$lp~N5o!VGAtfW|AsvOJnVhVvO zQYt;RIA%Ge^!wu@V=aT{l0_~3bT_h{@=lLl8I>7fH$u^r@=V|ZbOk3l!jxz((Gi%y@jBV% z-ptg&Fe4@ofR$ijm>8NMc5fgl;cUNzO|BZV)WXC#>(Jj`;%Y?n8^hXkOvw&|DVR9{ z)sDNp_YJZ*!9qMsn()f_OXRvBxnYED_)y1BAcllx^g2DB57|+ujx9U}(VRr+O-2~V zFimWU$S~}NQ$#R0xtL>QUw?89D!LHcQ=#*VbAvI>gs1jUY!onO(CNS2$#@rZ3LL+m z6TBsEyqR{Jqn-;uYHPG(P&vW-Inh4OcIVr+0w}#yCWJS_6-A*M0YK8OV7O~kS7BCB zd3N!1{QmSHBGlG)!&;y+w=yGKI3L58WeY!@rd~geQyj1>e}OUUwLPUxi;rSJui{8} zKDdj2s$%g_2wq>0LO|$wH{lrZk$4*(6CwHfjH0VAd(FJL16Csj-qS-JU_4ijUT*E9 zLnV6y?bvZ$HR;RZN&(Fu78*VthyxQC0-TxUPoC-ygHrARoAbpJuCaxeavJU$^RZ`+ z1cnJcE!`8dHRk7m0-#C_0KnEp6r`Ham!sG-SGvqqSyPPyDp@!LXE9v4gHU^)0&tQg zJFB26=Ia>bi(&+4WNjeyuk;8@U5a-CX#KGsf>dkqr9%9EkZC)vT#2>`xBypFQ$4Kd z!0#K>tVuw202l>;#vXyi3U3pP3sdmU6a!IWMD@vK*#%)?GIg*dp)Zg=p^zg`lt%QE!i@ufzsUPvZ}?bcEj(_Qwzr!bXsD{; zVmL?2LVz#mUfo1g;-d;l42TpkhQoqUSJc0CcZ4jOhcqa^g6aj0WCR{YlR;q44q zZ@9mN{}!X<9}dVMWGA3vwtW%LG@r8W)0>aH?~)S6cQ5CH{X`^`3=?^QAX|yzGhPk zNgK=88R(na$vY#H^8Gr#9eAWP!GB63$5maFfKdYkkq3Y)kdS3H5w7Oy>1T}lwzCs# zsS?SFqj;qFdL8y?iMK41^3Xyp0lMTWv1XIiYN#oyacPPEQJ~UUVg?>$>$#tas1=!2 z)_SyVnvVKT=n|U}u~L*lSagAKsD^=IQc>dZDFl(7sjBth3QeQ=Pt(G< zpAz60KT3)(#oKZLNZ`7qvA!?P;oLRM&waJ1sTiBOV*bADyY2WrW3mJ%&TW%x#96cP zHAc=2a495_eB z4X$9=0Dk-=u=cDPY7k-I%gonzg6!Z&d$Ktp?$J-<_A@l{^VYoGeL1{--GJ!0(Yrpr zNbXMdsOhk6Dw=PptZSFerYBpNFa)2uSU3{flDA^0+e&XiSMi^Jn{Eo==X{i+ORA|f z%V1h^(8>PvrDblD)&Ik=u`oxPSmS5CT@60b)_imP6w1B&6@JJb*`jrg>vT8J*HQ8y*jaCeQj&nyd8*(?+v z_r4oUy7hV3Qm>O+B|^msE$WXNylL)wyzOH-&80dm(p$+bTU&we+H+&@6@!w{r=m*U zJD%Ax&3Hdg^+W__zLMg!|FYZqJT_<-Lk zSRY@8obIuD(LD`&UG#_@RSWXhQI+%#0+3&vQG(M&)@>iLO-0N_Mcmgv?7vi^ONug8m^~lIt$4a z8m_+2)4Wz#2l|i{=o;LTjNd*W-d`GoB#;^c&|rktBwNLRJceajMzC<*+wvOMIEnz` zSQ(HafN7!^C%dmov_C5=NX!TuR|x>$4IoVwtJF88HUuz{BQ0lu1q}gULlUH)XX+d1 zM!71Vf1&Qhm3icXrYQi6n?UQCV^1Tba^&x(GiL*afN^p+&m1huG@?hi3F1jn5IT-< z2=1Uk%d`{&%j7j1IhhptA3pT!OiJ##SwdkgqQ~{WI7%BR{TqwMfWmy(!F;x2<88-0 zxk^&}C?kkWd>%nP38akT?nMksID%dX2sn#IE2k7m{wK7L!IMh{y+ws&-1-XWaOBbY zQO1WF8*Ge2Lz(d67IeSc0E4z+Rr1++wqcTu_Ju-_#=Em%$!dW*KGBp{upkEgJa+Ru zaO)O_R1P?*|IYtY`{Tyu(?& zlZ|SsLTWZ>X{JYKN^icy76tklBh4rmr$%TZ8P+e!BP!JiU~xv$>@4&d*wOz+3W9@l zBWx9Xx-yha+CYpgU@te6F;qR1T}35ELYvJ>#^0#{?Rv8%U>)wF`BBN9?8ruiD9vYJ zQ)nuq6;UvdQhF6avzsX{Z-2_hQMH7TInl^-gT!6pLrxeCKk}c*vDwesYR*DKS)W@WO9yMx@ zFou^!B{kK>9r-v@NV~MdzqRv`k{n0RT*lO#-M%=$bx#6=TDN)Iw)gdMV?Z{>0MMV| zB|vQ*)~|4xp?I03q_78WoE80{CjawwHEVqqeKGAOi_~!uUUac8SlQUSglJhn37a}V zHXM5Q!6>u>Wxs9+R9Zp%j%p^JxQo$)p?ZoIAEOMt6E|q`4oAm@Ayr1{K z!&yEg7pG*KqeFKGZjr!)ER|l=KG!FG=t+{FPO{fN*fgU{h_*0Er`P#yj;2~-byYN% zM&}rNAXIMYRBs8_deGBdy1Q$UXuh22wkrt;wBm-c&MI~UA9^WTeF_axTg0_Ld@Y@~ zl=(Ll@Dumj+Oz~nEbWMP=5u+;Uh-EYs-)iXTB)++QNlXsGRTM?f}vK)H#FEZ>jR2M zO-eU3xvH`NhNBD)2H9~d#nag=nu=g}K*;T32;?vni6IsLsQ4_grukT(ZSU?fKU^5L zG+Uz;hp|pOv#k2aZg<|EU^>4X*QO2Eb_BO&>qzvVyfKKTDT<~Rlf>>DLtu(^vOc|? z>0y~YJ;3$Q-lwb~mi~P&V_FB}$a3h9GoGd<&Ro+FBKI? zC(W2Am86wb+O(KEN5l0e$!V3-qmrYy3>`G5KCP9b^%cL`LuVD4S-7j_noq*EK8BlD z%_|-Ud!CkDmM>0F&!^bgGBF=yF)tUx&vMwUWD_k7LQX9xm{(^)miK5^*6a*_oGxEg z#i=oGu&6Ge*{|DIjp0;pLPFP%PPf*=H-yik>8p1J8MiPO)-+f~n~C?VS$xN<_Is80 z!m4NVt36a$4kskH>!}WkS!x=qj}_+*2G6v1n2+;WPU{Db+$c}>Sd_rk=k-))@D56g zEazyfmu^Ul+FDoe@E1Ji2@@>W6CsytBcqBn@+Z|d!VX8ythey8Ke5B^V_6?kY96v# zAB$@qt686#|4)G6C_nCVTB@%@b9~JmM3QHVRp+GUuXy##1S=F?Efg6WG;J+3Ywg4B zc^WDkjC3um(!T(LR93)UC=7z562z1Z!T$^{ycYNmKv4T=@3@@yFMy!M5!$G}-e z=?lsvTU*;JKv0WzUV9jZ5BrA=1ECIskqu=V4rzsLV3rLN?+Amp4ol?nnUviV!iKF` zhokBA?xPGY(HSl)yK%@lPIw(Yave4v15O+}VM!gLJG)*|9bN$}Q5U;mB_YW|-G2iF zcXecc*~!;0S>XQx2q?%nDE|QnoQcQas6_q+5GZj_6Gaj?s8Czf(>QR@x?kC&)YFF7 z)5USn|GDf>=3pqPXDGO$ZmDPN;$Rx8XPV?-UZ`hY=U~~dXF2C!y{l*a%fW`wz=qDr zj@JNTC*$OxZQx+#CGFlQ?aw6>-Y65tC7aqPo5Lkn(kNHM z^`WKlLl>9)P^0`Lm%>7$!aA4Yexu?!m(pFM(qFDOfPmM#rNz68*Jr53XOh=m!Ux;*Th!S6@W^1ScUs&z` zX8?k%g|@79{_Op>>~sE{ySALa{J9A2x#$9UcAcO0&IA2K$mZ(x97Br>d z4*JWQiCRafpa^^mfceEFz+(#l@F3SxuA5L~*v{tn2oem=jr1?>M(IkCB86zgQ^6W1 z8Ml8iCzx1)sE^f{jTCK~5%=oLhV_#VQaV zz5EcRu^l+=R+(tj@Xro9+lPYOZ%Dx#QegCk6ucn?Z%Dx#Qt*ZpbQnV!J#reo^cf6l zydec|NWmLY0F&^B6ucn?Z%Dx#Qt*Zpydec|NWmLY@P-up?~W9>D2n|XDJULoP=5b! zq<|KwQU3jZkb*(Zw4v|+K?=C&YUHg#O_yJhf+iAb663wF9o7Q0SES(Q9#|rIyoBYZ z+)U`0zs0L4Q|evS=Z<6HmF0?>`P3RuAzNcj^+k$-CdpVmTXWu(xw=88dgMJ@Yt8qg zWAk(+1lD%;?(dgN?W>!Q_w1Zg-*+r_TFOt`*}FknbRv%@m|Dw_?c5hu)>K39taf7( zeAZXi|B~u-wf#6xgZ{mN;85O;T5cai^?MV2sGt{l)X_`g_ZFU#RiEq!r|4It;691Z zo110yAEclV#ZyDtZz?M1_wFpI^SGI?OS-1O2BXr$*k}En^t<2tBGQ*OPMud-cpcM- z??h*kJ6(%;R}YoKy=IGq|0h!La>QR_HQse9+$>bXCH&&GG*yH2!@Gf(LsMRzP7gS=~(ap8jVhz3emq{5e}BG+3~ zuSkLW+8>9U=O2u5o-@Y~?LRrvzDMd^ueGh&>tU?ECz@3cBAlx?a0uh4W?kORGi#I0 zT~B3(liphf%Xhx;oxAjvJ|7Xf?k6p-E*~;|@;D6&r-nN7iu^5()_*@5P5Rxx{P2D6 zPG;-6#ItNWadmU7|9s9$|8Q&z8FpiSIXQ29{4?o%e@8ZPRl@oBhwz$+_a&HHYFp&* z$8Ii|Zhow8H~$A>AsOtC zZrtDXD4-0~$_%veJan}P0dh*L5PEEEA)HM5JC`1E!HPgb0m^@z0s#7dI|Y;^&rH7= zf8fYNqOGucnKC)>fBX-pfX-HEKNx+m6qEahc;c^K-e_S;T>Qh3*JzO-Um+~#Ygtw458jezj?$#j3NTmhuhA-$dY8;j z^9R^lic*6;cwey&y$Ej0E7MkxHa zRE)Gtxw4H}g9RV~i9<^P4U3AA@c|$o#XfMuQRW14?__qnBApys<`klc@wYvEBmgBz z(Lvr9$0+gisPa}MoujB4;Fmf&JN2qWPAhD^!fxqHqPiV;7?c_MuiY%_AYm zI(7mQ;wFSY4G7;}Ir zLb(oEg%=*(fmwzpReimF{%a-7_DoU98PyI-5NejX-oLbhw7G>kb*PPB6ti=B1Laml zOp46!z)LxRgB)XSAU4h@w;6_HC`+Qw`I>=f_B;DW94jra(3MF!I{ufxVwETYu3#?a)V;0(C zbfWWhi}IHly%%l1{~j%x_Zk>`aM588)`3j^teYqrZ~xpqJs>*Et(WAYmp!V>u%b)H zxVpfcyh6?B{ds)dM33#4-fx_wjosX(tomg;jxC%uMiu=RH9bCwHNL{d-I%V$xrTk; zh6BC&y(0bOO#Rq?ecoUC)Z1%kW{FoZ)faXRm)swYxeX*?^$aCD*IziUeb5D3_NVKEXH)j6->8ujJI2?w`0RQ zM$B$B^lLNhu|k|QCOyg~uVcwGHrw19tSr^deDZTMbSBu5OQc??~xWg3X&{V--IX@6cnLDwy-iubD<(?HIwBk&^5x zPo$_$sK=<8so^%su(WBonP>_#Xmt*Jq~X;mHfxsv>!qyeLFf&#*^Fombm7gZf_LMn z_HGsSOjtI}&sxpGOf7J^EC>0l;N@+K_o#Txwfpu+pUe%>EDi|w)z|iPj`y?}_wjTr z)a)%5yex3OSjc7XPnGXmK;-vbga>`Hh5W+!{pT%k+bmw-4!|r20fX!M!Ux7g2ZHto zr23Y|-Ur;-2ZQC7&asvu@a55ijbG4sW9Kb3psWUntQ=Sl<6}3!x^cy=so6;#{&BX7 zFgaXIx5BSJ{Ly|G6?2$+D;&CJl{IDsk7nIUXdMKx%2wPeu$N0dvnY}}ioCJXFh44Z z-71?Gu0U(b_cN&CVXStOtt__gy|6Y&wk|=l@guNNfjw6GV6$mwW1?fDXy;7qw)C@h|iX-`yX32xYMcXooV})85*0}X5Bf+&aVl>qG^sTq|P9Gwz!$9_Ac4sWNcH-V=&zWbgU(Oo7pY7NS@9Z@n zDe9fgpS?hz3rw8pGoD}2fCpG?t|wYAAr^Pdyyw~S5A(eDXD5Hm&leibKMXo_9G^dv zf|&~)#^4>to*hKi&gX<30c00}A1)UCE}&Bj;0#QW{2Sm|KcM(80aI-|1f6Vei&y zq4UyP;L4T};ykN(wE%xbj#ovZxlc{2$FOih!)n4P?MR1r#oK@7@zt4Sh?RL=pQGl2 z4ew9?tuv>;7!Ud}>t9_;=|5a8$b6cdybJPz{?_klX@qi|1iCgT3}l4;ub4pBs0i1h z27mb7neAgSsbV=Sbl0z)JnC~mbTPsank#1rpc;rKxS^lYOagmrUklv+PY!ly*26T z{HS?jTC!&rM`a!7VzItu&TDJu;AB5^OR9UV@z?F!o~v4_n?>`ju#mf>zPppXd-Uxs zecYWB1l>`>-`%D74x#fd1^3QJWXDsa-PgU&RS6tqV90;x?u&50q<^o*>G2VMJ0jHs z_xUceb$^1u$1lZntdSopFLB69#sbpZlsO?}xJVl>jH`ZV6P@)aU*MvVERw$owB&}a5nIZ(T>Y*0SbSje=^)J@| z<6o|U=)YY9DDW}&t80L`86XB!LD?9wPnqMF`WBjzXn@ zr3Ijj5&*>hG?^Lb+IBV;=L8}#SjLf~wyUsU9IA?ne~-to5NA{c%Zandc&OwfGA|z# zgeQh%l@L1Zo0P&wajW2CL{7&8_vvTp0ifvkY!g7Vn3T9_Qo?jJRJ^6JI9-bMyYxQA z!h*VDDI@@DI61TmB^=z+Nduzf`ve3GU&D8U8RRGu5^~Cglf~9sm>cH115c_S7(9a&%R5f8>EpOwU!ubQkA}PeUk_Jog{K$IK>JNs5oA zQIi<|!VEsm{+Z-cf@SD}D#@sv0u(|e5W?{TRDi66TFO`$Rdp(zmZvuMLnD5I7bAdg z02Oo^R-LI8DzB`mX53eNp_s7m$W@FRMwoAtF3*M&Xc39&y0R;FNs8-_m&6DDf{xbI zrW*X44`3@gD<#GRnhla<0riWDIe^qerR61Hug9%mm|E*7c%c)hoQHI#P7!w}IM(oz zQ4_w0B4lS>jxe52Z$3}FgXoh*Px`8$mJ$@}hjIgdhBj*E<(NwG$^vQX4=WrE zB8|n1KMgPn*oEw1=Aexr0QhB8Y;>`5VY+FWV?5XZm?)ya=`az@pg042fe*J3ODalZ za2R4<9_G_xza%9@*`kpm6_1<)5kM{$Bw48~u_zkotpF=fZ7Bo7;uw*GuZdpIARttb z5hk31GD3m@^kHt*MjntGV^u6lb>jor;k%=_u_GzNlO@!%2Y?(AAru>M?@TCvQ7$o< zNgjC&31ZquM*k=tB0kJ>jG=%>^z30A0K7vvm2Tn)sd!@3T-6xBMAlm91U!F$AVAbgTumDzrJXCMBsyJI z0tfUSV+0~2V=aS0P8mYsXb2<=0HV-1BOvNqq43{};r$K>4|4sJu}NG)Y9}+TtktOY zt&&`tPrE;o4?BN~>F|>*!@|-jldc|c11v|;qu;Hjc&-h@B!_`af075q01(5taM4Uw z0oNdI9{;>9YtHqOi$^3-k__4?zrf!Fo&;`qZ@K(Rs%|WTa_spqLjB%I+eO)8AfG>L zi6hGObGAW8iOhbv4(9ylmQJ_;Q;Q*`z#{e_Zy*X;uj#x0YxkBQ4N$yW3~tLXO!$5? z>dTFR$(?rfoJM0)ke40*FM*ZF4K9EH96(7aL%TceuI080!|Z%)c%$B}74q>HtL(^! z`Nv1Z4&OOCsad&%^Xf{9SX6-NA(1BFBYqd8$}zw{y$jg{KLh$!P3ygn0`!;G{{7b@ zkT$%2mCrYT^n8&geqs!l=rPEnA?N3C^07`4zn_1;?x&$39RW;Ry3i|9@bzjNRH4!5 zbHe=99c3I<+B1Q>nj=N0eupXCdH}|rJ$2~&5T`!>xG)cAdJD`R7y8(kus&zTcfmd1 z!KLBPoquvRqW4AH_y={?{=|gHmvX>7N`R6Bunu zXF@POd#H#=AtQkjj6c9utno=62!&)A07G{t;!9ee|1O3?Z2MxW9x@nT6b# zs{5pDMLk}Yw{*tYSy5v7SMEK=lTa>vfah8Pso86tI@Y(QuOpQfb8LicL1l`y(;T)+ z+lSo;Vr~*_LTRJAgX}-0CL5s0kNTO4*$E_@%C%zb>QuEBOmBI+iF$1+V69{%<%Sas zbub8Jswt2r=gjFf~zAs>$){MVeIT(vV|GY(jvZ-OefWDoUlP zWJNPffS;br=jJ;^vqkJ5rNC6a9(=!d-;Y_g@bf$X)k#InpCjXUwN$@mV^fD_5brV| z2zEV0_)uNNx;WfZ$ips_C^oOA2TfSw9^;@08q8bU*KEBCqQ8mbfMj zK$>MR^+R|`k~GNcB@+Z7I(*+U(}BRehfv0+J`bp84_3`h8j%j$>3es!8LUIYdJa>gFX#-CrlVW!wuHUxai4a5NxS#J<~l4C;yfbao84obwZXhb&^ zq`{o#m~3QyB^3P)6mxPZ?hw>1L!2`*^hZN6fDr&_G>l;cz~5X%HO4nz!oPys|E46K z8%IO~ON>TdI3mkd9``It`RX^YH%~r2Z$Xg3>g13>%wk!FcclB@i~zZLW^miUMB`xC zf}>$0>Bc;gEegp43NqZ^Bh;|uz3bqc6@Pj1d2rrtPnM*uA;8rTjb#R?DL)z0VbMBuBQ;PW$(+%rPH*%W|K zh!KMFDGFbAAqrKIa5Di3P$HC@N?ubDC%;+--JsLNO~cm0+>$@ z#G%ozoNc0ll!#=xL(^ICJOJ5d$wrqtGL^jrd10G8!|p=rcEGKsFx?=oEqyTtvqW|? z)q8!$o(;w{Gpdv=W|ACr)qVz5Ff*Ld%4$HxMnL~Af;8sVMhx}7;4X_KwUT0y88krn z$b>0UTO;mQ%wRNTl{hrO*F)k#OMZb!KxkJ6nfq9w#cTqh<-~| z$C~EPbmE_PD3;nImevTEs#KqZ&8?eNeCDa#G{Cmzd*In(wYB0;J2YUAB4erjZ2n>u zl;q7NvaOC{HEUX52v5J7dZxNjvIYg6Dm~6eejGKUeRLURct=dDY774+3mag}XM2O7 z*exH*MX+Ou`;{d}n1vY0>|=t;a3-x!E0sepmH&?t)A~KFTM!t!o1WtUZO=l&b&t`{ z+!9g}szsM=WT_HQ+7vpp)JPM-Ba?0pWtk`KRemUGIq&V7A_NV1CklSYcIY6y@2a|A zkD>mux*jO7lcmugAw>$GWT|17oTms@rS4bdp8H4*HVzyA!jc;eeUPb@Lz}1+>r7^r zUlb=tQJtv~k7*%^ap*y41xIeRLRWUIUixjGAPp1F1JL8dE#{0`V32322rrthk@eXq z)y)Zyz?Tjp#g^(Kmg=gqkVOdv20`VZm41#W@?MJ^hdZv-*sGyg$q19qRI~!&!e+ro zSWsJL)AVOgSRQ=ddd`ZbKawy9=WEQVb2HRJix$Fn7uJ^+wbMo0TYsCk&Rk{a zC6u(H%<4sxtUj}@StIgtWi0C)sudsnY_{O`S+gtMz(q*YRbionC!~=EwyB+wc1G*R z=t%Qp`oN>vfMQ4n%gRtTqeYR;MU@Sp(I)KEaqrQ5AAFTEmn|k5^E9+%K)P(sgk(Qu z>Y@{4Z7-9gWo4b4ZT;w>BwNL>u+0c={|LP3D1^zC#x9(qYUwOw8tEXX*iN14G>)rk zWdZ^>HBpt^RJF=8u*|`{yk{rhU6u35>_1zz!J@Q|YyaWI?l&pRRyOPgrs)!o{YQ-I z9m2F2jq0@-x-WVxdn^On4CXs-)hf!>2Wu$XDb-SR)j7^AN0|AP?70`9AhW%ei0UHc&EsO{o?0=Ag3#hTv+oN*;%mN(buY;fA1w2A6Lbzj< zRxM%<8&b)?kpec@U`I%M?W<6Lx=@R{egT7g5gEgVNQR7l$F{yzi-FGm4zKPVFB?i% zjXw!H);~x=9o#Y7svP^RDmz9We7k7fE0uxg;)MC+fcJ_N#5ujwVGsZ2^e6ukr$P$% zYu&3*K&*6u_cwgD|6fSK9Vm`XRBD)E?UHk%pnm|HZPJMdVzH(U7gScW%S#_?FCHe2QJSeGH@*8Tf@`f7R zyrBmFtE2${@P-<^p$2cL!5eDuh8nz~25+bVKUQ$M$OuO3TIwW_0EWO(DvaZLsSc(s zA1e<9K(CtMPbIlU6`8+@_0v-))m}MEAxM+(8@1!scz)zeJ$xf)P;XZ?XmjN0ymzY?twasqpA)m0nn^Yf=YLN7X8oZ$fZ>Yf=YVd{{JPd+U zI#q}&NcQE)-cW-#)Zh&@NI!T(4c<_LH`L$_HF!e}-cW-#)Zh&@_}?8h_>*<>!$SB@ zE8q0iB^OS}QvA4SDqPAn9|!fDAnWpUT$pPd5s8(Y=JL$Xtm`7~4lBiV+^H=1&!v)f zoAPnXvn5hDRw7x}8ZFCn=FB%0W`O`u8+H{}zKw8@CAJiZYIqN_Pp?Ny(->3n*yTEKywoRGA>ahWW_aasH zO;xJzyy|&F|A@U?a|7Y2kH+`572!M2F5gKf3zpRzMc41g1n1ref~!w{`&|fY7iMHX zvXK2f2LJeyV=6r@?yh-^et3WRS>I=uTjXNw7yq9OgqM!@Wc*rekR(*TEptFLAVL(F zACZIZd$KC@SfAW!UovTQgrkZ;*{grsCBl1p91a&M54h>e>!H9%hzG+?-*ty~wuJh> zuK^Xp2J~-HV%Ed$e-J*OMi6Nz5&4cPPeD=XsC!0b78G)w`-EZOeZPyocbWPV4PIs# zJ1qQ#m79_x)}t%@OVr#k~Tgvq@+p$q>H_Ucz$Pe|G&VkiWWqLXn#vf-fsX zq{Lc(hWtC{pWuck3yYl~5X*)#lp5+k_;+elbYdBb&((EmZ*;<9#hZV3>fm(gKNM?) z7s54U%MO&uO>i0UNTAqDgu68ahc$>Bm795V1>Lm|DoL;yN+2wBS)wvpYGqlIgjbsX zJKq0yyYDUezqI?XXvx5I$sj2Jq8b2X1_0T5BY~q-Pyp}@00e&T$MRU44z7=IoOUb> z_JaB5{`~*!_iMVn3y9q&8hvUc8#tw(`uzmU2%rDz_X(s!q5SxZY_!GU_IE%P3%7tezTr`Cj5l&n3&%w0Bg!K=p#RJM|sp>rQ;G{y~O$6 zrfLAen~NE(B@2qCB;o>7)uvHP$NH$nGBOS@z8QddD1ke*1}ZEIDuJj_#dse*9F{!X zoS*Li6ch-d?|`wG`@1+ScR16S?@|QIC*nhzZDpq}h`MO#x^VzK4Z$|OBm}5{-;~*d z6>`57@tsEpn7K$NYQdBGq#0UaJ~fHID!O>YhG>btZW_t8`^vZa4mLsJQwf99a=X(h z69Gy@LD58cwf%rWa6V)3-hGYk5t?58F%94!g?TsxdR6c>3yil z*`q^aK8X`C_&_JL8HSJHk8?>wH6URpTP>4o-cC@q0Bptx(2p+6CXy z*>dBB{?3H~?bp3dSuFt{+LISdh!+f@TChRh#c}b)-^yIWm6M}r+9(d%lY4a&nTvDA zT0^Xo^_}b^p4vrg+PUAg=W&--D+Lw~rFtI4)(15=lSjsAm$n0zej6^Kh%e1#E-Xz- z?4z+7Y%Cq&a%xO!f4S8@unOPB)i@Skz7XO#DO~zOt4lzvo2j&Xo4IVDHGfs8cIdhM zl5<&LUspCmEs!axLy+MSGxHHwt>u1M^qnl61TnmI#J>2-bm+3Krk-f~)a$Zf{zko+ zL%mn`E0BIY&+ob4P*%N#^sfr^`d=)=7iD8F>B0ZfE0JEsom}>I7-3pnnG{?h%v!}g zsw7$}CrQXARgt5((m!onwR>qGL=9WZ=Q03muhC4+Gon}1HI;*^G|{pQ5|#C6y!cqV zbddvB*%IWL6NEYNngL4&*nI2UFaw^VH+(};a9jHLkrS^1*Bjdn-n?7~d#$|LG7vgS z6ozT=3b#s%bBYeB3riRoGxv*|Y>0XpX>c2feBAK=VdPb7)KX|?#eD;Gm zFw)!?&D_>xHvv8Edsf9aIj&!Hx+#I`$!ub2UFHFvyE6!TOR{^}tmf%#dtZh2Ml|{(7WNeKE!rL}#yTxjj`j-h7IHw1CC-|a35#V%JXKv9HA_0xTRgSs z8ueQebw#fl`SvY|KfT!4f7iaBKzfjldLSTp&_uS`fv4XUS<%*{*5f7H-6hhea?n(E zKsj_E9%qTObie{TfI;^UtVpfyP_3ZMhtjf#jE#H!RlJh0Plm!)(_MzpJ(0Ka8%lN)T?u} zgQs1w)NnW@b=t*r#&>vhb+p7`v*L6ltZ8HDVRLI`BOGRjS%pyVKt&XUrsL z19Nu#%=WbJVfFzU_Gtq4uGaQ`q4qg$XHLKDD+W%ri|p;2&I;zvwwq3|uaEoo?NL}9 zJOmt~WX^9j9n1&pExgV-s%JT~8~8BZz8PNR*KK33HW7Tggq7%kGUf2`+<|V}!Hn%< zo5WH3og>7iUV^+&9OGgt^SsN?F+=zwJi$?`-Z6K`QF8GDoN@s?vQ2_r=o~q|L%Y;? zcX=Z06y+Rim)8>Zi*;psQcj zS0*0LqB_p$5zgvzR|d_S7C~lKi95o@%Qi^Y9hft=^w&1{7xt1amqN9Urq>sw*UmxL zI)c}qVc9O4TGwvf*BTzz9@{R8Kd-%zKKs>QgQ;(PU)}f}7YS%{_?zAYx;)+QnadaW ze7Om&z6o>T2ykHz-@b{w{=6Cb+4`++=%1U|SGRE(?A1D-<4tc9zT8ANJMTrh-eoZ+ zR^R^k;`(*@^Uv+uU&A-whMiNVt<#XKQeNHtPGOHIcFi!o%bI3O+O~X>g0i#k^4_v# zR{xC}__~R|bRC;>6*goopwAT|cF#T5pOA2WZ^BxdSYj!{T0M*}66F>fMJM#;zEbi> z)hlHF8 zC%H%8>Vuw!dx+%wdinZfCsI7O zH6D9xJcoK&wOmG8KAn4f`M&CjLY?Fg`vXduL9?CEtKihi( z0v}6#0=8X($rWH~6bXG9-#XNKuQ2{xM}0YFCqBD=SV95=;E}Ld%uXoU{88|^Ecqz_ z9RM_x9<#L#={6t=9*0>=ORFCc{2O>nVT|&XNu?;5rxIxmOb%oeZg~ zP7nR{gc?i|mNJa}6E)Z!OI65LDzvy{nkvwU6McZ)Ixx@tEToWuP+;PBfC%6O{mtN3 zqd=Hqiz^g+s0a+eZV-bz-{D+|uY=pAt0TvnKh}#s(g$jK^TDwQdbN7dq5-{_%nBSy zh`uJlg21-C*C*ZmfKnr2=K(c~{f;2R?nshRa4N(XJQoz>$riH^>}|^m!h{24vbtzk!19x8ls(_v-B3r<8*D2_zu&};VMByeyg+8D z3&3Q=to0@ll@yKNh?T`-G|;EBR>$#zdcDT^f)IceLx2zxtq!0zLk1vIThd_z45Q(& z2#pywbO6f%NTZ((@p#iy#az`HzF{?rw^If~Zpzy#@X zmjq0?ncwTiqji%*U!pa<2Z@t4NV|=szi|YcK)^M`&+NeHeL3onj zMsWo0o$GT&dg+VLCGvrY+*q{dndAlMW zcZAEeIiMfx&5y98Jb4%qPYVnumQ@k64Dp+iE%d|B*g)DHF4WOhcy?exClHIcqy-rv zS^{bT-hei@lTpey{5lDaqw0br?ozR` z9z5yYR~CmTps*EdC44)>nfO>e37?ClNCe-D3qeKdjZQegob-yD#`KBcS$@1*ES)?7 zQP|Y&gRDM@x=Mb8ac&MD5(`~U?z_7VQ0~BC`C}SWecDF(79GljRVW&LwIF%XxRGnx zAaJ^h00^41tVgR}a1_Jomd%uO6ga8l5&AA(r2CL2LdJya{f?BwCrV>!1aqt&@WAGV zSV0EjzTwHxr=)VwLxfUL!qcCID^s9)qkzXmf;~9=sXcz)vw)h*E71Y=Co4TNRf0$v zmd2>kx_~--z*Q&9=LaG(G)fy%(b_{fDvDW0Sdfwus52?zzeKzKtS|J zBiPN7!ZH<7bOn#4irNu|3HO`eH$fEv_K5whv;i`bD1rb-zdFDh51Jv4N&0bLW7ePt z1!1HO5Deq+)~QV`i8g}_5{Q6eIDj`aA9~-B0YeAgfH4E4pnW1rVOd5*_=tRg1dt6x zFB~x_2ZZ0hfC5nL-3hSA^u@&lD8Q>5GwTw*BS1L`b?P7^a|d|~q)N+L?!no6jQ9;U zjL0dCeGpwB0PshS#y~i?u--`*ahWK6Lq0VEzKHD+=Nk*n_AtFv+AUUxZlELdihwdE zz*RjADwQOW2rLKyH_?t?@U7Xx+iC-ugSN5qW$jo<=wb*>@fG0JR|ASE#)o<{kH#bWA|)H5c*DRno7UNEQ)dVG7b<>EKead_g;} zcFROaagavkaWWwSwS}iGNrhukXv0q8h@}9-A>ju55#Fr?VOd;$)>3AAkC;=JLX=

      fbTlxi?709hrCnn z_hI6s^!Ec?bh?Y1usSff1el=|? ztem0ASF1RFmF>r39AUS#YsxYFUF=nyk;U-qB*e_kZi}2zp1kWHCi#0rdAVYLm#xuk z_jivXa>a@98hyZh-A654`n6n(&1kQi?`3X}IB1Hhu|-M(GY#t{rKpK-bO#NCBJ#UF zOA{hAC^g9`SZW6<8jP6=0PzD%{5FiPMb-OtzuV{LS?+)gT}Q*%9Ig78Mv~0~2RNV9 zmu{`-VN_F|L^AYbIPY&GwsdjdV_JY!JZ1nffibMxGI0oWR~30LFBc8k4|_uLphaQwBp$g@b~>=T+t?8obVnNzpBQafpX| z=x)m3l20whJ;L5q$+rywV|Z?rDeErzL<hS~7l2Qz~Lu@HItCaB=e?U zRM<2Y--7~mIy_sPY)|o%$y#|rcxM#x;dkoSDed<$rhHlW_ka3bB5JI6> zck>QS#Y}$Sem?dipJ-Gn`E9o|_h0bA86y`jbOiG=e|bQ3c6h=LoMO)>F-7!r0A^$d zc4QQY-V|uSN{D}D!Sap>bQcb}i!wBwS8|AV9FC}C7#6X@K1wz!wDN%Le^lEGVM#uQ zOPK`g-oUNgY^vR&f#xPKmZbxUqxIm?yD|3U0SmHX@f3gxSwKUCNQW$7Kz65=6k6cj z{75dgnTkGzd57qIr;HDvNV~s{eyAk|Oy~j@QXrqPF$$kdh3G$6%VD#6PME11h2)!+ zDe&k(1ObZsLcMLov2As|VPidjlzt7QOBVa zRHzBU09zwRHH`M4usTS6RkkK1LrsRV3K>YpvM>-yHGH`xkK?8bxG_L8_?>3{Tjlcr zTItBEHA85qp$Lm1_th%*o z`sbM&vb(F4=9}f8mneL6zAXTLtiYa(l=(O5_=!&HXkRm^l4+oK`UGt$ukFcrjxbk8 zGGzHSMfNgyMd`p(3a>ydOz_6SRhtS|)Z3)AB0B~`Y{qJ##_=(6ZeF?)+9+VNIqd{qOxg9)G~f>p_+1-1wj2QGLmC-{gVN~X_UX2Q=o zJCv!zGn5pxVJe-B!-WkM7wHf;eqyJfB2@j}UMW5**_NG@i<~*&zU)}*U5G-Cr6_}y z!H$)M8KP~@;%K5>y*7ilxIpRnDf7%Ji%oM8GdxpQ zJhKoLE_5I^6pH#-1SV$O<9Fi%UcXpAl=0_HeRnFgqoF^=boLi4cmKaAy`Htu}{ znO9!r#LQV_E9X~o<=XJ?ZXkXFpngjCWv(rnuCYG&nDm6R<#)>jIZdT@2`?EHeyYdb zHEPLM#@lVM$ZK@A_~x}|a=M=bV-^8g0#GfxB3aNwSw{GfdJ@t{(5)=v4=97 zv8u$w4&_1%7f=G{y!NM;4nGRAF2^b@zz(}%TTzHbE5hPSbQ#NJY)UL_>vRc=!q&Ce zM{$Hj8%*MBD!WTM*6Y@6+oDGko=3_ftQF!#I|AZcu(0)CN3sQM`zT*`o7lFL*wWOC z4)&mXci{OYHpLpYV;Qvr*irF_H2_q6l6Cl#X#ceC@GQ`3htFmT`?!{f{bC7vbkuXC zVk34_bj3tw=)ryySbP)tBpN(%2JClP#dk&Q_f^IBO*S_s$8*AHU!2(WJBqhsgCFK> zYEO>65Ah#BB>)T#IQ+j+gScZD6B~g3zfgmd8+&#qmXbdf?_nk-yfCE_q%R!cpb~Hj zJ1E~8A?hEfLCL+wiDNtmQauOK{ta?ugZxNBsJ^7NtjrQZd2mrZ+A_0 ziq{|1)5uBET}m>{Njm*EYOq~Oc3euLOG*BRlLD!X0)vYZzl<`!)S0A=ik*x4RT=eL z`>={qc@eIEq6R^M30Q%L`!ntKHT`e2oxvb#tfZ85Y(qv%Pny?-gzp7#sBMcX3_I z#?Jo1@mXV6e_VRLQ&^&rcVujOeq(39Yvi}Oj$RX=$eE?J{;_E@zv$A2wzG??k*T?W z#PnYU6&pJT7ne7w1r;afm#IaS-*ZZjPcIIRPa}WjTwLAcS2Z4m3;(KkBj8ui^HHhExt`ttgAYwuukZfWo6#69}Q`Q`Qa>|%Li zd*A3(R7&o})$Pu~vB8({-jT`F!phCvgUr&J$!D72?3pI`>+Al%yq;--XPV%dCU~X^ zo@s(-n&6oxc%})k42}UEl*>~~*NlU&-$lF6|F9lna_>abaZdXQVZsP0-Ha}O-Ow=m z`W2r@Mg+G-`_F-UC_U}^>*1fXaVw%h4x`gf7jU$sG|5>AIpUAU-x3A(a@d0N?7H^y ziGfpPcwh;H)KP!7i9Qj^*C9`SVjI%V0eR~u(z6FklV;C#`M1HTc3bdbVx(sPg^Txy zV`GUDO&R=e%!}JusoP)mU;GhikQ^}!qG7K+t&t0E%9M+KW8~Uz*wczpw*nFjzok$> z^ZuAP_i+Y;CP$3av-Okzo$)hGAdr6^{Ca}lpK96n3=ay_8X$+BS zcKaCYj@na~)*XfF?cVVtHa^%yzjum23XtmEq8Nlp3j9&}KG)p;Nf`M0e|8Cw-!XB&D{Cl;aO6w}qVo7)af+lddeDN5(ntxD z_wB%h>6CsHvBUzgG=#yl-(p*TmbLM`Pr{bzQ5t|XL2$$g!4j?M8g_j(Kma^fYBiJs zx%8J@>r*g@R&vnGO+7dUOj?`X4OBg-r1uqapQTA%PluC19%Q-i6)>Ih5O7(rCtq~&q;a|qW;Mw7Ji!BH|1&%QqZIU!p~I5J zxKt!_$|5bKrWkyo7K1C|JA&_szB7}qqds=u@Q#BEY$$?ftdDoHF~Ya5#7Y`35JAn} z`9fIqNgJT%)E=FA-y!lnDW`-Wd^9QlU)n(RU)lg639iD*fYKY~@^^#GLX9utQ2{D# zz1E@cgZ@PgKpN%!T4*~)XsiE04PXzDuyPA_PB6Dl@~wTW-$`CZCJRNKR3e?!R}Qu` zAlvpK+f5@AuZ(oq`*n<*qRkcTjN{;;l;~sEJ!{bErbOHdVVf zNmW0_z&-6?9OF{SWTz}>kH+m9Fx`!%s04dAV)1kQ)B9JK){JygJL5roq#$_RyYAU5_YWu1mCZ;qWXCfid~G zrHFzD#_ETQOVx{SjvH0C(3Z&%mz}9~@3@!GldGz({)ufm)ZN5?^u(L z8kckKbzxs)A7#1Vixw|%SCTGufhzn6MY>1{6#yMkWVw~knJZikdPV&!D17N?&QOdZ zUa+t())FVSoDOJ9&kU%qz^%_BzKSC}k55;P=RA!YsDG2Xir23nQn^a({F|)k6-AdW z<&}OK?V5m~!RL2tR9)q?k+2HVB{g~zgO9Oml74F`g=>st;mp=^Ea<#!S6UoRTI?qJ zTvKaJU!Nd@bt+B6CaZPKcZMGBhGog?D&dBs-0R#+VFFW~g6L~+rVPh{8`kUV9T)46 zq6I`)qiC19gbJ(V*0hL(k(bZLNZtlp!iMxv!n>_5u_hilJT(O}8F`7d_fs2~%0{y< zjX!H|p3`i~eA={*Fb47(UwUqSPzh0ojcR%s=yYwaUm6RKZyKU*=}Kg2R8{Favl?$H znp71T=}fl5qAto+*f~3A=2VqfVn8! zUbaMfu8DEs&{A@i`R}2_l zDot`~vp!XWglhPBnyzN*KzeOOd@W0cMOEYVR}5WS+YJ(itz?$XOM)G8TJ2kA-AxRG zI@&$xmc1~2*uW9*klao&9s8)W*_aCN1f9;XoaNLn(@7PESv;ocCd&~oj5$7r#XzR{ zEBwwWr6m*g6*9AN6P`7Y;wqoQjIhWuh;{+ps&7iLA7-^RWU{$Me?TU=EoZbdM7?pv zb!csQRQ2Li<<)tD#6FwAnH|XSW__K&do#pxr}F9En(x7j_fh9? z&P^Xq)$mqWubA#+{K|$JbVBKM(x!8=9%&2ZJDDgvLFPN^v9>J|wY42M8QnUrf!W%! z*{!14Ed?Aj3g>h{h+~^hqJ{0^W$n8Vq4>F~R0|IjcGTW|lO4(maqk+)}ponoM$V>(-P4B1irvFAuU z>f=7=vO!anao{D_WjfxgN>AZ)vEzw4XU#hIKRiEcwA(TWXI*v>CO_vAzPLeij3KyS zV0RSLb?Ec^lx5-Q-ez9`J7-KlKkQbN;y{y zvW1r{RlyHe>ZaC|w^5hp*T_DRvJs5=<)pK1+t_}26X>KreO}9aWiNOM)Nwvi-Za5q zG2K=+m$x-K#<##<4zIdGI=TW2J6GRdVUb;9vt7UJy0U!h5~+1fgnoVEu=qLg`W5WY zf@`&lD@LFDw9AxGt>^Xi=w#0q{LlIW*FLXqG!L%*RBtp;ZvtFy6j^S95^wz8-GIw) z!n$w5kBe5cI3liZqL6OGuMMn*H(i#wt5I&_Rd2s$vqwt0CIsCkCEjij-8v7e$4!?f zrrah!(FCTfiP?-P_;+c`x8J*Oncld)8Fx*8q6zR_xsN_)C*I{ovHy&Auz# zcDsSUD?++2S^iugf8|Se|60?nRQ0~{Phqj?eRa_NQkk2LusgrItMI*RPV>D`|Gh`^ zT_`P<-6|QCQ58q=Sx-mw(@E>3vr|xyl z4`y5*gTtjg)#bfW1)Uh$liONDlG$x;%eedJ6R4*GaN=XM6U2f&DCdRE+fUezFTX{$&?1{HI-T zJdA#d1UMrHpJylUPWK!Iaj(1`X#P){VCRIgBN&@rsle=%sw+?~Jc3{KBm`USEoCWraUzLr=LMU;=dW1BsxqQqVgX7*1s0lX~UWzI#eL=qh_ zPV{I;Z=63e4vQXa#M{RY2^muY`Ann_he^3Wi|~_$u{Rb3QHiVfCDT%<>>t~K{lvA= zW?!V2Y?cK2%k81~+|~y(oZXF4Xw_>Ba6S+%5@I7y!k15=0m(l>gP#b@NHsrQ9kzSJ zu0aX1N#-Bszhur;glzhXpy0YW6hK<_@W36f&oFb&jbv(Ao&IE!dfzS2%^;rhnFAFl zM1b`U4`g1cXPbP~4Vw&!dW*^Pxb(kl{s_Y!q^P&2-d+UJlUzdDvFI2%Fm1R532Ash#YkR(PiP!t=)q31(FYGwwNjJ=DF%_h4eL<^!YP@;nOnc2%H>3kv#=sayP zKNTS&|HvaYCSWP;#QtQG)HeHTiemvFj~8t(8(abwmSG~!S&8}!AX-=0 zV?+H2Nn|+#A@oW9q9P1Q7v2!lB!7^Y8>qz;U=!;eo%;tpJ`dJn2jbYKqO+pRuK>^t zjJDP6xkYEEs;JqD=@~R|c1Jr+kar`z*B{45q_l`;r2fIv$!M--AKgRa5oY*+0!HkWCONiz_1@;Ru?oPjv43BD( z+aP!;pyg!D&*vZvT7NjqJ&!0|{??A>O+=ST8EppFVGD~!{lPgrdXBz0sJKL`31i=a zPkFEfV0|e*nVO`dc`X@V-&D7MSl_HL$L~PmOGYxuH584Un`1D>1QvaJ|BdF0 z8}ZWk+I96K8W7!&d0`d1x~9vH1|9u2S=u+dF{=baYw>=%;7lPOu)yR`-7pEUSFZEd zVh7BA(neaQZzp7mHdN#2B~fd|k_v9obCCItj*trPyAVzNdO;s!IIyLEa>Ttm4gviO zUd7q#R5MA#9sq)EGk~DPoP>t>Wh+4$!)2sk19vdWU=Sv%J=Bi_XB~C@ril)3;04`Z zc7bhkk?WQ-P#*!YL>zOf#(=_k159>VBU;W1i*a|PNgOhRAUT!3035A>8^Gy)u9N#Z zsEh`HNCE(vbqNFK$0;OAX%gxl3hcm<6c>$K86LR<3iSm8e03L@*Jo#zQ8d#81}!o8 zAC*w)TD`Zuq@rD5Oh(}k zanSd(As>)m8v(FuyOoFnek{t+);OAAdQ#Cuc(8yO#HIUQU6rLC-qY5Y=*PZ6r9mPr z`9OV_LuSVLK?ogy4#4Td3PkBh!!+LDGgT3!|K5*I%`_SU!Uo2H^}!?rZAkCo5quX` zz4(a4(7i?wU#+BlZ$kxeA{xApq;P;4&Qs$H*LTW4GM1-QvVa9QYkMXR$5K^fQ;krj z5YMnOaIW_Qpos{Dye;X#(&#oaqEvWHARL2cfSO1{A67|1VT_b`PT9Z?aX2;&IBG8f zE7JSt9c%V$LTxiKav}ge6vt5VQcwBZRdAkDffB|O%n~r^v_Y0R;=k2|Ez39{r z3xsTG?-Hc^6F4a(tXAas7GF>a1o@pFyt*$1kmMr;y2*|ox!cXuN#|w0#AEs(RsKXT zS0!a4Yp?`Diz48&V`;?X4}0-^ZKVL`dJyfQQ2qX*jxb-t6^*&^b+49&94??eVg|B7 z1gJB(Zdh+*|K1U{Oz4aM6?V6HeBZaPdk=q8KFiACdwRYMEH7&AB4YI0WLQBW=WpYo zDGA^%_<{II%@Umr&;QLr6Y>*HKy`Ew@}WV0yidNf@cyKf|G>cKi6$WURmx@)zD~+4 z-X*Al7w(6&Uv0sNQB&s<) ziz2_T&wx!Op}%31JOA6D^)IO;{BhDeHALn;eWi_87X=IX$;}Z1i?ne0J1@ zJgmo35MxO$d9o+_VbVMR|8kP`oH;t|B=1Cy!9}GXb99bPGL{sL7GmUglb`vdQb*JA zs=_;`I$C)Fc!#(p!2xA4zZ^6DA{LrL+$Ic|s%t~uTef>kL21^4Lp&HTi6$Z(EhfnE zmE58UCwC-X&nZS7JP!M01XD9xjE3=JQ-}0zz!T(11Gp%T7`fF4S*k{I5uz=Om;EP$ z(7nqOUw#4%)RhcWVYmLVc&X#CK+~+FlpUmPw>VJC)YDYnBeZl-!bUt|62q64|7d6V zseW`(r80xjYS&>{a8XOgMc*-tA(DgX8>*|d16JD*z;bU-o;KT^iZ@qAU7KS1d_9A@%thxzH+$Ot9HT_l&+>D?{O|ly-xk+3DK_T<@s|QP*IrDeW{<>nMuih=| zz3CE?{3(c$yiH0k)f@6*zYj@glTN>O!~NWzD{X%FO`w22Rc*b~*Tphjn?{j?PAm`C z#-l`32ptj?d*n#iDgvXA^m~9qdGMx z7d}Omd^(A;0`C~fMF`L&DP#{hQ*i8nbD5ZkfF$bZiQ-SGM{+2UKGqzHo? zfFtsll1#ForDJmZW#D%lxioTQJpkqkMjN>??<9ml55Td4IYl}Gp}?*Dg@~dEawD(p zOf$?O1D~zjV(F9h=>SG_C?fSxx?a#LQlNsoQJ>B_-SnRQpA>!I_-SG1-0P*nq!jDTf|z2@S_t5bily_o@fGn zk<>JzCGw71{p-WEYgTE%)q60Ebm%kT+>83m%iU(z`(sQw`(lPjIKl8j7IZ|l-uxoO%IP_b@NuLv25K!>Ag zXcRWrc+U{2xfUh3KpesfOdtp+3Y42_9X~LQ1+PQ+*DA1(5{Br_TSWcl`;RxG0m33N zScAVgBlXDcC@Ex?!RQ76D223~p6?S}0M10)NtbY@kt8DbYN3|eT9va;Bgg6x;#wz= zzp;DKf+juFisK;hBMd~jvnjr$F zRfLBSC9f;eWlFOcON3?yL~pW_$qS&y+#8Hjur8_!X-|x0`h`~wm zH!->L3*V0SV>T<1%}8gs(6WAQwjzdQq!=b zG*Q8vC4Gqh(MNes20#IhWW~h0P8>%4iqNxZI<%;wvasLK6TCwTO8)+8nF1S9Y9bI@`)^K zq099 z)`=$O8I-{61S@uP);SsIv@mT?fz=F=1$+#QbwRXqcB&9HmvspnF?fj8<>=6|$BF>1 z$ZLUhwP|#j%v!&~DtoVR4L*Fud3=2?XjQIgmcM8d9k}im!ftZ(A-Hhbjm_y}(GH#J zTEfxxl@&oU+a4X_j=j;o9B8+zh`N;R5Y)L<_e38QDKuEGkFg$$b{v4%17_JyO`u2V zyGLZ~sn8>BIQH{4j0*{y(^Py&wPKu#<{u4YG?-$yRycu`&Qg8c-k-x`(s7}f7Y4e#W| zb_x1%33|3|{}~4+QYmJlE!wLmH2J&xrh%C^H~J~c=>#eWGTZsv6MAo-tY0#5Sl(!Xee<zO<+$#4x)a`MI%{8BhN+qDukq2k=C?~&gO|G;Icz4qYolso4zU)#`rw)6c6t zU8%jy`~MtGQ1aiOCcv*tBNs@guS;ha_y`0(BL$|uQN1G*%j?@;GYezV^6ESK_K!~! zG7GC(I@h=NjJ`yiU0!>{{51EAwh4;!OGy2dU*0(|mRnIjx4gEpv6ENXP*mGIv$#67 zuv}QvJUltq)ICt$+I4((VIT5!_wd*^A*HQvxTAlxw!LR!c4_bMWN31>wRfnvw#6wt zX=q~BDlo35t$Si_$>(cIQ`f-R#r5>U%JAgu+Scyph;Nnwu~jWy$$!0c^p7glm$+X! z<@Jkeo0+AxKJlqxKQk9sH&-`z{SwpWS2lWvC#Duw+WUqNPtKxKbN3F9?Lxlhl-KPa zofcL%cMXmoou034?^ZQ;MyKTsPRv|h-<>=o1^<^m!QYQPBL&Y$!820uj1)X01Bm&sBb=r?(^lw7)YJ)ZozHGQPVgr@`YE5O<5fjn1`UTuB} zx>WVyRSU@UEX`KsZ&y8#bmPSS(w**e%lTz;)QhUkr<2O}devtF&i9blc~8{$O5bNXCk z*!h~JTJ$!-`cfTd?!2Pbj zCyef@v)!vC?{kaq8=7ycrth1!Z);qPr`EWq+T3F2xZA$CDB?e~<9`i(F#%njbyeG@y0?tn6`f&ujIM*H#qE_S-*i0UjM?UOxZ3VgLx1 zlMocS0W!e@09jW+Fh`qYn}0kJs0Q~hq=4v^{lU&Dbx$<%pJ*0oMVh{NCe`!|wKAIi zBremj0`qgap`R4Gv6eaK^dsSHt{_&6izlQ&hWqSc-GOl;M=4vW&;l3Io~2q1?+p_l zHE1J8Md0SN=!G8}uuFP`yZo?5M_tA2YBK7AjWppy+?{KKENkB4`>2S0KQ$BV4)uf__X zc1Tu}3h=)EHAH+0sCu^E6+~Zn%n0^CNQ$Ne4G}wU0Jf_g5$6)20#4Vd1=4}TAq}kJ zEcjeXIo?hBh$w{Rkk8A}l5I7()Kj!CN(JT0;ey9Me?k2`?uteTCq?0_6|V<)!AGFz zc~yxEXNLYrKdOqfN0S;v8Ol$kS_da#@c!-RF$D}B5|J2qEXr&xiHutB7$n$ltqiI# zwzgmcZ^2VUnsoeT0tb1BXHtp;uDCNXsg~LU`5oGPJBJJ zYfW1KDn7(cG7p&kgOZTYR0^|7IVc>D&z~NEyGIBRy&Ifd)^^MSW~YTP)#Zc~vd$^8 z;p{3w#OkA?O~rT&pfX}?mNkkQXtEl+nNjH%$+={M-}d~>v~fV<22dJbcl56)0A%VG zNkV{O^e85wv15lJfVF8xA-urCKc`HMS4O8ii4F5mc&3gz z&F0o>R}gdlV5>j8x-9TH8f$ssrm!(;kwr{O+=7%j(lXj`xwL--D-#voJjxrSBg8^8 z;o<2dKu(5Wp%A1&MiG#cMX-p-1BhC3;M8PJ>I&!zO7f9eMMv@GvQS(4&?-@jYWfS+ z3Zi_ zgpO5FgWKkv{g$;UR)jOEH&)!#PHPqBBCv<$>vHGdPQ z(dwA*nPA|0lge1^itdqGo;qEGxsyhzZ6QT>viT+|i2^q-wTFpKROE#cjbGsWPZ&)w z*FG%}J)JsvS0P(qikAkR@{~-xC8#-(ghhLUIVImLI>;JvMRT5rs_L$*IC6p=a80cR zqhRP{)Y)*}ZG#uzY6%U5hyusP;w8;WIsrK=RBD#Nc(ps78zE5+Dn^sr8_}I55waoZ z{F-yZTx|d?4gj5pCeG|-yX5SyWMetTHHun!#0sp0Qox@Iqg0|(THqw2?+jj?4h}%0 zbz;-)vmibL@%f^?Ay53!$ZhNU1bz2Vh9FJ|j6q z;LQU{4ST~ALi3xqM_i-_%oXfU$s>hjD*AyMq?ImlHPij}uD~b$A&cVLCEYQC5`^a3 z%GwFRLcKr_$5Iyo=)i@+ZBPI|jj9(95CR5B6#TzS_&t}tdPC0_LgY^ zTg44Og&rR<`hUd@Sm8rs*0)29{~K;VN4GC&Exv*_t~ltH(~e-NxMBNE&TJS$>d15s z|8t?IQ!Q-r1b&KFJsRVIzKpnYh1^6fL|4%i2TK(WHROt>e^R9${N_YHd38RW|Mug_ zgd(n87&QZ>sT5H&PCyX5M%JnzfV-cqtNUG92|rOSd5XQfVpd|)g+R?;&13mz_Vwy# zkM==1(=Ho|vRi;DPQ>=xEJ6AZ0@h$8ER$gTw0`g;q715NIgoOC4n^8Ku@TVh@D`oI zpocxVDc90e9w@HU&CFO1N6HR}KGFYSx5Ng`65H<%G)G_S=5LQxy)g=c%2|3zJ@cvH4=!qOVG>T z!Jo%x^=C~Re)lPu?Se1ikNOVnTbJQ;D*i;dY18Bl(TP)!hUB7GZbs#f5k)HFu ztT-UQ#iIuw-VP&bb&<3%KI}@s@pm^l;Jo3Ze{mEwnu^JSko;A)ZL;kUZMejoXH2sJ z7VA)N*%F?Zhn4Um*`&koHyg;nY8ryf3Gm(bj?I>iLX{nN77E32r}ngTE>az?ig#E( zN#F{tj%`zoP{YVd`Sv{~-l!-Qs~zum4D==8suN1Oc9ChA*=ZOiL0oX-z`?pRdHI#n zpR-aH&3YRrb_U~{fPP`SFld=m;O{rv0U~na=Y6T(M&oueJk44GK%nBoMVzh`E?C-FiCPlUvfFEJAP5|4+U9ZP+}t|5PS>QL z?1@6FQNG`HL-+e6cI@TYMU&m=;yP358N5W4U&^NB8ks2>H{fbX09T)S8l%eR?A@Ge zbg$c8$KBg}r$64;)GsR?)Of{x3Tsw69X4w>cdLI(*K3V!*OR3m%Ux!j`(pq5Myhcj@dY#j$wyyDsa-2(L-x2g`Nj+|fc<5s^5k@^}3p&o-oI(Ol z%NczW0-d6*B{Ag}L%C=){o_^y5r1@V{V~n+-&T8Dj`iSS2#S3FmUD9-sh_IB1YHnB zmYEMU&4e43zqQ2~9?wVEp~0{M-6Qqi59H(9(L6GNACUl0Oy8b_K+jRXPD{v!2IM!G z2=Qk~u;NTXPgK8T=njtaYp(KZpJ)KRu>d!^n?#eL%wOvMAC3fvkM^kL+GU*Bw#(t@ zv5@*t|6!qN9{@QY{30h6acJN1ZV|f}(h>`n=dpA&5 zO$)aR)iZFQFSy14+#MuhN?*m@m+4u|xJ{u>oY$vqDMu})mzBUjdYdImEvgDeDPm68d&AdZNZxig%(l9uHI!X=05%m*{0 zcfvcEayux<{Zbz+q_r*TKkcav&r@#Dllc~NQ(MTs>>TkGQ?(FaEdkk9{}~NY(w%#7 zgV1#OQU(PGg!aTt@dMMl(FCo$Vv*84!?>bzOghrRJ%I%ajT=h|SxeB}KkyLI(rEaj zFi;hnNr$*Zhr7rOevk9JI@jicg1DujD133hmOy`z=MJGR05et&X5SHHYNfns48v{H;-2I0MKPYg_x4s>!mb z&){Pvlyc=UTWl6{*Oq!3f$eV=c)6z?e4`vaQPxu<4S_ztu1zl0l0@D(C;Qx zbY%vEOmgE)YV-%*wR%3tavDqp*xUu&5Gxrckj__1-6$eG4|*H5R4vm~?e|+ahN{R3 z`25J*Gk=Qga>_{6S>nGRy}s9sJfQg^4}L2{cz1mGrT8e0jnqkyCOGRLmb%=d)f&WF zF57CwD{kY^YYg_>1mDPq)gDE)u&PeywHHRLB^+z4j^$Ym*xqj@n}KY8qS(r?;i-b~ zip!&!OOvujWAqJUD_OYdk35)%zj{(5?;Yu;63G}1YYKt1K51zS4XZMLO9&}Qq&DD} znheuMN-jNgmind8YwfRna@0WgRf ztX}@~hzV5KJ62d}4G|uOP#<$ZXo5EPn?+NL&DN_M%Oc=`r2$&H9+j=DRq;u739`nO zo9mV8HVx!e8FW>n|-b3Myd3*8vCxsvV3)WuP-{@UsuTIZRB05JWSI)ORPYV z_HPra`ovlKeJfs$CuTFxhJ-1)t=5KC?XTWz*dA9w9<0ak^~a^oKl)b}j^=od zRq-1b2$D>QSLI=!cU4xmv^ul~oV2R1Ob1kbV@8}o4w}KYCozK7G=?#6R3b04Pk!HY z)U@DoKI7Wr4% zcSr4f;_G}L$Fmb%mkp?Usl@o*>&*0}?sd}XCW+zC_c|5DI=l8d=!x7bv`%@y4q(px z0Li{4c2T*ivwf-q2-L&>)r%5B`maac{|_m+?vuZMt!(%w6i_no z;YwRmt~5|>xuPaFY<}RQ{tr^n;N9p-f$$%sfNIutmi!-5z)yP0M0e+Syegjl?={bIB0YQZ(!H)t0my|-r0>ai!!n2J~hbECg0a3rt z0`UT3=}lt!0^(&&;&lQNZA}t=0+M4*lCuJDR+`>y2}m6_NnHv^KQ>AK6#$|%191dp zNSbA61Z7#8WqAbOiZs8K76d6YgFXt%=`_n33(8wJ%R37ycr_~o3Mxi4E5-}HOK*Oc zFQ`=3tW+nc+}5nzC#W*ktTHS3ex>>Smf(lO<`0*GA0L}P{uNY3X;H-yQX^?mqY+YP zX;J49(hzCUkQUNZXwm#Aq@~lMWh?|k3PgiR+Jk9CLs;5Fctk@*+C!y9!3yo*kD_5Z z?P12E;n4q2Aq7Puokh~(#R{FpAH_>_I!lbjORYOgoyE(%I?DpZ%Og6=%^aou1S@D{c&YCUp+QZJ;OYyqL&bq(i^(bA)^*9oNC@}e83nm|I z?j8gr<=TN0qq9qk>f2iSMh;Ies@r-yhbFdm501|+lZ&gGdxsZ(tf!UMMr9R;XF$?R zYh!cD!ZVA;W|zL^l?A2bRk!v|&40hXeW-2k>l^=;QC2tlZK1JyFgm*=wYa*tzU}{x zFYy1~S(tnPlMi6>0ZcxC$pS~5 zA<-Ln(ZxTaYrVxPe}HpExf|N4s-L3UGh!k&VzfkKb_Qd9CK?Tj#t!QWnu)l}AI1=> z$4>u<{pKBeD&##Q`gKXyXbzR9pOpD$JM)?-`^FK|RwVN_D*J9b)4neA;SaXsNTyR( z=JRs4OI@bxC#G9(wtH5l$8n}-MYi8hjDIqi{*to6O)w(ZG9ewaqGU3ni7{bxuwvOV z;-E3%MX?fyF%tb`B++9fLt~_n9ng2Og@0g2Qc|S1{WqDz~lp%d;pUVVDbS>K7h#w|If$=3aaGUw) z{?Kz)Li4)d2Ywp;`{hi!&i_ng>$hJ3G^eQUd95w)H${ikebYzR(d53Dt%$$bL&m~- zyeU|sJ63>LKqL?q61gkVd;3{>4?z+>r}v^r3a%Zo;DBH#aD4ziECcXLflV%o2vUp$q0(a!4&V?*-7QM( zol5Qq0PiIRXgQk*i>c}qBk=)@ocdt!j}UT7iSdqstI zn}d}R0yaS!tLRtc3kDy-v4BONBL@+hrMT7ycKsx2{QK^92PMG#Jd6|)yg}fMknMMa zJhou43!;#}s4%7s^|~Y_Cs4e)SJ+TWGG&-~ai}2^DXbvO13j8YZ!p+KmbP&Klrl7z zEQ{+td~ZJdPE(GlYPfD7Cm0nG@#iqfGy)kVDmmf^%XF94-iW@vTy9118^uWWawNUs zEO33Mq2b$((-EuKW@Ew()+aEy9H2aoIx{ZKkPxiM3;w$(XN@>!96B1*fD}fXWAA_s zH`(uuIp#Us;(A7csTwKs1Jz+VpK$@`wWOdKI`*X^Ocbh!Dti^=t1{+yH)^>)@|wz|!O5bt`aHtEe9&a6`y?KN z(yH%dMe!t5T}gDPt8!_w2D83Awx(s5C2g8N{f@u>P6?BL$`4#6<_~B}NY2mEt6XuoZ-`*N1SR z#t&PRkGMx7ssU1J*Z006HpVSUI4{25&eah}hy=7D(VH_*>Vi@)YEK ze?4Z-9GbLQ#sMihfS#)4s4&JQS~e@XvK`&vB)SeYrhyd$2uW{kPx?O0f7(6MF#pjk z=^eHvlObCio04qY59UxoRIa2rAbgMs8sOX|^5O}5;Wg=o6cs5N|MhI}Y<+fmM|FI4 zrWZ&+ibp`GKBlt(B3@0L@1TxIpd;r;rSB+Yc$XBco5VJ+%6>YF-BSL~44t}bo4%B7S+zZ2);P&)m!gs<$3!F$9l7EW1moY$SS;3@Pyi}2VLXilL zUrTJW%Gfjj3FMU>s8wvJvddZQJsO1T>TkYPs(h;c+dT9FOwn1&Az)hM5TBnj)f5g( zUrHpA{X(T&qezp>FSWenP`Lc{Mw6=<2lO)^a73g2W(lCQ!1PH2)kmHG>%y2z0XT@3 zvPE5>Ygzvr-v=U2>2EQ3LWO*M>NgHc1dfFyb_=BFNip?>fPT7}A9RvpADJiS^-8pD zJxXmx80<$dbQ6hW*tN{vv5%lXAVz2_@*b+Z{HW$K#FnPS5?_~vlXbj>`1Kt5e0wmY zUSoO{yLisK`pFb(QwH!ZEBW-3!(+AVe6b^pBa^Gq zGqth2#DHUajSnNJ%3q-8Yh&N}8g8RO>);wS!@8u(`cSHVgjU1Ie#2t6mfd!&Z41?#v6MR> z*~I8HqCF9B5ZJnvGtQ?lHvGDIwXyWjQ+M-z>$zm>1*_wJneEDB>uABaB+2+U(k}q< zulBI-(2cDhf+mocEjX)R$il|2xhsfLCTHNSJAD(B(O;N(;;6L@*m))`l_s~HCRohd z_!nY0aSVh|lL1vz=>8;0xGCJnn^UktrsO!82(!0TB-J+K)5X5n_bCqQlafN$w-ux}(` z`60lPF~)MmVP7+kW;}aeoZHgi`_w1mHp5Lrqfr)#JQX`fZ%&Lm%8oKs_={4GY-o-Z(T*Rx*jEA^>GaR3ThAQ09r+jI*O=Qk zxI5P$n!Z0c1|eLGGCQddIXMYj;6h`5wjS+2n73az9#In=f0sDdHaXcmU6s0M-oEId zaL!}D9P7O(U?#oXw0p3!I7N0olc#^gwtxBX={NE2-AviD)5RWlMw@5x7r<(yZ$q)EikR*H7V>c!$ty z^4TH=oCAQd3%RwM&xNb2`^||{l?u08*qU4P$xS}_O>*tcG}KLt;?@S^Gpp2XANS`l zyU&vzcBAie`_cVbEAO+F@@Lho8;{LfE9htTna_MQcbiAIkMD0d zS+3>Anqp*yDOuZE9LKrrn|jIF-47+R%wfo4;0a)vHIBOth(~~!>p~= zM=RaFU69UawLUDpGL}z$tQsFV^+jxr;&rsQHjv7$LX|L^pB+u5MXaPb%oMIfr5|2Z zJ@-5x8p9s~0^Ivs%fuEOpuG>qGY^ayUJ`8{7IkHrgQ$C>_iFi0CS%v1A0Pfg^D0~; zCfp+Q{mLwLXx!`+9zDGt&%b*yM%+2;+=S>o1b=+z|IsXLWnS{~@jEV4khD$27+<*8 zU5GSmqDibz*^^?KL@bW7xpi&aN?AM&W}@|$ zF=OLd@h09lmbP`-b~=$!TRsIMHu;w(d3Ej}dA>{(pBt+eN6!~H>h zwL}SxXYr+P;^fOE!tZqnzi(k~4K#jVah@y2_F7SF+MTV_(tq1p{?<_bo&N22m(HVC zn_pkPaOdN3Z@Sr#vpl`_>&Wc$irMR!wf|Ve>jcTpzY6Bm%J%Kx>$fc>=)~dcY@pH< z%Aa{>rEe^M7EzRD75*$si_XW_uSER$k^bjmXAvp;&)V3Z_4F?(tzR}C|7@WIT+#dE zmQ?%_f$l0m&nmyPDM1gspoc45o7MqGWzZ98==P=E=?e7x@1K31fD4qrR}s9&e*>;X z{@w=ioIRf1DExi!3Ou`kKBoVDmgc@G`}=z=a7+E~hi`wOkAF?zBLQ##Tuz%S+CeZn z3BSY972VrlIH+p1&3`8!&?_Wy+TJiuCc@J-Ivn3HsYJ2;H~B!^u@-#%Pd+G+jlln} z@_{VUg~Q3+f8+yOB~80~c9~3#Hn(%=$$iyCp6(d_GWrAOYO`H-G}Gw=*Lu6#;R4p= zo!LgW@8bArme!e@|H!{BLy?nUY+gdD(>3w;9dD+_By8Qe1 z?KzyNiTZVLI!!Pd`tp`LD*F?y3Z|@Rp&z`ux2a2Y%V=&Wsc&Qgc-G^IE(!qFrH>xd z%P@;V4iKS_AJ~mNe%z? zSEx*iqB{lvLD2&4Z4PK53NH_Mg~p19i&&DPNo-L9)U8F?^ZvjuR*=+BC1(A_W2eK~ z)J+y;Di!Gut|g#BwW0)Q$leSOhcAXMCll1l##$KOiNfOPg&k22#3H19OYlLmK@}dI zvmc0nDS8EjN0-AJMp0Lhkt5PJoM+F1Q_-_5*g8JWF7>Z`tg0Vb*k^ICL1l!4N8DaG zF4uFan8U$BC7i^fjC4arNFXkD08EQxocm?$L~y$0h_mAnlhA@>kWSGx;gC=*;exy2 zuYn20aP4UQ1@L+&RnYL8!tB~^c>sPSEpi1%!XPFI*ts`OKH;?1{=tsAVbr&qB0e|x zF_Z=V9yo-D&!&o77EM1~ih<(88!f|_9osm0m#O@zzOMzdA4%VVE)hYD6ch|1cjzBL zrc%^&miYvr!^I{AI##*c^NG44#PT61fO@LI_gyZt-O$ z*7ncdFLzO+#_t0UQ>+0RE=%~>_|o8v9WZ|8AlrgT6gUGn?B%CkXyc*8C>bLbz8ZoI zC2bJ&=}5F%koD5D?N0 zm7zrnQp93P8swMf)3CeyhE73;r(nSc;9e{Sigt8kG8aeTUsE3tM~-TRI7A<04t2g< z$#XFmBbOI!b-L-`>WV9+`5Mw9gbEH`zTyGw5){c%&1wL{v~>JODf~zaDv|4Iv_6_9 zax=Z#cBlGVuG5rn4xTsjgK z%gQyIG%b~(gpkCe1~H;rL}8)X0RGV>A+m`jJRxk3KMq(wMYn_&5k`s;sH+7Vx|b+; zuo=d{Yp;6C&?f@`_$Qg)&4|HRgrfN}{rk}&OIoyE-#GL!e3wj=8Wfbn7_g31`+mdG z2EzZ$mvR3k4M3lxlfmj&MR3uGg~Cx)9Eg=>r@;r zx8HncDfjqBYDSwtqN-$E;XcS&>S&-l`lNGg!ig>ntKalqN&jNusI7AQ)IPNfcQt^I4w{d3ZnM$3v57Cr ztn_V$lhG|ApO4-7$SGzk%W8aNeXr8$qu%Ks^20}{}e38BTK z!wg1v`xFE+F-eeEYO*sQAHeDSg)FJ5(+)?=EfdRuyB9JR+kAcDwH=B3N)PU{6&m;3 zH89xdZRytzkBoe`7=}S!On84L2fn@U5$cB^HY5yElNZ3_BFelsV75;0d)*$PzUyCR zs{*cuCD5igeUcXq={d-(`(mm)fa&Q1Fa&HjYCTtZ_BJJ1S7=0tlF@zt!{-^n`D=my zVKPrxF-@9^jM7tNDPN5Q_W{5z<1XOngx+!AaT%IFJIUKHNbL*KF1NR+rYLFe^SzojGrfjyK7; z$ui^`+a&Yb8FIJguyq)?1+K2$h0juB319eijjl_qiuAP%%>>Tu^K zqiK9kP(f)_%i=a$!|E5sC$U*Bf!l&Wn?sPX>LeA`UC~>sqx@j8#k!rl^0(thn(?X& zVI6l>BvvO`!Qw0NJNNYn<0o=z>19BsN~WQ22JWHI?98h(uF!6F?WW4*ngeZ-;EW2| z5^=3c?UBwLbT9ykw;xWwCM$;p&{0ASx!x#?JO-fz-ZbZl-;3)HIgJFD)gZQzP zX3vOdP3P!#*$dFmVSMLX)6K{W_mek3G&vAsRho#s(Fdwlu+_CO`1%~W^hvw9QL9Rw zr*0YH*JZgnQ5EB-ry-WS2PvNWQJ(ngQ+sKJOp?jj5Me<$wY%l4!%V) zx*IS8kW%lkQQPSnJ=Tn&!jI4d#{nZ}nuLa5_EQ4LhJBHMXR7*LU(-`^KAcp~;K2ih z@aA_cKbc3xT7&bW67%u#5ntFq_@3&&xe#BGfXjyOzdL+=*Q30^`F>II8>vwc038J9 zv^`$<9$tSG-bfb#JO8Fe8S!8W5gv#%iE;9cR>tO6r^_!|@kx{$)1p7Wk`T8)zRtg@ zd?&ilAq?1&K}-N*;u3z)lhM@%m}tw~#RFe)0Qev@MKD^>FSyDabK6ne=ycW@ZPrmU z*?$BA{Wee13?VUy2pNb}KZ9;r2xVf=Uf4IY3fg``0?xM>fr%?= z<_%5JQHMYF?0PyHsQ=lvaG~e^`H@HXCyzJ<8*&gE^4^~k2=r>!3T~GZ9mIuhNF!A& zXg11COef4gOm@RS&>Kh4nyyT2ejE!Rs*L03H-8c>dN*h;c``0J2;xIZ0%GE0D1j+- z_oQ}ys>^EvB=Nh>&FPT(>F7Z8Nd5G1wA9$Y&`D`?!*n0`6T$tGna|& z&2BT%vj3E&+SfC((Ptj^y*S_rIC2iR(W?M_Nh*(zrUjGBThb?o%vi;!mxYnDDyWyG z6C;KQ2ZfX}$N$Ske?X0HL}XFY2Bm)3 zqvsuA(db%<-!?H}}c7bf#Vf4XRDkk;zFPhi8~T4ysR*pM5#A{pko+0#(+K<4jrs2)Rb7 zYrq`^wbxm7a0ZL`!&M`z)yu0jRBT4?K=`_j4N4A1gIEaawfiA88D!vvyv@TKz24W% z;}11J&GRAn5*qSTd#9QnU&kr(b4Z-MOl-~9?H@md&-;;q1Fc+xy<9_+j#KkoyUgQR zQkw_3J=HR_a3|OtS(}I53-%k` z7Y8G?z4Tn?+~=K)7yIgEiw90i0rZ#1L6_{c4^EdsVCNrS>YQ9SkXXhLp|^FrQrvGU z^q)UC0Z<&!7C+TCI3M=%+;D@AW_XTQon?O20gEp#0}heRBauE+As>b#A71Uqj^a4G z;2!c8KGfm8r6$qG$7gYUOUP%2$%pi|fnaMC+xQdC?F^9y6%j=^p|dlI&UKuBJt+s@ zuwCv|T7xp!)x@7~x3Pgdd6Zb;6S2WHr2rMB`79O9C+e{V>odOj z@&S#q5djas4C+k>9{((x+b3GLZuLe6<#5I=O2)qwWY#w_CT`{q{NJMZSruFvB-~h} zDcQzy*v7(`s!lla-SUfX=<6EohTXDe_{V=V(%kZMonGr>3h@0$KKP7ilEXQP+$2kT zyS!@jIRRHd*^*T8qp-GF(Tl1#Zu)alzuBDav}O3`QWpH z_vhikfAYbtsDZ#!T*8}w@&S&3R9(}|eG?GJU4LAFoZz2);I8@Fgrm?T`%gY7Lwt*H z_eK7nd~o-U)SblapM2mh&e5b0(X8-KLi{Y%$r6@#*Zz=e}zm?T1{|-O-Wi!X@t#KTFrQb%|%+x zrG+gNS}i^bTk5o08Vg%lw^}(1TYI%y2MXInwA#cA+oreL<_p`Ewc6DQ+qbpa_X#_U zwK~iSJFc`kZV5XbwmMx3J3qEM{}pyYX>-95aV2SUr4eysX>;Qd`7F}*Sz5$hq0RlH zh=)#_hp~vKb(^QNh?iHJSD=V@M4NZKh);T(Prit6S(|U2h+o^kyOxOmSeyT>$d{G2 zFIyr3hiw6uB7u)>fqzAUP}+lVVDiELrF<~^Pd;cM>1v>nXk_VX1vXeXjbTI z{wUF+)74@u(Q4h*>MYUb)zua#(H_y&9xu_6-qn#W(OK5jStrre*45P~(LL7HJuA_( z($%vi(RCFf9j=5XH3ll08fyjfuBDTfgbYcRs$9!5C)&yx`_!U0A&zz7Ez;Q%8X zV1xsVaDWjGFv0;wIKT)8F|!ockQ7cxN=|t)2WrX{YHIOdij!gH#B7nyqZw!cj`SS(-H@jgB>~a4_xYC@mE}okKR=+$>#&H9bEheYHG2c`!Zg zApJXhh8}B1j%>y+n~a2z4C{*2it-G#s5E=jOw@Oo8G{)wHkq*@nT~9kpUX3`(Xu|X zWtAyp5!z-Y4QA>?vX;ZL;E%JeP_n^;Sz@f&6gJtkQQ6rQ*~7BgG^5$kJK4x+IRW%J zYKl1$kvW_dIpJnGnmak}qdDYkxiG?kCQzItIExS(x=J24NgeS*9HmbflSTe@HQYy^ zDxRG%*^WF_pE^C7IP-)6MmWF-hXEMj03#e=gaeFlfDsM}AheW2xgy$IF{xV^;Q%8X zV1xt5B8+f=5e_iI0Y*5$2nQJ903#e=gaeFlfDsNb!U0A&zz7Ez;Q%8XV1xsVaDWjG zFv0;wIKT)87~udT9AJb4jBtPv4lu$2MmWF-2N>Z1BOG9a1B`Hh5e_iI0Y*5e!3YN! z;UHe-)mauOULMg|9xq;z-dT|^URl;zStnlA)>#E39L(*ptW6yqP2ccx3knGe2?03& z({VRO5<`f1czQAU5)(6|ba--Z8W8Iko)nQ;RM*+RcXWDodDAmGl?{{*dw8m9?K!`??H-w2{IQ-{UhnlaV{B&8Jto~HGUao0nr}k(3l0Dn;Q%8XV1xsVaDWjGFv0;wIKT)87~udT9AJb4jBvQgKRL=|(`6;qWK>+BSLQTwVcUNW}~QSr_AP)ViP zSz_p`uf58yI!W?LywoCE&$u&Hk381)h1}Ga!f`dk-j~W5o#?X?g~w{Bs~wfsDxn`a z#TRrK;o#dS34zvs+irBXYe0c(VwP!gH*J~-Zc-VjM<{Hf-)?e&YaXF%Rvc)8mw^!u zFv1}iMmWF-2N>Z1BOG9a!;^*Q#Nsy<(FmUsLm1%zBOG9a13d$baDWjGFv0;wIKT)8 z7~udT9AJb4jBtPv4lu$2MmWF-2N>Z1BOG9a1B`Hh5e_iI0Y*5$2nQJ903#e=gaeFl zfDsNb!U0A&zz7Ez;Q%8XV1xsVaDWjGFv0;wIEcUq2N>Z%^JamiryKpDvo~yXVzjSqdpJ4O?Y3&Rhx8HK zSL+Oz5pp(+37=MLP8c;i0A{uAYt-lU1iF}l5+V;|v3EByx>@Pac8o?K! zlU9z)Zu*`n_NKdos=CIfEQ`xt0E)_7U*`kI)c`7v1MfRTmb0r)ER3$JA;LupzP?@U z>V^@5m9^_pS}(tbW||0xn} z%Fc!J>~RPm*WBNVi2%G-YTBSl%{vra#qe0!kDFkUpI)PZ66|eTF~k>7SrI&&!fUZg z+&;7M)_InD!CpC{J74X&J2P^2&!3MAaHL*N1ksJ=4paMPs!ys{ppa9C(34mEwH#I9ajhfhI1|I0ZcI zmho6TuaoeI-kppE`u(1b2$1}9KUMcPZs*}r`t>(PK@?P>{{z}p5UNT6Jjr-JviMan zZfpS}i{b#f{#6L+bOEx+_yD%=Rj3t50jh%HAb!>rm{p|^UB^Zmx3gZ8Gqw=ZT5*Vc z^(vfadbVj z*WSlDXdPpil25XQFv?r$9DBi5L^c*N`cUrrb=981ZxdDFc*6CKdv(#xMR}g&37)sV zN<7V9n=T-+93Yk)0Ecc8gg}W1ho;&OPg);@EDC@_4K8M6vwf$6y$6>Y0@Oo(r}&*L zi8az+6OmCh;oqDZVMdUQA)2xtI$}yXK9ioJ-sF6)8*2q75D8!sjDbn3MoK%5NSF$T z#(eXz@LYryTFmT6J5mYrpDTM&*J z`i>$EJitVRN0dX7L8ZVAK_OgT4t5t&+rql^CeYeEa`Wt5I;aMN{Gdg|4(wW{N?s^*Gh0@@>&oTQo{4^>$(-7yS(oZ(kHo7Zw?PcRnMTbBp zB!7XOSd+ZRkX|~mrsw8SaAq;D`aCSXi4)&8z0d9UJf&XxBej9x;5g`c+U7$OG)sfD zhmS;T>P4?9=TPNPJpHGslNEoCR~IWXE-kW(O$Y&|+lt(q?X*HfU?GvmQ3wzYl{zwn zuoM`^t_zpk-kidX1etiJeUpULQAJO7tmv>o2K15tS#j8IeX4(gPE0!vAy__A(NRii z!Uh(hgdiF4pttvWE|uE;EZ3dvRId{Bs6uH!2`$MI{}!P5v8e!QI!l|DK37Ikru(Nk ziyg*_6e>w0MG%D{08teeNYZ_UG)SD0HSNwUSR$5?M^2DA**o8q-Qs)=E64-n9Y^D)|CT9_yfVuZ|kIZ*&^tIJq?vS-qnOSbmlI;Nn|uhdBb;9ddN zw~%65WCtF9I)cYmUIH^@x!giJKAK2-goM>#70p)ek4pn2S>@sMa(g>6opmXjl*v5c zUH~u@vVeP+IV3rZMB*!(QNSwni}I8!wc5&B|2{NX5WxJWeerte&YtQMJW}Kcu}gWkR9j=Em)ht4Wn?likt#S%Z99LA zvZFV~t$5u{F!}9P)9ioN^_e1Y_B*?Uz93ilK%Ag|ye_*B;qeUMcnu(O`rB57=L%M* zhg@iil$Vcg@G>X}D}E^HxZtuc2=gvc3-EYe9*-yhqA^2wQ^RqOFTJU({T}WZNAeuw zTv(!%IOQH5K*#U$!GCo8dcANxfldd^$fCax4Cj!&emSAI8o?zP?Z_Dkv*P|J`NaO@ z&3F@1NFO$U7a9+5pTEND4Fnfju^Eip`&_ZIiF#g+egc%T!ncCqO^u^Mj1^?UtiFe= zz(@3%hQVDS_yTPFRPFS}S&bFLMUPkmS#jfu5k-J-P#0BX|2dR7q)2jRQ$j0K((hsS zC;+T9R-A`$w;u}Gx?Ju@6uB7``KVMytZXIi6oru#Wk1|2#+_@9oK@RFb);@hqHYaO zv@N0(RpXRhx~x6k6dkM-eTqH&aFK~yxHo*U6bG)adbUIjVX zPco_r3OYR&1|M>o2{I+4@tbw(4^HLRvfkzd_KvdnN|WF3PMq_V$aFI z4s(f2Nv@yta$+e#OUZBCQiKOnoOV*!;8O+YQxl3(BxO_iLQ-uZscJT<@`I^HyQ$*v zY4U7oUu4thLee-OY374z)H`Xc@aZP>=@hc*3D#+dQR#{uJf1(9zOW_uk}(EW2nXvi zgl49Np@~F^rN(rme0`S`kH!#zMxPwTlqyD-{*x|Kk0~3CF1La%pN*;TCvA}rUCA?J zSp{vyJG!a~#u^{mIx@P3Ova{nv@OT9ZO^HRV$u|79335Rdc@fJI%tQ)7)Oq2#xlQ3 zlI0LinNdHvh;g4hKrvmj}s1OZ0yf$`F|#oezRpFL^JD8*X6>C>rA zhJ4iL(;}zVi;mY}x6+u*GJZ)jwPP|6w=kcivs5ayKFPF4&vInXa#qT6wafY(o#j!P z<%M4Q>4n#}(!wV?Gq98K%On*v)Q&ogz0}W_CE}!5{-rROJv&}0JJBvXIXXMFGCRtS zC5GH09X%&5t0Jhef)BmYoxW0kwE|>T`J!0)Ho9{3xN;n=YVuu5qj+x13yDl-Rp*P@ z-9+WQPgOue)u4E_z*1FyR_bt8^`yS+=!t(XIb;^ytG_a7J}Yl=lBDtl|EDg0!pW!4(em7wJt{=;) z?__Ae9&bRkZA6Z4Y!88oU!E|LE61`=l`#Eoln`&S!f#T!789Og5}%3{HGmLOG<%FU z;@UO~DmM;?Hp^W%H4HY(cGb~=n(^PYxZAZ@Ahb9PG`&W*XjZm}ptmjvwJ>2cT4h)3 z>@<%Qwtm!YQub?g;i$IdXx$%Z%@S?4q-gW~o&5QY=CyY{G<_A>VNM1$OvE>cep%G|Z)=@MZPDG4w} zXzA}xfBXD23~ED;&J^)3AGoegzvS|muDQ0((V~uC<+_UB1o=}0V-kcdQ=Lg1O>W}d zbK2cz4c!A0o#D{zZeGM5*YciKnVwDap7phcg*Ad7*#!F-gqv$(+rP<+C3?qCdv#oU zM=`p${JIu8dp9HdX6X8)5_`uMJM%F5#0UC>Wcn{-I;J_gAAfiEaI~Pk_8ZOH<{;YT zr`V_}AVu8(dRADwnC)Vg6iw!PU+n7{reomOiJ)si!=tRD;WizhKrvJRDJ6is+PArN zAU4Ti+^vTtmH=6jKw7f@uBz8W?LC~!``gm@zUg0ZS#bpnhj_Gg5PXVZrWSICwJM6M5u}zmX)0 zbs&h#85vQ)4P=@SJ!4hPvCp-3mR|N|ogOkiOUUJ{ZFr?Dd?hL?)2?_N6YgfMFl4KG zWvwoosCO7s*Pr@LF?udCiJ&&wO*w+3HZkYm6QATi96Q~rl}xW?Blim>5PK?rq00w#=JdWsl|6G+w5+y8~VyZnmk`vbmzh8)rX=^T1U z0Vyc~0RaI40i_#hDe0J@ySt>jySux)J0ulE)cIb&Yu(T9Kj2z(o}EYM*V22OvI^=S36uRaHq!Y`nGI?A6%N zPE~se$7auladvI^BFVjsNG zge_aXO^l7LtB;$2e(<=j>Lv|(tQ1(;9+F9bgGq#QS+zw#GXqhc12Jyf@~vq2j0u#$ z5+J+i$n9^JBsW{c1@=8m5^K#}%l`}@RA4P3DF_-Ja3#_F_thLJ!8Q)hnzPEpZ24YLr~(jRj1zx@NguNRvV7lka{ol<==~H~DzKN%aKt2i@}RUc zm08X93JnRb)h3!nq?(*CFr4;BpP1Y(lOS-S^L9Vafg|tGA@-C(NTNi#ogLp@{XBaz z5Kg)yoRbedjIM_#hb*QV8*>&baG0HRnm#~5ALo#l_nQ9nWH$e6-PNqz;2Kb;OvBPZ%&AEK{#$cMD<_%6FbM5KX0f%*StMAtMWerf+W^bsGBbkzQ4j7|;UTGj#&s@;!!`r~t|8(@sFEr6Rx_|y2Aavh;n09n|*|3Kw~|NDtf!UzQ#Q6wz^||LqmyWR zla-Sm=+d|vwJ;4eTq`M@aq7pTpEh-5S520E9ozG#)mJZ+Rf4wOZzS2?BBy`9C(QeX z*0xn0D0zCfdDpAFWhLlCpEiM6r)@82J0K2ueuEL?j7jc(on1q!CS|M;0TlQ9VYA4x8DqpJ@0j&Kg&`VhLiBE#>aj&(k-M6`JAhVHHHzQ`gn>F zLR0%5N=(6#Cy}!1!YhNrravW&`(lvy&C+yWZRe3?+5q&4xD!|EXd5s5b>QEQYkmZV zKv-{(vk0#=wE*5O7L9y{baD&pceOVRws`Y>NB`S+<_Rd!u(vrqyN9Gf`DO6otPDK1&WoZH zn@$D~AxlfKE}bjLnzmPQSZ}W+=I^o_j}Ac4gjq`!3ElY zCWXh`gl3Ef?-SUE0i=_ijT#2-1RNg?{W0AJ6tV9FoBPg3W$;3%R^t`prM^BeiTUxK zhTskM_F?m^w-&T(VxtA*L4#JMz|SbW7&I$EnN2bf^t2Y{9iiM>SNVbT$OP%M1Q(O_36%vGcKw;|z13Ge0G ziUiPG<2YKXYmHSyZg1T7)wc3Ipp(#Y)U3jcqd0dY- zX1krei1PEg;GFv7b!k!I=Z)XtemMX+sfhi>A$={uK#Fc$=h0w-FExy?5&%p80JYYw zTMl6Cc>ia1vGX4WMc#LUS$J2*ItaO!(knPurh@fKxls~RNYr;w71X=%`!T5CHKvUk zD7W`8zy%ig80C+zX^i{jxfE$LL1pi%#45ejQu-_}~`jn>EyGxbMZ{Hco6l+!4 zTG;AsHKm$^K8+Y z5fhKc!o4`t(Ta_Q>c?PUh;P~{E^(8VJM`6*)3nR!yU|m8jdm%~`Q(>~Lrx1EIPY|Q za9tw{*F@So(0)QH*3Y9Cn8>l(eDIHy4gpJ}fOO?{hQ#zh{o|KS3d;Ek&(o$GEraXR zrfeM&GaI6gg|!r>93wv1Yzv$i)uvA;CMRZJ>Ys?EpQ(DLgy!sbewJ8BeD8~l`1X%x z_cdr-&Xw?I{H;J~HAaToDMM0Twf^awP^-i&0efr|+dWCgVd$ z5SW72!XG%M5~>$jxu;l^4Kh+=rjyM1o6f2oGd`q#|Cua#bcU}^rFj8LF0B$TPm5|F zEn@vDB>1&lHIHiPKf&a3?MxemDzBwDyW|SSsq>GKRN8gA5tS78Hagax+D*=`rS{P# zx@8<6`R4B{+=4H>Rx^+v<*$-!#QQGD(8WIXAe$rt1?_A{+dd5oE!V{c+nKY7>5OYH z*QXX)ni5?sPO&aCXWv)q@QLZprz|&?$l2SdSLiG?FE`Z$+uK=etj=yX);0~A~bN`?~RBmT;wYB-zF>xkLY0D7A6)NXsct%-~#mrM)%z>T6Sn!Ij%e@!GwE z$B>xe-Tsf}Be^eLOC8(k0jXWr!C!oi#3X)AuXO(!`r;@3p#AS*rRP6PUV#~EV>I&B zUTj0CKT)SKmhfudD)mhui?|8y$FySHX2%f0P7^|Op?+E{r!YC?-KUt#n`)0i`ouZ_A<-^C|)nzORCjJ*$W zPP$JwXaBf1{_%J_x~|iL$34AO_rW=BNZe8Ykv{oZ-X+87jfG&#+SDh@ADKtuCoCiB z)9%ARVlJ~jOa5vb@_um1#gvdgAzPmfm3QUC?y{2ie>E2y;#z37VWsr3J)OdmH_+&-vd`m!BYVWTjb*V+5vmX2<$x zAHNBYvlj{m{*`uArJTgSF?I?x?mYkWwj;Ah1zmzS2)E%;bR;alrlDl(>a(g4iD(}L zSB;T5X3QO*P8#fQ`|m2W#WIl0U0QeEm({Pp_49KUB>4-b8MC>Jb|~ zju;7E4ETB<3LA9|r?ULae*anVqyz)>48cPeG`)QgaUW2nI~ zjp3M905(Om5H1`9g`@ETc^ftVIrn1IB%;Z3GKq(an1Y4c)AJ#HWX#3SH2VRFbT$In zpRbU_xfxB40mq@B%FhKNtYq@T;9+<&|53>>iZd}M!EluE@n#tUjZ^Y65z}CtfxHOr zRr);26OEG!)IO7|=bgw; z5TCw1>be37$3BMe}V zA;&~B|G-)<;1e15Uc%=nS*xt!hzL3Vw&Cr$q^fwaK&dptzw+voVH&TJ>yZrd2&v4* zPk4VEW%UrU0+qw=Kl43Y8+nK*0@_AG(sO;kCm~AHB8lV>qoZ-7X}~H4gc&!stC5Kuk88enzD%l-||!h zdf&Xqe|rLqI(HKL;=_;DB92YMPE6hglPKlVlqO-MBnQRbQpP*{q|FTKH1-(>DC1&t zzX7%MBctDF*52^mj;}K)RabW0p}j+R$|c1$u@#J{04RVoWAn5OyP&oUY9_sHJhQ#mn^BVD9ZRVo?X+ZYSy zYuYQ7zve3sv=67ozl!IIP|+PvR}2$%#(N&1n5m!t!aPi3T^6`0008FI$ro!`Ds%0V z>-hMJ=b1gAe!e88g{)CvwNTY2Ya~2t>~=D~HEVJ$Yx*~hoD8gdi-H_!8BG_i6@=bM^e{|LLeFlgvGrt0!-&Bk`4_yi}qNo&$#F zTsPE7FXp^#=4j-Ysk$oYr^=xBY)qsYo|^M%HX5li^QT_Oc@`B7#-nl=EhpzcN$w&I zP}cnEAC1I*jbPjb9&W`yTps}C1*{{Dm$b!#_wz!eA|kZHqF)zyC_k)?Ns1k*zv^0e zG5!JU^ZIp@isZi!Eg91iEQ>w3i*F1n&T4(re$P=7^=e46T<{OJGv1*Bx3MTT7eI_LW%xTq=KWJ0fYftkpKlj#tmc9HhO8a?*HrCX#g2l2e>GJ04vO3Fh(U0XX z26@i*wT@bxU!zssFuRv0 zEURK-tBU%op*E{bM=Jp=Fh}pz>xfU`U!xm?Sx)uPRr z1cL|XEz$eUwJ9b04uk(D47Q@*f4w&9Io2BS27&p-k$qs5E5w^Z?Jtb zRDLE=fBcW-QcL8js^Wa={e_CbcR~JZZpj-`qaXGPKZo@0NR1>c^d6Gm|ME3LOW3*9 zFybxRd6KC7lfCe-s{XHqFoR7uLd_XQMHLt6YSH) zF|`yhx12Yu=Chy^`0S=`c`Rtwt!af+vI*g_UDmP_Qgh%@|I+=zo>gD(!6Fdz1Q^*U1vHAjX~o(Zbf276^*=0~Wp5L_K0f=lY%POzp2w>7k?FkPSo53wd6C2GJj?SE z$=3xT=Vd&vi;B-Hnk7qy&#Pht%C0_2(wd7B*rpF})GVLWk)78(*vQ?RHEEk?y3IAw zEjDj2G*(||2VU4pUUaHzbojk)+pd*(bJ4i8&mq50HJk5~H7T%w+pY<*?FfDOfqPZ%gn3E_rdPZA2#|~pkhhffKagGjin+c% zw%AC?#Ho~GZS9Q@>!Ymfqn?zGQ_CV2?<3Kd22QVzkXJW^@Y`bApF&q^f0o|jz`+nv zy;%zUBnOW2wD+|L0s!;nCpZTNK={iM0XW5xINd#5m#6mw#xlXY)3cC)oyGo94B&6I z<3Azr@8TCrhD$yh$QD29H@*igh)1UaI2`=>Dk#?xkG|r*nu>lG<8?ZS$r#*zk$2;O zI0pv@?K;1}b_vWCqk3(BmYyt$_(czA|he@z%mQfX7v9vk~~`!@N;J>Tll_l1MV+xS&Hcmb1W0jFp5=P7Ch~B^_z9}o->4kg3sqd>t-#ZL2fQC)X zWpxAX55gtqw;Sb^0z!$|G%Br#Ol2dfgq=5G0Mjrd9~}|nBat}}&-~1-_Y}ksCJym8 z?p(ZOoz5a)IRAe3gKaifCX|?4DXC?m(WvIeS7czyGm!}91(iqEC;(d$2kG$jRm~-m;v-JcHIre{qt~T2RKW}mi zlgW#rI~f~yg5g?8kXvB3oW>L#4-N5#geR`mX(#u!t?+nP$K2f4daJ%w09zVL5eQy` z4x$f}V_a%>J4xdc((A8pvTq3Veo$AzG}Lb*dQ3rJ6KYY(;B&ZUSYS(I#hWMP6&oAi zn6@&6(z=!Ag^D;K;>j?hHP(1WB|?c@Y+7adIn_`5q;Tm0J_-QIB%{eF%_fs%8n%s~ zD3sqJ^8DaDZopt5Ed>Jby)=?)~)pBn_@)UYJ{m_!&sY$6Gf7!U;B(A?D<*l_6H* zLO@8QFr3ga9h3Ur(ubc>0I}%5DS)`(yW(=0pn9*kK&+t%NG6s#Is7YNJW`ZeL%3d2 z(}!EJn>|3)kyp{j>dnuOUzHUCiAvKO(T-FT4EVbB)9 z8?nXS+5Fs-n1?FfUnyi*Qkq#fUwMTQUmAbZ1Keh;33&g*gSW$}hyetOTB z(|^x5U(TLl`SQl3s&Q+f-(yck;;1t-uKt;d6>D2?$wrfostv zClz5Y#`}EPK8y-Zas)!{0p#~(ZAk4pzSymdcH zjIhlLregT}h=ZQK{j|{RO7gEm)B8m$vbfK5URqjW1K>tOy*RDrxSl}AJV|l@M1nDk z`NAg;+QdJK!JF{^jav39-2B8Qs{FKzW{Lw~MUht@TCloNs2lvwWfM8;tF~`=u5hUx zBt}M9=sp9=xlxnp6rGw8W*(fpn{O5Z+IhW#Z1Zq&oF%${6F72;GfMZiv<^$ege4SY z9c`2Ma6j1kwmU&69uxX2K3&LYGc(By)}{ebeSCPHP-!F@5z){0P$o#933Md)nK1^2 z`1d?FKdaQIt!JX>Tm=99{XD#cgXCqv3<~pwluG??NY)=S94gEDsSi(vIdJhH7n^}t z=H7EU(kO``6Z0|0lNk}*%(zzd>5ZR573k}@QrAz`bYDi5q za^L=e=3~> z1bT~La0Oi1(xw2UIWlbszn9M-BQA=g2|5#`AaG_KXCrf%ficD^+f4ZZ;qjbtm)UwL z?EE=zL|qv{*O~S+;`c)Bw?$T6pCvEDMgTRb*yF#S0kkKUx{O9^pDD%4WjK*gsm3dN zUhoHl@Pq-}K>`Q^{0(sjT3GEalp8*ZwoIuJRw`9m#GIg{W1~ITFOUwTvCG-tl{b06+L1yn|=M~5rB@H91ce&rCbUsnxK69lwr!P@A#T3BBN0i!KWr9T{7 zh`*$4bxP>+vudkD31n5Q_<$Lx7YOTx*7MSS0mg0PD5Qcw8$)4uhX-r5^6o+i+V9?c z#M=nwhYsZ4S33a8x#@*wTn{R(l;)v^PY$~_fKKh~Uuzq!1(7jwtJr?&`lA={znhnG zUnXU}%$1cVl2ZRHo`@IxCbNU*1dl_tjG+~3K>!8ev0Md$NFRdvay97x4&Q#{Qe$vG zZeN>vA^X4?hivBVJk`3k!MQsOtQ7{Xw77hZsP{~^w0V97gH7rxcdo`M#&&7Ja7>yb z#Nldv+L9fN-e;d=!BdMNLW}0p%k^yH)ka!mt=kS?0D}O-wL`%APyx-&B64 z_@*`MS9}I1kg+26=bwutYYLL4J|oZ6UZv_5h-NT7a3l{}5PN8hebZ%O@Wb0&+IiM+ z{?&ohFV6u7T{E*~yBRi|5Z;hHTRVzE^eBBr-(^Fp8tlYIuoMoRUf z=c+m+w(WiiW$WL_Fp=JA*h6EVG+}g@4u4a)Kl|@{kMQxMsO1FuB*h_0iRfLR;}w$cpDm*OgeD?Aa{_C7OI#?L*%5 z=7h=%=0)u8UyE=2pxWPH%l8BHBPE|DEiWe#? z0>wGrbDd*g$w?v-eaC8;KdVpA7PG*nl*$sazZ#YQH;s{gtpk!GB=+yM2jor z`9{?~S3)HB6NGC!Kl?WS&-eTnDXKhJ#JpGs)dU3&jrn{^1pGV&$S#tCmt;ZwbfW_D z1++p;4w?mmjH5y!1OjdaLiPK?4hJGgSrNAa)g&fS)qPQ7CZXfuSIuT`OAmTG3&iin zB%YEbjt^?S7uXLnz1}Zi!(tYHVv?@MmEd8LVl|VYGJCT>C_{IsN>M25rYeU#cylZ( zYk0_a#qhQrPtLC}$DH|v!=Zgzp#m|6qBDk4abZte;Yj5nS977=thv&-dHil6=Q*=- zx2Zxzp-TS5dq3v)8nSA{M`{n|f7pu*Xjndr9LbR#$x2zsDY1OW+1HwXr}1>Ct!?pf z98*iFP|K3#Wr77F%Hnkfi#B1QF0P^;Pt?!BBK>I=gXJQFZ6u4~agpH_i_ydX-t&#H zij4_bO~{H(=vYnjExMUm&4h~0Bw5Ynk6k)h`W1>T3|TELi!H0c#ty}w{aCF+EDci< ztWt`tb1bbjifyV{ZJUd2yIJjqi|wXa?U#$~w^<#Iiyf|5zdRIwL9#kxl{gZzIgyn( z(XlzRmN@gUxd@fGNV2)gm$<63ebp}cYRKkhS>oov=I&PF?#Jd4QsNQA=9yCBnZxE) zT;f&D=G|Q4-Oc7RT;em$=DS?tyUpfzT;g}d=KoOQk7R>mmBI;O2(nTH9V~#gG=K*d zC{!9K2@8@h4N`>#YnKKa!a^)dLmXhCZl$4qurOpuX;=&_Jf$=|2NqFW8c_|4Y%Y!L zhD8mRMoq(_mrJ9!VKK+0F;}qIhtgOiEDozIj*vZ`tSp|6J%P0>frmX&s4P*EJxRVS zNtHcWyDZs|J;kyt#eqH5tt{1#JuRdxErvZkr7S&%J)^iRqnbUlxh%7rJ!`luYnnZK zxh#8|J?FSA=ZgK?L)kYZdoEUaE+I!AS$Q5EM?PzLJ`YEMP(hmTX~5eM`=iTX$(hMN_klhM|p91c{N8xb9qHKN9AyN?P#tBdhGA-=9(O?oSf#GTCSYh=9)gPoWA0kd8nL0a?N5@%@T6Y zkyXvnanG|>>?C2vsdeaxcnPEvj-aX;&>7axYs}Ejw_pxK*wAaj%9{t;TS#rBtou zaIY6vtygnzG*@kOb8ik;ZBBD@Z!K4CZF6rQS8ZQ$?>toPAh~z3s&@%__Q*7 ztM_?$4uq-?h!v#%rz25Ha(k+y<$9+#5RYE9v-S31G?CM2y0h)a$!x*9Z>nAG_ZO=T zwmZ{Z9lx%32aqTwiBgg%C5cj!C?$zfk|-sKQj#boiBgg%C5cj!C?$zfk|-sKQj#bo ziBgg%C5cj!C?$zfk|-sKQj#boiBgg%C5cj!C?$zfk|-sKQj#boiBgg%C5cj!C?$zf zk|-sKQj#boiBgg%C5cj!C?$zfk|-sKQj#boiBgg%C5cj!C?$zfk|-sKQj&qVv`USo za|H^C90uc!WeX*01xndUP321!pBiko#+xcuYK#XWXx}wgt~FRKlp9R^PlC2M9*k$d zYpLGq@c41QHPKSD(*sAxqf>6J-5Usd&S^N=T6ZuK$Mh~oxvl zNII4F#swIhPNupYksFozEC5dWDqFR!umL#eriE2rrT9T-i zB&sEeYDuD6lBkv>swIhPNupYksFozEC5dWDqFR!umL#eriE2rrT9T-iB&sEePJ?Pm zqFR!umL#eriE2rrT9T-iB&sEeYDuD6lK;=QBtst_pNxGYBL|dD&M!^;qU=KwLemRs z+ItUAFTP*jbq!A>=2v`;Of`qcB;;3g4NZ8)q_+=_St4RqxA!OJSF8f#>N@-Hem=}D zuLq~*=TtTxo__y%|Cn3Zc=O{vx4J2#wC?)$=lAQ|n4Hp|504eiU6(gMI)}y=RyWg2 zYu%&MMy3~BBU2s2l3XHEyy7y)=axKUGkg-VCl^-kfBil_|Gu=oeSUT09hdpz{@23V zRzugo_}p^rx3ZrPzfZqkoBBtM%`W9uH65LOFRE)@+SvIV5IZ)zxN~rlTvQdGSKcu= zesO)9QdHI4J9KbzZtfp_cmK;LKFc~V?n`K5U`lRIMZ?hKd|6}1`p*9D;c0nOXLVc8 z>ek-!=1x^>&&<+#_sC>R-|+R_Pv`LDv&-v%lyCjxGlLUzZ3Cl=Yuo3SH`7aNePh!# zZM|Qk(xw;J>_ZY;`$rbnw-L$Tx`!w4e*Rk7+?`ok+dn?@h)%Z)PH65O&i=n2o%2u3 zDQ)Q3+CM6)YeOXEMrIXl?H%nModu@mZR{S7&MYo(?hcI4T;ANp<(8daUOR;+mo~It zT-{c+^bAieT;2ZIKRIje8H&p*pIThK|MhfpcfWmb?3a*j6BHkjSzJ)t($q6_a&cAJ z(%n8VwsUZN_We4su%fYhaDH_&rMNmgqc9{bKef0zDyt+UyINo|IGB+&wY3 zeEZ{}y0xcgbSkZ+W_W78zOz3fvnaW+vaq%V_Fq@zQ2^yGVa28U5nRou`;olEu!AUpWvhc|k>k>X81aYGgIFmn_QNft<8FtNQ$C-}9 z>?c{S%ho5^9>--TIX(|(C*R;$9H+TKWHzU&Am;MZ{3xOGQ07hlDB&GE&`!DJbU?r;ZM?ir$8+aphmTg8O9UZX-TT=99II4)J*1hJPr`N3VJu z;?KB^vQjRfN~e(LqJ4}Ni88U$%y6mb49>XBQ$gKJzL$cF^v$7*9BZf92VHJ?;aqD z6^q;KKN813RXe9VmKAZUP{OsH?-Fu0S+JeblR>-@048rQ2;vxr0W${STLI`aH*gH- zVESwlt6{Q^~C3MZC$@fR%1sG;4W*`EQs)8En2h&K1g{ zmV|@hj3$?t3x%mIqNkl}mMS%s(A>j#6<;lqlO=P!B~`#BE($=107aivlF%`nmt~8R zpppc=x_cQ*xeiSgf4?6+>v3L0kO=^s6kt5!rGUUzs5(Am)EHguQy`5H5MFfgzUgV) zct1J7D0}=hWlsPnn2cCnnHFsSvQ(OXT)s87-c+xz zb;Wys{-&FwyinMfozPioNme2mD%#2cWSnmY3<|4%@U^!a;@7*4SxGg(;RM`rVRWTQ zMG`lCQa-bR=@GlV;Yv3F)SV017r$E36srAcNAyd3^^PVFbzdNHp$T% zB1uG@P4zb7`O-d~KY3fqmLs~@UlI^H92~(B5UDc`W1{JUN<;7RqkQ68uY|e&E%9M_ zekY-4l2%uQhJjUcF~|hqm`b0}oG^YnmITl4J^Drvirx4Uxe3ZPPq(-Zv3A1 zm~P1V58GI?*>n1Gtsxg%@I<_kUS|$|{&0IWw;GBb=mIDwyNb9`15u zNzn~E#7^ENV~Gpw5MQQjNhY`0CnmI>V31=}6SNW0-;W7Ky8%4(wvy34_jO6caY235 zvHV&KR=H>7yApSkl}@_IC7AqNqUI^@T9lAa<-y!`saiSZ@rQ0F< zz%GE!5Y`WL-eB^Q{2C+Hg1w=|okRRg&c)gi@%VCh>nUg;&iFn&b|4qVNAa%{-^sbD zE+&pIjzQfV_GWoS9Fp0bbOeN*DYvojCblQT9#!WSHU!;oWNBF>ixHH>g28-+Sr@o- z?VX@6aW7%G1O!Cl(x=q$Uxdu%kN>>$m2lyOtTttD!o?!a3Hf|qoL;fr@&WU?FhK>n zTr>CIOKjibSYb8<;cQ}h6&nU^IXQP`1X4PC(@vC5+xk7%gr_QuUP7>Pf|4&u)cE<2 zOJX*^(LCSerb(4B13TS#Jer{g z+h}Ea9gvwL3%I%ekS^&ISRrK(Pq;y)w8w9W^Rcl|?;>YHALXVGqs0^<&S%4p;K#u$0lLU>TUU;*=;86T=%~?_>O>b`{p#8mae@eFX;DWyKIt134LE`R-zqg+!YV zTNq+ln#xC7dsu`gSPVag{y=w5Z-|F?vI^9#4hK>GVjN>$iz*6;+7cV zm`vlE`s2nBaf^9zjQeplGVvpz_yvY|2Ge-a#3<~5`1!neXn%aEOu`^2VU8hz-ZUY< zKcOFyFq?-=pxaN7I*7+YOPpayq?Jj`>`&}LBu?ig((EUu%OrJylBO7vs7;d+`ja{k zNt1a=RQpMxGRbXw3gJn~x^2l;=E>OBiRuT*Er?`&ofJ#Y6cy%_XE-Tp1u0F^DOQxJ z&aYAptRn2%1RNBp9Tii3)>0!}Q%Mt2;f!hZb*X-yX<<5VgFF-9Is%b6)FJ6<39r&E zf2O@yOOrKAuQsvET1(Fr#LX?58J(0Wo#Y-v%;qp9oUEx(Dng`GOfQiwtI4C8+(mtu=0dlai1NZjtnp&=(G<=Qz|`iP={-6I9~&J|rwAAepPYm@1|9+#}knmEps=|!JS1^t%6l&3^ra86%z z9-NBHSu$Rle$HQoTTnBeTh{)i&W5F;oxWu}v*DbhErY%*BCBIPzVEzzpggKcm!;>t zY((khgec3H4gJhHSm6bLCTs7-MF9SS-;9_meOl7?y6IcYc$YmM_X(DsQKrSg#?uc!_K4PW*?Ndg2?UEsXwM6+`4pCQct(@A$g5dag+1=TC|C z7w8Q`bM*px4KIJzvqXO5pGXthXpnp-BjQ~*o!+qRRG($ixPfRKt#8QcZ!A7Ewhz20t6-%fq+_Chb(B*|4~-!WdznQbo}e(z{r zA0vL|VOfv=yH1!-N1|9i*WYxO%5H|iZtTu}RxVoNsOQ3epCk49l5_`R;|HifgMti$ z;&lVr2Lqm&gFaq;WzvITGJS8w2W-O!e~k{7?hT5X4301jG1v`7B8K=t!y@=YdX@bj zlnV{*s7!sH>vj$kfNC9Rh@8IjSZ`9<>yHG2Mm&5dTsnz;xt=54m4}%29M(y`Y!%w) zf5Z$&15K~M@P)sOH7XnDjRerNB-`0|S5hHp$Vf+Es~Bg12tWh)*4)rY;+*K3NhJBLXS%8PCsxy#4hNdud#$vamX;la^+H zeUsEO^aEO+o7j-bG1$L=X0k6WS^*3=kOON?q)Ac36PsV^eTK{@<29_b;(z&VD33?} zonDR7R0^IHP@aCVIf?mw(vUB3Supa4GGsj~U^B|w{GRlnbMQ!+uJJE%^Cl_TqaKCF zRQY#UzrN$u$H{QwPY*uBxY;uplf8^pq>nASPbbr*lSml30XyYC*uT)(6Y)MgiFRmJ zC;#6*eWE!GkUsEl8eL)%405CfFT7Ntu%Xmmw#4uUzzDVI6-x*WfE~aK##94|NP#~= zFqZ%J@?BCAToON6032oj(ShsY z$AN{V&~W0gd5tk0d&!Iph|5$)gr{a^ql|IgLP@kiM^?+-n^S1<%kLPCC&JOnpaR-SRBV6700xleMww8&sz-dqn}XFNq%HCTIKhxv?7rQ2 zHAq4n%%GagNRm@^o05dE9O>!s+{#eHrfd6B0>@ePWRh;_Vo?KLIVS~cM88IEDa3s~R+FH)6oK7&A&i((L ziEp;~N)C!S>~`3%MAS#?*0y(aO7n473sbTQTi;!VKiAxEllcW!-(@LZtn_OccNS8Oh$y0akI)PjgJ1hnUH>% zH}l5Z7;uoXAKONrZF5{p?b*$;+B07-x^p{4=Q}3%JEDUe_T?RpLmU9$M^wK9AT@f^ zyu_vYB|#sO3E*TIV`KxMoEsd;>*v_?N9b#}29bBK=OSuOFR-x3FN6-=w;aXkoz_{^ zyG1@wYB^SNK{#(dM#=n8dw)+z@XHZ&%Y1OHXnQXy?aW%D%};*1cKJ)7Bv_=xMf}7C zM(au<=t@os5EaesNnT&+#4r|P3xrq*aSpPTmMG)u9>W6$NiMs#Q2l}TqhFj5icW-jQ*Zm2|-D@>~ zT>cAkMq2qte$>JMd1|Kxq>uw?!nj{3Hst62{6PNUrMa1)Bgud36>jQPzT-UWe+2aI z@;?6MSMVa;m=klC;|?MS*}%OIArtHTD#hy%MX)U`}=BzUT_9MM2g*VG+97B!)i$0 zbeKbs7xYmYW)S8^*-iNg&c2QC3aqDCH7$)q;2#sadV|mr2u`Y$3^b>RGJ)h}FQnEV zou5|o1#eP^$H^H}@LuUC6+UJd%P*me2~F0|Gd@eM$8N`v%IhD(CDCt4;sxEWE=**< z4y7}Anmb;oG8)P8t-3y5Y7z^g(In^-h}C(zR}g{k9gxonQ&5;W8s^=gkCJnk8KeIo zGwKCLpuu?h1A?w2?yjUT$)h-=vHGZC{M^mZQ3MSXzn2@Z;&p`GuMWgT;)S21g&`b! zp+PXLn|(aqfG0;7E_mJ;olxi$4n25^w5vz(d)%;N2Qt?yF!fN~DX^rPCvaS0F>)w= zU&qCbY4woh7|tza#;pbR(`tD0Ab3)Ic@%iPe9@mYOtA87M27GqNqCVOEg|(S+_?SqdIFkthZ{hzP43V3U-F!Z5@a0`5Mjza`ar zukl{)zLyO>j9-)Kx48mgz;W*#Oa`6194BB|;aod}=9FX@*RwDW%NV;J0eh~d7!1`q zcNNsKR(yFc_Q^W#C7gY@^sCxiJnnP+fZ5agjSy8RI5<}gdWvv(2OSOiP?6ni=-rq9 z%h2~%k&tfeo$r;dDAs!OM!t{1%YMfZ?vInXv$P5Zv94Av%hZfRCWCoapDduHxfaPr z@eOE?qMtwtflxtwR@}WriTSTkL+Y=q1!m|s0$nE0r)%>_#F6q%hw-7TPe%Tc^8bgO zyKajzY#)7p(?f@J4&6gYOAJVNw{&+%3OLj-q@Xk?A>Gp5-74MPAkwIe+vnNG+Iy{6 zu=gLo_i!KAeZ}{4N;rqSb5M4gv#Q?JGItlwuzyEHH;SQHUem^?jCIl%0}nYu(IakO z4+n1mR*|UG5jOVuhET(HkD}c43%gd#_wkPLv#z82i?i3db?`-+=U;}X2XqC;QS00+ zO3q8nojbWla*r<9ER$7VuvKaAX8fqgc6=G#J}?Mq(=x{}w0ofuT6cJGfFhzOBO)24 z!JuA`x7t#XEk>Z;G$YJW#warS(uUEA=M1-xuz_o*&hYW;4#+p>neJNn*}yx8!AR7% z98WkWe1(5?)98cmW8MCSKC%)%@=V{SCN|wc#%=F@-nS_K_4!T4WDHmjPu{%W{$SfGC2h7J-5W^r;j>FT+! z3`*mB%)$dsw($LwMT_UOUr3fV_Iyg8StOE2>Tj-z~D_axdYomZ7z#{Y)UQXgHQ)70*M5bAqA>232IyU66 zEbr>59vpIVv@O7fDjqymm`BGN%Py(;?fufS`4gl~rAGh#hwnf49MKi|JutqRss72= z9uy|>dD7t^!i5b|%Y6xNINL>bWpI8CL!i_>2kHf#p;x8g!nSD|>V6ZUN1a|=-p#OKAyY-+xL)OdODqUXc( zmq3EoXkU`C2@NHj1zG&q`=O^66fc|zhWyd`K3)Wh5^ZLY1j+=P-Ry8`#R*1#A{*i; z8^@kWbZE?=xGghe3(jZ7gubQRv6LMdeb43)4x^xA2Z+*pG31KE3GI~8u>@sf{e_BT zgmIL^xn}$cZa*^%yEsSvA_L=m!Ioc}AU441MFBd7R{B?vBG9}-cOcP8zJzA3J1+_fX0Cr z;r-j1c(Hn5TFM*FXTEba>Rhn2c%O`D6}BItXSgPx6%4zbVgk z5NQ!_bcFln?n^pKSPo9z2VZ@>?K}j}FVDQie4XDj=}29ZH5;S&x{$2PX;wb#>pS@C zB39mgNv)M{8N;tjqD`DN0#?4~VcsI}>0ER(R_03mxl47rTnt-Q=4W(nEA6FRO&3>M zlA8T${JLB%wAvPXF#YSItBZ^YSC>W<{d3|!x;cohF5_C z@?2fr#B4F`p!4v_SY11$y>FZE^6*Czk}saa13LG+mS4}TZrl$C%x--247*?5JgK_x z!I1Wf`0KNYp%mCp=CKpWx3*0f6Ij43?Hy;dHon*#I4s=lZSS+T%YYU10hQk8eTMle zvuMz`!L(ay?b<%y55Ea(Y2WNk?OD;0plLq~-%t0sVG>xuv(eHHc@*nM2ks9=_F=C} zR^J>ah6aBxp1vq!Xg<*!k!Y)hELA(MpR#MU7j+>0>b2gS1xdYGp8s^#*h97J8uMmt z6}iwhvVPG~^V{?~ETDTP_=n2Vn@xwO z>iSekkGoliEHDfa=w|?k5msT+H?>;VM`~|_m*@I2YGOh!?AQEx zpz`A3MI`um-v3r5)c$rQ>8bD1%n_+pE+M+;vdvz9_Ke={J8nW9Fza#fQ2$1F1F|LB@+%*RfdsHJ^RQ*uFW-=}de|t>=t}hwq1~^%!LDD=pg&LAiKszP z1eYLAwp)3`x~;ZTFQG-0p_(f9embT{IMIVbI?Ocl^ojlkSx02o&m+`9Wlr*Njo%|CcmJG?b*^7b5 zeCnWTqkN&SJb%Za#@--%!JsDkkTy%b`rM$}vq2VgdF&Soy1AwL2{i_(vOIf|Ms^DA zpA|ShDCk8hbhQtelD1e>30S?x`N$87(njDnB9dkk7xNPrTNB{`b_y8#12lHy5`PN- zGLx~h>#%d7<-itpo>k9xCQ0iXh5VJFVC>rW66H6sAp5-}2fJ8Dbl4gP*fkY@i-=%n zi8vq%v4>0+GgKS#O-Kr_g816uaJ9kSn6i8=peJyq3S$BhbHot-67- z6q>P=@FS(@n-l;b37r^%$}30M)ua_w`>C_aP=TO9YzlE~qHZ7;(^S_hL~RPG>K9V= zuc?GPso|qkx&q1*-YV%goyD(tGf7{%F&1a57rqo^HL#)lB$@HrBqL6MHINDv#5f}U zTD9bLX_5SxmUvbw6(X%|93jstfEOprRisxxo+GXb*CtdHEY8D*y;D&O=TU1wZ|xJ} zE!*pbFXaG7IjpF(U8$qjPKbW&XO(URLn0ng&^#CT#UJH|>YuSuI8l;DHvWk3A+;jj(U#J9gY# z(~mG8x}_Al9HFw+v5)J=bkBl0J|vVilBgf^eC?O``crq}&vEyG9n%g^d3rFid>yQr z-Hyol#{Llp_{5}3BK7S`RhKqGs|UM~ky>em1yo6ryI99n6<5evQOI4P3jM|exnklc zVLlV81fZ3W#A!Z^?*h>hve6=P^VR$qbLh`?@m|hRJ)c{3nUn8oQmC#|POMT2RZ&ly zyZNlUH&Sx9AdDXnPvjET~04<$)FR7ClmOXrvJ%(Y46$uif?K^WP-zE znsX~WNVB4MZd}y#x%lJ4=VFmEckPPxg%V-$%8#1WLkjt6rlmtgwTa?iLPcsYG#Xfq z_FkGbn6GZQnB4}OMI@}M53Rh#yTYX<`cD-s=$2;0L)zs5v+8@m` z=(pU9FFs5sKiXw7f+0S3{&J#NbHM(^l!5v3j=AZ8dCSwT?t^>gi4 zMlaW0i`VAy7Y5(FYEN5#p71KVa(!v#74O;ln9D1x->=wcEgEq*EV(Vf>K4WZtGiw6 ziWBQmW*cLn7Twt!35gqt9UH`J86~tUoo)k zjJLcu(0_2>jN`UMncS4=w2WJ|{Po+?`+PGN*XoLU%aLvi@nY-5Y^y}w3gK#X*JN26 zYV}KM6lb^vq-coOycO8=0{?D{buedu6tWnW zu<91mZ{C+kwfB1Fpr(3IVs^01yKR$XXBlSfe9`D2E#XQoYy&?qliqjSa9|&{r!H~$ zHFRJ)f8goA??uq%b0_X!vgi$$3{9N zt7-WrT{IFd9vx=ssd#8AViyImjbM8PKLE#x7{`VkZS@~5ogOJP9G(6?vYtQk$8}D7 z;VemWY{GM#sQ5l@<4fwaLk8TbEz&v7%{lv`C?`z*)4}tsX0tqqK)!>~$Gbj{1*yU? z^MVbNlJ4ilHRh!o{AC-5xgsZr^(VZOF20{#-krKQNF7#&nU*`~*E=-SE?6`;tkjX8 zs&1Ur8=P{zbiGV;Mb9~n4?As!$8{L$#w?s_OrJXJo=#S{I?}nNaGzyrx>-n_y~TI4 zvv4zYKSS7`_BhmyYR-=!o5$c*lOj4Z9xlkKW;ZbTx$W*5F1>pIx4Z2N_apW535)Yw z40j?|ce&j2yxY@7|GX7=-YVpDY2p0Om3tw^h0Ct{*N@A4h92=pmHYk|`vePz=^kkx z+mD+sQr$037cR6DF3#^f)T%CikpEDfy!a{Nsc?32ZTKS}*RyYU$${SZ0pc-}>v{52 zwQcC^xUqJZH2=Hi#~hB^dhN$W)u@&i=L_*8O< zEqadg_s8VWCH|t^J=o@(Y2&C`3R z-kW~Y`+CZQWYL?^@qj_;8?n|PNe1$qg0PwLhxe(z52dJ&#+xe_;X@V%A09rRd(LRw z)Kmftm`#g=y!n4Z^)4PbK=nk^BkW|T105o))h5P+heTfrRd{EQqy#(W^v9^b$I4E}Dq z@Fk^q4uXO@rA!-yJo~Kz148!4zMc{FoSxLe?_of>Yu*)MZx;&!{KP44WdiisYI7Kl z(CZ4qnZXFcR5pnK6iOs9#yjl*|A71OhhFOz{~{e__#}H$5iw04G2Ks4e3eduTMC6W z!s6|%anD@X{r$?SKcY@5#7+@_-RTnEID6i#Yu=h;c$k9`<{Yr_Sq#;b5}ncPcZ4|a z89*PDf>gKfd17udU$X(1V=B&w{4=)P*|BQIxHp6_dZ+t<9=BM&>@Aw^odJ?<*Ipp7 zSDX$f=C2>3rGQIj;ISb5Rp1EQ`;rh#LS0JTf}>xxJpwE}k7bkT5hws~K5lA*csiRY zggpYukAU)HQOjeK)+7=a_BT@cxKg)JH2BMAK=+~VBNcE?gJ50iDd@$U+Daf>BN-tC zMzwyE^7$iK>?Q!OiJ$r`-RLu)#oi!bsFi}Z-6OQpC^B`&>5F{7xG-QHGrzkw?OvDW z7SbZL5g}AmMDZL%1zS(R<TPbcwChQao z^sgQu;c>bI_ebGS2)Zfr1M)E>?7CG>U$y`Q3J;!sk#~G=0+Be*4TzXUmXKP8g_d8z z7RE~9_^rxW&uTD7BH-%m_?mq-UoOUUQsw4ohA0?}`V|qIKbnZIk*`{;Lnd3S{*mb% zsjB~Zv5ulIj#o{9Yb@MLsF`>a)h0d?0v05Cz_g)_@wLJ{vc2>C3c#>vSkxZ)6%%Ql z_r!~cb(Dty$`^2u_`Yg1*a|Lp7F6(crcmhv#67rb>wDxEr`!gd9cE&*uc}2qC15xa zRgCR$Ub9=rf!-7xhNM&xS@CKNiCN0Rd{qPiy2#g7c)LP9+Jat3C~}Y%MJf`4Uc(ig_#4fDE)1fa7^IAI=4W}j ztH6{XA}U5SmT0KoMzR7u=_`POJaye4<@NpNq;j1g)^wAT#?R?^iNt8~e3>8^CAGCz zzCKnp5sbSQFZm^in+Wy^Y6%y2$Rhf<{4YwqGRe$)OO4J1_&Ko*Lz(me9YSfmy_bYU z2A8XpcF;XJDjXF`AQ}UQdZ{!YgSsLZ)XYNlQeC3l%(Z1(nX9aBT!I_^xt}XuF#s?1 zC1!>oDl|D{AEh_@6l1Fw19clGr3Urq33v6gN3qk!#%~TW<&Q3;FV7af9NB@?XtL?{s zK}$Xm;r~-dw#aP+w{BQY=#08H6^JK&Bb1K{k`=@09b`8M`8j~|q;@h_^Bg zjZ2Tz)q121GIZwyVdrC0$y?;%>EXT9@A3`?nWsJl%bwfI!!jA9^^7I*@2~qh0H+T2 ziZLIhJO+Ao$rr9{mhVk{)Qhs=89`2JhQY@n0}57(pw`bHkbIDJvGVe!X$;dYX+k3C17BLL!q|RvC!ctr{vC1D2`sf99flD zG&+!vP{adBu-*e0JTMe|D;OF*bZE&r>c5TWN_rP9>PWQcBngei?yzW0N|HaVDs8CX z^TfG?ghMJDvRcFtOAS^s+E@hH3|gbS3z8=u$cIip=%U~}r0|hs_EOtEl#2V?$4I&L z6Gj>l5E~jf<_GCxdy+|rofaVibe_C#j7od$!Oh$~3!D~|r zRm~@UMyXX%8tG>DQA7^`#%aPSc%?~P{~frwY1mfRpGHU|e`cF+R>z0w-5;6`_xZEw z&!-#s=FGE(i*UVC7&Ss8T5$Kj&dGeNmK}4}d|mOp)H{0AJZR2*q~5cOjLMi=s1S2? zgS0bSLD>)NL${fo21ZUfyO@;vS^`A?Q=2od)cS9WQjO;Nn|T)pK3rfLv$sK}sn!V% zx)PpA&IF;Zb7AZ^y@dpPqI}P(!Jz)?w`yQZSC`k@@E3E1sIXR)GMFx!|JojA!{C{H zZ3Md@zet@zZHRZIte2}@CU_Y_#0h(uiU(^!2SYHk)PR%1BL z^NDNFD;n5SzgWXx1rM0Jnbn$*zV$6joE;|(j3kY!p|H_emcwm(H9};7hFm!Y?b4bk zS`1(|ym-f~kpfn;vvQeLrcSR)VS6h&oDBz+(f}!x@>Gq51VA}H6BpP#=Vg?=c z!32twKFg#^Ky#B7(Dp#2mb>joSeZ6OdxPZIMOCVqfvsB2)Y1Q}!l9|sy2~x2LCTrm z64{QRJ-et~4LJ@^N|~;7KO*~h*DX3qMNm<0o^YRe8A+8n=_-F+bh>hZ-siuuK6$Mf zX(k{;C^13i6xd4{y6b!ItAL`BT%xoA)@E1!a^3Y~vZZU^$P!e5r?9%_LUWeHFzO+o z;1dZF1`>nyi#-0&5S>Grq1OQsqJJsIlALDJyMm_vcA9kl=mx)G2gOS!tn@@0TyE$g ze_Ig#&g471{z@1s2eu6TtNH2Yh|R&iFw;#_%f{^%#Y9s@a8;$;=98b+Gr1yM<1g_Y zz44v7n^Um(*5vrM*$qNBB}{%$?7HQHj+ODCMO;?iUzI!$6V;-rvoM2mzoF#If=rK1EaNUe-aXQ71?Bykvs{hcEO%13@cXEU zhl|RVUI(PlaF85Pp-)%E5TD_lqX5KC^2A^U43m7LJ%-okn`Cm7SeRguriqS0HPYaC z)FibwXw*vhC|Y3#`Wa-H4}7|9TpdP)|x3*0Y>$;oe}3r-Uz16 z2mGx+m?Bs7YoqwhMyhNG@2hNm%ni3R)=B74-}F3D5;F zVFJ>H;;Pva{wx~#yIu$uWrATPLu|Q~XRIZOFKlese--k2q;9P3a-1;ZuNW2H*m9xn zDc}r3F`=?Pb}AAJDg^sQWUQ*x#du?dy8Sw;BKtRBR{gkfy%JjkO;#KMR>SwJhAS!h z{;c`t_B5fa#_%M=^y0V4tfqpCreS%;6__f`_G!7r=BV1QDv-&hh4$v3hAlSi^Ja@J z{b$WE*%tTgP44!^so9LVN*3|htQXL2rAuC^Is}5*oQ>J+=~=BD9Bh0J)Wl01Rn_c7 z9GsH&9nwo26WCnFiJfZL4A}Bq{Y!9%51h)_+*fAYZM0n%O58>4J?}<6sqMWE97507 zya~`9P7b`8hP?#keISm$5JyARQWeEgU(-@?o6;*v_SZh_em?sFVKM$}gTC~KfpGgk zrbxTX4V~%HSRxG5%#SVH^mgh0|3uM{Igo>?e-6lCrp(vdH?f z_->Ab;j)D3vM=1f&-%ofT~eN1!>p&7LM? z->_!i0&?I`bKn6v^shM#gB-zYj*=k9={3inASWd?CpD1M=9<%P$k}ks*)-&Qq2_!8 za&b^|aRK>pSMvi2xx}o!B;fl=Ui*`t?~1MV3c`0SQhP1UccWN)qsez`SbJ;1cjr)h z=fQXHUwa?M_W-YbNaA};uYLT)_p7A#R}J6q=Gx!ge1C>(|4j2eEz~}3@F5Rskr#Y_ z?`r=d`2egsfRG=Bq7H?DACIDWDGP zEk7ux4)l&6JEIOej~}PB4yTqMx1|oZhaZpK0}23)kLUpXKex*G7gxpI+RA0i|yBrFW@{0FvLVu+*tkBt5w8T~&p`hR5f_0jiA%bD)3-}jfh6M0%a z-A}(Cu1_~-dV2o;1u!|bVCdvdTj3zKvaJX_k)y3hB1MkvC{jbG?PyAevTZo6|Iu~~ z82m{sIHZ=5r9J#Sia zs6208^FKYeLy6+PXx&S9y=dDknK*1aYo4fSzue)hQQ9AN^~}BY*ZGvJ? zW!7Jh8_zy8_A}OgDmvPlej>gg53=#>7p*~w6r_*4sga_O&ebS+EK+jU$>&#)jr*=1^jrr--_WwKI~<9A|H=RYmvXsTKJ@oXDDd8PCtF;Yir9? zlesv%xc~9*3&hI@u#};9eSBd9*_OyNC8Cpg&+zgNOB8nHJ{;4_2ul4;6kU*FE68o4ol)wB}n9+Yt;HF;eGDIpt-^qxZdk6B5UOqW*4pa)mE73tEZ#^71*8iE@f1}N zv?+64XeGV1vm<|OP>@rtH%;viLv5K&Q<@+E+by8ZCd-jR^ARzv@K6_{C(P@ z3;i_E)}^FKl2QH5eljpfu@(jftf96nJ%l;+gRAwfilI7PERE|pQknzixY&qSjGfdC1b+HngJ^g`zULDK#IMbhT~khBfjtZ}5I2#~UWs@)eiVu0%J9wEiu zW&xl@2!YK7#1MG>^FVm62v9DJ9CbmPHJ!qQmDviMI5JSI6lbepJO_{3ahoMiIQX|F zMZ1}MPAtpD`L%eT@*06$QK;wgYf$RK&9+@uyKL@j=*Si=20Bc7{O{UkG2EH4CiKJC zfD*CMaKixugNUR2N+6Rf6xV0d%YMGOl`P)l`wOvSkLY%^7ok4R|JKh`<9_5Zu`4 z#C_PQy%CsoP;50TRHWRXy2JC&CR2JBt{#8m_EBp^(+;bjpH7Y)O8H6;RBTQm0w^Ard zm6yRx;@5m#Qd5<^l%#l1vEaOLrX!J@!c+6p7bi$0*^{E;!Hc4QIUYVRy8iJ{}W`0@Y*tQpY z>DT;$pS%5=`1SpDhc-M5c*j2edqL&J*#L6&v+-r=vo_OP3(i| zT~NRn%YX<&)7}g>pYMTdmFpD*-!mN2Z7uJ-395rUgP?)&cXVGKP}C-m)=F1nI!ClF z072rOix=ymPtXNwShGKJpkF%W$X58z&tz$~6358amAYR(ZGGUHzakx<_>x7VDglC6 zX&+u>rTKB`Ts{aNYV+3e&#%-?gTvCBu{Sos!U%5sDRzq6H&ua$gnLb23_8wV#hcF8 ziy(L8OcjZJINyg=*}!rR0-)BxUUebuSpL5cL#rH#7AOGk%A5SD+)$b#T{ zndx#m@(iYg6=@Vm0(t`?4&@UgN~D0iQ;M84Ao^ewg!T(1PXU1>`x9}*0JHv-Y(ylA);wia+x=EAWnmn;QOJ@A z#8LsAFWkz%&WHCN{_G(N5*Uc-jrC&j|5efo0YoC?fEc;$bGBG#KO0U%1Q;RY1X8UH z1ScGk5K;h`|B}h~SOrd==Y{bkrC5h@h&{h(O-%b8Ci^mFB1LkDG8-wJBjn4H>Q`fM z!xG6iO!PO}?jiY}t;&#Yu>?h<_)QL?z5h)~(_$uJ_c_@6J2(%=do9^p4#x$G`hBP5 zjSHlkccPy$hTA>xJ~`3-HKs>77Wxh1#W116QlZCIVZx{4dL~XsC{9l-&P4XeNkc_P z!AVcW$warz$^1ymKt<1pErR>V!+K21j!n;rjb!32=X^d!%lAkppd!qD%p=@JD|$>P z&KdP$nMbOeR%V$_c9~JZnNuy6R%wh*#aZO#7>`B}tyUYIP8*|vIH#Ejt^JU^6;-;8 z3G~(RJH0j@dvRJz@pQN4bdNSU$2J%5EFNc0TGz+)z^sfwlZ<~IYT`~tk9S6}cxF_a zJnT5dH;mW1 zRA-)2XPT1b?3!a&(faHNrkuu~+08*YN#r@@oH8BQ9F0N$9@p9XOrCd@a||rAk8lbN zWpRwPu}?h)p_y>aWU+szikOJym=9uKMshN*jxn#Rux~yxZD%p>#_}z;K@PFAkB_>DIA*&wfnAGp+#mBjmVbPr;`rUhhQgK1a-a8?{9~42K7V1pQ-40S zbACT|fg4MK&rUwCO@VzxfuKskQEdKNVS&VPK_P0Pja;GXSiy8`VS`PfF6Y0hz3>D2 zXZQX>bQ~$c@jM6)mk^hLxGLuht`yN)~+fP#69Tf~iQb8wInz;$pO1DKu&4vaU!oQ!R0HVY9Dbbmd}or}lEjVfTy^^j2l_ zbzuxRVF}8H`?=(WW+UEGv%QgEL`Jr=M7w}vxH1g565~%eVuM}7Rk_|tfIr}rCXT;L z`Nf(x4$e_!`S^<=Z@e^PJUMIpGloP3k4eQVk_u3N1$3w4H%jGPS%rjZr5RJDk8S0r zh{~|fmHsD{x&4**j8!OdReRV~7I9S(6;;^dRn)sxB`%-KTykgIE9Ol(hgBJt<3txv zKCk~`SzTe+u6Xx-Ja;pjb=T$Ne%!~yIM(BnxYJ;cAK47o)XcXPV&~aaKP!0d+v%TN z!XAHd{LQ9Ebe3cP#@q z3)!kOqZtRYYY3}r8E56c9~zRG-IctRszDIf>G?{%q-{g5K!Zd_!*t~5tF|xoqYZK| z8oTrwpf7U7XfjpIsQ758HPoDyUR3II&}sdqGRT4HsgU!6&jxzgbRM#K@$0!GWzuW zn;aTh`No9R)`7;V@SMVwiE8V;*7P@R#iZ3v5^X#Gmcrj{NoIwyl{I%KZPgO(MltPc z~~4n#!<0<*I%zT?++hc0*fpc#87F4=HS z2Bce2I+L4O*9-< z7O%S2ozT2IH|uGA?9QR-K3(nVq3MyA=wia^t=8$v-0L!|@08~3t&;7vd)yp%iSlb%-jZL%zK@A z2JPL_d^@T9%t?`+wB%RK8n*`;8xFw+L=Yly>^_P2eTn)cI=NNnF!5Rcvyd^%0`I+k z@AVQb4P&BMS|A<|wzD%ze^2&-XXFiSXQg^wz*?`lwGIkQN3}&~)+qKC1QbY)=Oqwn zP=skOl9hLY-%dUok|YgZBXb|oLnRK7nb){be)pkuV(e(b)+j*qh-_d|B-E{W{j9OJ zGtFewAXDk>yd=?_WX!i*LoG6h4(sG*)w2Ef zvRN@b6fd!0L?H5NFU&p^FEA)l8z6(BMZqv+fhlK{Z^GO2!*1UcHHd%bzLBPzLq(a> zc?g!`fXIk__g*7cS%>%m-;2$OqWR4Zm=a!Td<#2W%tHBUDlmN)ZTYn-P_t|y9kFzQ zVJX%^w%SSV`%zcO3KRo|Ao8a%QZQ*MxQL2{@c@QYQi>AcOE&|I{rJ$X9jMk5l9~3aqpcEB!&nDJqtDeX{8^=i? z$pJx))j^Kg_K;Plu4%M_IIU6}7u+Scj{4q@hHPMnl=d3HAB|E6^832>ntS8!&)Tee z!gfRg_tWOQJ~iZ$+N9(%dL?(y+!Q<79A;wH%J6DpGELC6JC(8b_aqK z(Sp2|x8E;wL*CvmzD3*K*|`FhhVI4-?3PPyPpf_Rd9`(32rOw3kp+e;NJEsn$<=E} zUQMrQdUR<|llO)u{KrK1E`h%M*F+OR%>J3^BobfxO)>mIE&4?}$Ud@day@|^@?q=1 z>(d@HK{IQ@Fyhl;@E`L1Y9d#Bzz^{s6YWV4cyBC5Yc{DO7Xy+;WO)V>rVl?H9fHDR zxBnN5?hH6~(m7;9ITfTo5czZ*lCrCDdn9|2h@OJM)eET!Bd^ya8PIHPtZ8ZPrl>T* z-m$?x={nsNOaiR1lx9&5je$rn?Dqhs7u#XZC(5CV{Sip(Cgfu5f;ba63V(GGLwv!h zvpXt%;QWt8^P7>tVy;6k9Lj$f;|{P%l5hQE(ZKeZ<{{%LXcrZ|bE*-;lJdgi@*}~- zD`MaOM@FN(CF^!42lZfKZecDRO#LB1wy=60W#%4nh(hq8?h7JUTKL`{|9H$2%u=-tOlmL-@VUyIa|8 zpJWarvC`88x}GD558bE<=K_f8m>E$!E zxBCHn3h5|HogMi&GG2?p%r9000JT&YsTj-_hKXS(S@qE1;M}v_ZTgs96VoUjGNrjQM4Kvi^ z;FoZI{dyJlyaXpXj?$uf)tkxFGD)_PXWn43KU`Ogbhszqz{9AB&po4fg*?CnUOx{o zQQnRo{+S4%6Vf&?3gtC0w2bx>=4mK$RlB9-RVGL}0QnXO2&gt0^ehOQbs=-o5gRx@FH3m zgRs99Y*={Cl46k)7Fwsl^?OCEB8-yWTgrK}a^NS;IW5TtJj37m8X4t|Fpk$jk{&Gs znjbw)5We&r(I3#HGVM!^JbpQsm!@m%<5nM#IE0^wkve{S7Th`+!Q?&~ts2^8lCMtl z4@!rJ95Lz>kFSS+-u*9>#<3|bFw`xP@QNtB&^+s={&nhzYuS`2 zZk+G*tt1*R@bzxU)a&bS){xiVu|$^k&legZUlJ;juR4r(86G83pdq{yXv2>B@g-9~ zhUSCCNNhj^@CO((#>CV19p0SL8OBx`GqY(c=r5R#gV5}iPaP^ryq z_Zyp}M$;fj30Qz4dQ+GHaIlg$)T22@=I=V+YjTp+3?ifF{p$Sw$*#)TY^A;91_y#! z1q@1OcKsxG$*L$f)KkP`ChDqBTr0#`j54+r&9F)cuv8L#M1EbJ?TgRpo%lgGCY8caLv3gyJ$r1}@dQ5yZ^iZycWo{895 z#sJrWGBp8Ul|swV z3N4Jz^R)hWN`1w+^3^AYj}~!m6@{|?b2?x}a`ci~w{w@ZmT_X&;X1joh3lyyZ|deq zNuh!@gv7V#7w)l2$NO(hcwQ_RgUcw4EAm+qL=n%0m5I2--s3uGgK6B9v0k|7rp2We zD?D*LPdOR;3?XCI5S}3ZuoT701P>QWELSfB0o*n^@#Z&$EG<;S0_i^!oJ01ZD@)0u z1Z1Byr8xDssWpnHg%LhYt`i&oWb~iywA#|^Q%far?!G(zf6jK^f|$E?0AlEp=y&$& z3+ZwcX*Duw4f1W!p{SqOtbz|J)`|^{e@p1x7qnh zbjLad>+8PL+Owp9rXAs0zj3p<+md^xbHCcES(;6f{)}#%FSR;{Z#I|qGJ1NRF5dn= zvP7}0?wwit5xy&Dh4C)B51)J{5`)J&NY}WJ9DXVJEO&dvBXfY@?$SfRe2e()Ll>in zz=?LQ&16{X;NMVzcvccyBo&3*kZ^Ztth4$i-L7$~^uk_M)c+x)*+iE`B)SEXRjBMa z2TDc^q)R^hS4J;SSYkf^P(b@%8SVIQETdz@zVWN9DNp!y>fApWy|_FbAg!9~sb(*A zzdQpQ^3BJPa+2eFoH6vdF8C*-6-8H?WBvchXenn^X0mT-|75gq*D?4y>z|DFD^sZ6 z1m69V(TaW*r$NpJ|73J6yvfX%?msemq2<$;Qty8<`hH~*Id@wdE#+oI@kXUs#J@hR z%gy0K&NFy%btA0muIskTGi*e7?Flom7el%|h;VHSOXVAOrpNu|j z-k}%?95!k4N(@-ry*qdqQIPg|9h1Aqt|Z>9@yRE>C1ja9AZXHl!!>he?LaiZy}+;A z_tOvBLm8}J-fyH|7gEqo$tneZ8_>H}`fGNq6%%ZeHg!{Gw7#w%!@E%3?dRkAs>$Lo zc&QEF|Lgl#XO0=o%i@*(jV(|6nwCPV>(T)>6CdmSOW$k+B?gRKz54OCv}v=C&bybw z;vj;LX9vIML5CYzo8%a>CyM{rscUhSk=M9?SP?WCAbsIwBy=bx^Go^~DMdbJ{jwI* zDM|)lB8tS2I<~L%`2N}Awz(Xw!&c_a#=D#=V@egjkT!a1${iwF*+F)N%{K=Vlvk2F z%Gfw7tO{OsxZ|6l*G-=8BcAy}_$JYym|EdyUPV|-?0@d&wLFJb`vBT3)MuUy0swym zb0YNbuUi@Kp$Qw724(J(hVDPBJ*akKgL(yU0KHN!+psWPQmh-UEL}1#jn)XYeAfBT zM<@OB(N?`m-keFZ^f>B0xI%qy*Bu;}=t*V3{6jCTASx9sN)FaVBH2fy-hoq;Y)XlZ zCjlasC?c5;Swl4-Obr4y3FMNZt$-p9~az z>ysIj{rr6JC2eE*%RvRZ!B5Qc1g?Y1se^oagDQ=KYC;W4llCsVstN0jC(H@ zn`#Bk+QPqnNL=Sfd_0QH1H~0UllF`W0OPolz__x^xT^NJs^lJZ)g}w{;dAiFG|4am z)CY%^)9xVb8x=W&MZ;%JX0Qvp$!lu?zZ(DYS=!@7Y>VleT0_}0jj__+A&ZA@ zHUQ14rd9oNGtM?Q@m+PiNir8u&h?XI0F)X27$*#CKg&V~CfXRqv7b$2o9Kw=WJ&uCCS(Mw^@zei{y}Npf``s3O z-FV}TyL)h#AdS1bySoGl5*lqZgb+Lg2yOv_ySo!0xVr@c1PF9aXa43|d+uGetIoMP zH>>}I?@d>YcRb@W(ZG{i2CWvG$i|0q1m{7 z!&^ zhcx%ORn7&pt9f-$7TEX~q|NmeW%bLBzv;;j8@&2r_<_TOir<)u%XD4WdUwHiVZl04 zUv6+=n%zK&a?xrb-SWd%yG||#CT>Ul#h+pZzV8%@LkhUM%_?zjA}Bs2remvn9of)@A#v2}ev8nVKAm+0n}%%7KrF~5fri3JZD zL`HuNOVW#C`i|?qr1GR0<8EY`W@Jt|m@sI>lkh$6nIn3?C=q2jMZZ32|NB9eQ8>|Z zn*Orp-dL)janDa9p#)=(kH&~pMxK?%_LIvUUfCgRJ9m?m1BE5F572vt{P z%~wo1mpxofxRXpYs7w-bOmI6*T&q_S#!arzOwJ!o@Pkb<%-iY&n`#%nRWq&P=$eMh zniiOwZt$(z1g~m;Ty2?5ZbMmW-8+rw!VskatNv3CD@ z%_q^!+T9F(UEH+83{Q5=X?#uR%*=CbF#K*#z%zKukAfOVJH>Q}FypIfRuTP_E0QgB%9x?4hCS`nC8wYzMsV_SWAZPk*!HD0mx+`e_C zz7;;cb$e=seqf1(wGFI+;x@?wn5}gvwq~fd38xydOFD@+1PK-;$qlR#)2&IufE2`X zq{M5Ki`GwwHrl(^$T&9olsj7NHU|QQA$H2HdtnuOeeHG%w;gItJIcud8W%fC>3ec8 zA*};>O&lv-Y92iU8-pfGePVheR6A{jJt7=iLk&ygJ34bAJ2PTSiyCgrJaOxE3oCyk zVrF|2R36g}I~xlN+Y1_}3j_PbPP-Tr#{*k8n7K15Ct-;L*O{GbjIc+Om=CIecbKqm zve+wT5%-!U&&9n~+e3W?$3O$i0GNhRNQqr2Y&FP%Bg|hvJlXWk1`EVNAVNVbNQU;XQ~JY^N8XXq#gQ)Oae%~e47PKG@v$$p zb85|@tLw2;(s9N{O?=628uRxo2eY`QW2ePqv%&3bm@~BhczpLbUDd^#>ZB0Ip-{u@ zlfO#_j$?V=iGPgC6!uBT)Jf%H<>&N{Vhzzci^b|N{(4E#hN-0*V!Nih6I-Oy5#7^w zIj7N$C(R|*cgqiTYjJn!C^>F% z5bwDVnaJC4kaQcn;~KXRhfOlCj5MuIQNNt)(wn{8s8w)R)OY`r>xOT!yj*fF&VIBq zx_03HA+&7+^&;i@aEsYPd+i*4CQ#$)e9yr{mGa^s=0aZl;;6*qv#G}s)kX75 zk8^{zMFZY>g`*s7&v}2rOVq{HgA1s^z-f%pjm2d&^W{(bOFP@PtBs3a8e%^$oPU*E z_BUN#Bwx<$Uw*yyd`@0`VD|bU;>1(rSS@YmBbPS)HEXwD00KD>Bs-2 ziZ>%04xgLg@EIh{9(w0FhNn#nbZPc?^MvBry~6&K9mO~s%?M388=)n`kH}YAdxu93 ztHYzj1L}6)sG$j1y~#G5?&QY~e`9!;UWRV&=qGUbO3c&IIfLA6>o0tcnTghrF4JbE zh~@^ydIF&t_Zn;gVUA=O9VIyp*BZ;pe%Tn=;uKMU0H3xyx6J_RfLCU0T|lgGbVkWt z*)Ea60KKIEOS}70IC%!*ypUn_{(`IXT|1KWv2fG=CCx`qbdnf^@JB{y<$xvxIvqQ6 z57@c~WZsLRJ)|sUpSVI#cbUK90vZBTBAp(n10TEts`D>@UAjV@ zxPXo~uem=xG;)jsM8?n4idx;qW1U`Se6LWT`TgNI_1ZSar!K@NUKeom2>XH?oL}<0 z^kFmx7~LTZMD+%}C4tW3hR@MF8IVx+_fBpN2K|g#G>Wk~oe4}=)JQoGzlx?ZDe|O6JEdHwuocGhk%wa@7WVW#{{;U}!JqrRdc# zyQbOoxakJ0qh;nLck|5=nUuuVf^D~i>5A{4t6P?sKN7coZ(d41Smk_@{5=}9DcNw8 zz$*1b|Apqy@7uT8-LPlhf$l#5`R=22?(h#tTVAM6JB0Mqotl z3lx+naK1T89H5=Hu{T=$97!h=k*LBdnw=2uuhf~8lWBJa%rND>%e)IC;y)#Ty?gj#w=gyTL*pE`3(IVDndc?B0{#-tRR z&lJ9hibA~Jf)j)ZRGiRWJ(Krud8$fKk;sq<3bmp+at~e-)sIjdc*UMgjN(R$$f24%Bjk{pC{;aS+c#ld&sL*{Y*Kh=wj5QW(p2jOCCh9N)`j!zHone$jF_Ah z;`Uov?^e(QFiH|bx;Hc?D+Ql$0C`WYOcZaGAev9FmL!zboC%`@peOJJyx;^7$xeA2 z^Q{g*>kLqPA=c=V+|X@(Tw#VWf1GxmmLk8VZu+2-H#e7#k>x5J@OPy6wLq0fNjIy= zs3FX=g)UB)9HS6*S`xWg`IV9*@-^8w-vA#|=e|Q8W;h{`ktbHr-C1+Mpc!>bV&YY` z1>Ga49To89t-7boJvpG88Mzj*_pLuVJE$Lnqyx4|beRjP*McY=cM$hE+35={k9Ga3 z$DOZIlqL_yfC}{F6IH)UR5d$uzGv{ZkyR-prx2bY?4_SVk8`9?LDU*( z7-1~$#_qvLGakhW7U=;h*MQS2*AKD-M=;|&041wiCl;vfdHY;eIPJE73LQE;1-;@d zUG1W4mpVb-H6h0dpx>x~?vq(h!2Qb=?5{yudSPn0-?UN$a$9KGy4>Hj2OgpV8Bsa8 z_&ypY5gORqB-XmGA*6m#wG>BRs6CCUJ!suucgks-`1?<6T_HOSug zs=HwR+)yk4EgE>lTOR6*8*9h(rgdZyhF$%>5!3$iu6eRch^m5sfF%tm$7Gr(poJUj zoa1IP{xM8h4OAUL_5;0QulsWoKL8HZaYP4rwgiWy ziK)y5M3S>QvS{nh)w$!XOAeS$_ik_(ccD~$SVE0e`kYgAG73T+ms+ruBjY=D`1N~{ z6czljzMX{p+t#9xk-$BE&5y5iQQr}G?kagpY#Dd04{YN6IG&uKpOmG23dF=$4QR z%(zw=FsHlA<@0f}=1cipWF|xw(#}!p5ELI#g)uvh}NxcRX&N!Uf1$ zG~PsZx1YIg4!_3*LySK@O0UT}*#<5eqeO*l)^cT>V3)mL*@+d_3AlM%rx zlAAcAL&hVN!z_o{e0fr-9k7yVump6_RDV~oTcGjU zrdd(XLh+}Sd9nncQlmM1lp&=(#LGHl%kKh!k&^Qq<*fi)v_Fcsc8@nrZYHLYC&8mu zMMeeFM9A381M_l|-}ELIKs#xq*mJDd^Hv{aXr-kY5%A)-34>-}K zPVX7&X^e=XaG8xj7y}?3+RdZ_Wv@@H&iP}4bYw!vgeuz)`r80LWMUWVCzPHiluQzO z0@8y5YO#-aT)Qxcz~?P6L)Qb=3=q3(0hM*5khMuwh`I2aR?-5c!hJQ34B_M~2YNe2WksJZJ+sJ*#fA0iUT=bq>R%3xHRb_ zU<*7!#2vvYTDmC)bm>W9zCw{0dQrr1Q3V?@9UB>=La-G*2lHNxV3G2RAsKuvm6C5N zI6#>uM&!;SHELXyMLW3xJDXWXjiEtxNe0b3JJY8ktu{Mtm?0kOzIGUtnaiG3jENAB zN$-SlQmI(igo%ZXN$)zzz@zxmuh=jf%^(I@KZeOT!X7cnUb~{$7{k((7}pf0X|}Ux zRP)iNKmGv1l7Xxg*Xkh44}wgEZ(K`v3oaj>Ozkl|zQ6LkQ~lvpz_+NH|Fu& z(f_~8Xq153b5!L2!O#Dbh5nx`^k3Wm|L*rcS!f!~u8xQQ!O#ES@w3YR6+iC{xqkUK zes1~)Kl5b&@kslNpP&9W{LD{zHK=bAg4aiGd&c{o%5dOnfF|S2ZiFz2GJKRHQmwxC zU-((NP+WV0Z@!BEt&ncV^%VGL?oTBNGYnsP>O>RQ-#eN$!Q@;Q0C1n^!OYg`W?bg=OLR`91`~{ue(t z2Z+eP@$-F962)Kq94jm;4ad(9{#lsc9uD#ie?9zzpPh4R#DdGXJ0DLk8uLj0PyF1` zpI3Gki0~iyS-cS8PmWMq9=G|$83Hi>|AwD0VfRH+oAx)1nw}TnTQoPr7WfSOzwmR< z-JoWeY2l|^Gegh`0_~gKK8ydx&t`D^oXLc;^A?hcw2dZ3+Ph=V9m%RzfMGZy^V2;g z((u~q7T-n+zsrm5$+Z9{V5FZK^+ybhrzjPRhP983&jZ5Lp^6jwPZoLw$p%!s#{*iq zd`%};h}^#P=|b5%UaO*TFJ4KGBlSlj^Nj^b>o0kpyeb>f_CnYgRDmfkCD?V%f@1xM z?|5I+^G%fn{;z=H^L^g<@?D0HF_|M`GG1@xjSJ}>b_W$+@M$D=e4;&elvS;lPhELg z1fUHXWw4)1#0e>4Swd7nfTpGubIh?3jf|?-=x|nt>~q?dmmF-nB?J~RQUr{uMm)@! z_vG3cqJp^)33~u&;2vrG{BRVWd;~179whv5kc$aH&dS~am=^RE7+#!e$8nI895*50 zGs`|9o`KA)1;WtlF(ZQIhfANuX@+7%r3M zwFo$F`A9q0rC>&Ku6Pr|&)aiHU~$?S+_dO?6v1`rjI0?*IN0oOA^PIK3(+kvXs5Db z#!EyNoB@F*pwyW0B0Fhk71?H;ngM?JPO%dDfIT847i`AL3d9(=1ytJTSDJCUC~JyM z_;C?=tFMpge#QtVj8a8G@&>34l5?Q}*}0eij_DL(*FArv6a%n(+X>P+(9k{=tkp96_2KR6|NBhq~;6NMm<5(0Iv3G!aglG3h2Pw7R^fl3wq(&*_BcY_PSV z-eP3Tj_ne@1o%!{?9g_0AZpGlNHkajXcFJcfy|UO7?vXavg=-u z(w8c;%%rYA8skGyu90ZP(@+u7BU++(ka4iKk#=;>!FH5fJ)2#cMXBqS8hW2qbCAp!9CF!O7 z<>7QvQ*IpHH^+M`vH49%@eXm-_+5n9%R&dLauV}BU9{KpxF>f+4?GLKdrrQHbNwnf-2BYpGMFmfeUx zsd03GSAyyqN}LQxk~W%6s{q5G1yLAbg$sf)kh3&#AcQGn<|w0^E&tGvQ0C4a@p*WK zm$$j4)(atmRUB|sBHTXl;N^$Qh>1^=5ykJp75ww7*@K@*JM4hWOJZqct3jqU2!uoM zU;)N76}b#Wskb3tyO}y63TkQL`5EcgJBZMO@ZSe8p%>}GVzcoU0-uq*gJfw;d=yrd z_Uro|D><i)6I9qR|x0W~E4C|3;I{D)h$02q?#y5zlLk7io)=zV}A4(>c5X_}d%?5tc>rI)R+w z3VOyrU?kd6!J3#EL|S6a3$%u9(_4R5jNsdeDcXT9BE-TSsXxG%&oGumDVl#I0>v8* z%;NXot!R}1kT@|w(%)7zCeCfahPw%R91z0n#F@e>_M+wWd7syVAy<%B{L>;=ccAxc zFRu7Zi*O^5z5|!hK|FG=-S&>13?%%8PeOrB(mY)po3{zL7HxG14X~83$Co(L;s&6`bDEUhg!yt_7v@xX z=X5>fq^0N7wQ_VQC%8ag3a0$ ztn0_j+vO>n$E>@f%!lRg_LV=J!q5M+rJj#|xDw^KEKmI@D*lU%)$N&m=Fay>%X(m z6=@`ooGchZbQrAv&O)oeSNqxjorON(6eV{RJYkVgk(YA$`0^1dYr-zQLaXdjsF>}e z-ln0M&7%6qsQXVAdPQ-Rr1-k8_|0LlYicn*eTj-pi4RiAOk9bnNfBdtiLXtG5@IP5 zeW}VxNu^9FLPRNMVX16iDQvqGh*$=uFN6J-E^{0!S+yw(vn|aWC@U{4yGJNTq%Z$= zTxKUz4u~jUaW1zlEPpdr?hdT5-YI{Uu25_#5qeRf5MRboUeUQ%QD{@~gRb&Xx^iN) z;)6})JB-SukxIssN{7PAIrJ(M`l>tYDkQ}!s-mioV^uj3RmlfcpI=mGAy%U)R^vxj zp2b${+Eia}S1*iI%T!e7A=d0E*NC&#bjQ~ame*MC)eK^MIUcK#WBbD6^5s_L%U0YM z1DhKB@-GLYU&t70&(Ld8aw<@RGm$AuF<;gUr`KMi*R`(H#_xRDwXXZjTvw)CS3gjv zcTxvKua}9at0<|fXR8;CtXGw(e{zP^)1B5&mDht_e3k60Ur_i;AOBSb=_@*7uH^5p zF$dgY?F>Tf#NgltrBm@E(S{FWUm@8IS`>|)3=JADzv{cv$|n#QkCU0^L>LB_Y5s1E z9BUArYqYR#5`Z*i7BnsOHkoWU@gOv((KRnCH90spr%E>mB{UljH@6lvb0D;&(6!(k zH-|a5Bulr%CA2iZNJ$(gjb9~wSD9h+vecHLF*B#Nk)h!2%c>7A%QGrl3tzVR3P^qY zP5=HkA-QZ@)yuZr->spkZ5nlLr8%VarzFjoS+zOk1?}zcjM^b+9mR+3pG@Rh+3|;bw{>~0balpcqRqD5C$#d)brYYo9Q^Knpy&a&cVDX(!B#uh*?Taaa*#VZ z%Uru{^?K4)d#X~q8&<0#y*&T-MZDxWO{i{#H(KD9-P{q< z+ToLF)^By?y@&6!ORS}11gfG0)To6Y-i__a_&BPL3eS$>(oMdQp5)yg>0a}rL3!14 z6sQ|GF={peq`KBllns2w27q;XUBHVZg4B{Joh5g;Bo zm0L9xJux+UGL`j2WC1kDjeYZ59Q2qQdp}{2PXZ_$CTcP(Jz5J#G#~El7&Mi(n2olO zY>E5L3c}@_LMwpT^(ls!d(UFoOtK=(b3-OAwjs#9X6q9Z2l!LC0dMx)!YsGvg4<@_ z(am#7&ztwYLCiE2t)AHHoBv)qziksPt^SSA`kR2=!du7!WOdfwY(C}IEO+4>tNUE_ z+KhuE7roH}**Xcd)n@CTq%>{vxY_@il)hW*HR)_|#~uT!jnPn9jIhoD;BVxCa|TAi zs|)6G-{+zw=J_y}&UMgqsJMt(K+)l*2R?~Wq2J5WmwitcJlBZOJ1w7IO>ekOIAYI! z#Rk}u`bjhs$xIUGo(KJ#Pg||RC2qt2&Zj@YidGVO7qkDP)c-@@A@w8mM#(&Gw*6Snf8}do(*V*xvKsy9lyZWTX zUGvqQ&{Y5+0U-r}$6@x#d@@JEU&R4&XAbEG8({RWw)7(vJ`MFeY<&Z_E^&V@(XMk0 z7?#}6>M%nJm>XHe%ft6n-*y}Z?#uznJR;$FX==&c7`z=8IIgyS>zDpkBm*w$H_qmE z5|-W~{CLZ!v2%Jxd^u@wMaA{g9rDNm!s-b7A_w?R}KgI>|tZnP8nR&eV zO%jfDwGS86^XmI8&_i-b5a_5x-oi4?cQ3&Mbb&F4?mBPN6MuGKug;~ zvZoChNhX%j;4TdtDepRM3qBCCm~#&0I?ntnsMo`YH!t|*LuTU7&njWWA85JKQ?@-N zlToby^6B&c;?w>LC)2ROpBslaH7Djz#F@0GS$LNKf{R$`J>~P z9`<7rwqSj=MfeUqHQ|c(T}Cnw7dU0(gY>o5?)BTLGuA&uLXLRv^3mHn@dfg)4STN~ z@qYeoN^iMScK+}F;&4qHMl@Hjj0_`&Q6=<(jS@dQ|n zJqmsIyzp%J->cG2QvD*h7g}GkgQZ48Et|zQSM=U+b=)t5nr{h~Zu8ASq>hR9njRGP z@Y^{P8dQKOcwV~JXb*qoHO+k!Z0^k$5+U53-I|0w$GBGuzTG$*DmZ6ISH2D+e)0i+ z%EL2Az1j#{+L|OfQ$}Ifk{~It>3l4p)2E+54MpMxS}4XoT|6EbZ6MN} zxiv?tl1%$5PRm8l!Kw`3_r%IGVaUurfi}A}s!nmjYVTsiS+%SO1%L~LiP^QE(V}R$ z96rX^q4x>Wwqo44%p&xGh^JA#!ilWE6C&z!h|hf>Oe$sjc!xrHe`MLKg@@{-1y&$n z(d?p*!78Rj9{GSI$Kzz2ZjM57aOSj~h(BGF3O9f*|j z!y!mOjBds!(|fO-L4H)>JhO-EzBeB+?ZSd<Atz4%DI;1?QCPce*O=H+B`+35kZ)bpl33M35m`CCk+P zjuZe+Gx(pcImY5K1^7>3h`|47Plw52GGKuIX-@+RKHhQ;3_kooX1wO1FP3j4fM`A%nSa~k2pC^_+*ZdZ-2X?~I6-~V}E*BtI&9863&To%i#4oFk--u^7#B?fyYy;dz z;7D3WTIqxJRk5&L$_|r;C3!fuRXi^&iC7=fICg{;HN!K$AE5yTq9ka+ry_AAFc+o# zSUWibyU%YmDx8Wk99}b!zo!bMBR>Ku*{2I)+`A;$5knoKh`K}_6a0=IHYqv=tu+#z zj0S7o=EUUeZQr2ezkt*{l3C^aBu=QxZZ z`%7n%^m^vWAH@SDe*g#cCw>-GIoacxZjS{5m-R8fmdT6VMJK!(V6bu{rCI}6<0foJ zdT#CI(~|RsRe1pj97WO?35(!z{cC3RUn8r?L=)+h@DxUX74{ca1dgKG zSky8Ava|>lac{=(MIF@R2_M=mQrarpSLKN+yDQHDJK&MUV6?F+$b?@GY%!jj%Tj3F zmzn6oX1dHZ7%0U859%TOFgY4&1?8g4ITF#Wf+u2x8tYhd zRt63`uUn@NXixK=>{g@@9+^DI6)n>VpkMpG_rBt4poK52VS<d+xrsSbT&1~UH4 zz(hYrMyBKWL^HnkIcIw;yJ9Mkw7D93Yz`$f3KPe>4-JVF=gxIOh6@+Tjn&2WF4n63 z8W8`cn#OZ?)kl-{Hr1xik4v7A--f~1!ucJ7TpcMnYeSqFtxE(Kz9fdG$2(1JqH!0m zP~MxL8*n$TyT1tN9cMdCUZUR-yeuBeu{f;{_;U2>i^dkk_lKd3{LMygm!%xbw2O@H zzVgf9=ii$<$eBGT)IT7WPF5(tnR>VEy&~POtf(;SEw>?x&K&$Eew849U;`t2Q!ymevVa12VR2c2@=Vlg7X|Zf*C=B z9(h*of3whk@$-;x-ff4Yu%LN6v3 zunRi<%|ZkE{L17d;8|#~`A-%vD)c)~LbLzk=T}v9lPAQwS&Pj>@GP{%KG)^Szp~J( z6VBEof3wg+d(eNf(9I>jmXv5VN^`_g##!fhX4wj$0^Kbc!pLbi<4*%k3>^--C zw)dQLKdRs5ldk!7mopZQpQrY-mf-j~c6;2r3!a63q8IxW1kXbI=Hsp(DRKwR zzU%TUF*G|?kA3|O7v@)PxPJ1h~>(TLp$E1P}!3ewx$$oFpan zI3J)zbq(Jn%;=tI9qzMMNo%HeRO{&idF=f z_OTS?zFUl53gjo9pep+LfgS>g8pw{n8%Me)06y4Cp9lBS+=$ZeNN)w4; z0Z)2Kk^5LeTILcEHNjAfE!bPeCt8M-zh&t&Ul~?p*(ml-6OlybKA>P78!lGA;8V*? ze|SF#ISJgKbuA;*&@V*Tca$G30{&Z;7S&4^aO-=?IFR_e1A78Qlhv=4T0+b*pom-} zn~NupB_~GNEgm(XCLpB9$fogaKr>B3?My%uc~EEIh0YVJp1>d|q}{-85Pm7hFm2G- zu3bM-z+_<1%&fua+n~kGpvu=l%HM<5j0&Q=gEn$Qb{$`>I(YTnz6AIxT*N6j*d;p` zk+|-$Ys>Mv6)Eg)4Fx-lIMtZ=b>W~o#89`!48&~`De3{Z3yDmKa{u}vUV zQ1yb2P*$2ye!2S?l9pQ3^g(TuR7~;CMcEP&;GkUgtXrC0F9!%`b)%z8sAcsshI+GQ z_(IbCoJlcFM@r1bG~`r&zE;r}&8k3Wkv6Ne7|V?pDfKHXi$M(c#|RHF0p`79=|ay2 zkY?)z3l*!4mcm%W*@PkZHH0NbGOR&z&pKEpG^*DTUO#;!famdVW$27V* z5Sq$*O-be1%lb|GBcLo?8J}ng57>x5dqO#gCpfE0IOo7P$4^Le9miHNp^6?ocIyoL z^egVuLpjawn}Vh}8rT&Lz(=Pjf^g-bsz_~)zL3efZ#mC%Q^DkF~AQ7u!__oj$m=4d>>}U-aD0wY8` zk7x=5Fioy|@}!H;sXL6RFHNOi%CVsNVMupDTtAf0AezTeUf(`ae?Dgc_vidp#e$Jw z9eBUdmQmMYL4Rj_K?~Wyx?Mj=bkSAXMMS{_Cqr?$@wq^^nG; zjyc1U9XNqrcoVJpCR*C^Rxh%;22wo~p2Quit{anN5GBtKl~+tG)=wz@j=cZf@!6;n{&*-(q4kGxy@5@*FGr-Ksb=R(Ko+&`Y>u0E`sL`z)mZxD`~|GX8wo|OCb zk@H^S`;EK7oxbQpC)X2`+%uE$?|o5NBit|>oD^?f+*-aT*ox=e$`0*BzEHn0-=dDR za`)XjPO`F=u<9J&>ixKdnH-04*NJl>hIhAxzPgoyv|Yq$z0a`ydA*AeRfbeyiI_{6 zEKHgLhnqaloXWx)w7V_&ynQCIO^q{$ieuy1Zw*r0@sQZLbcfl{hb^&4HZfgTvP!bO zFc_y}7GrDL5tfzUpx)w&5n))g$wJx%i0|s{?YOGiKDzF*n%cSs?_THZ8YJwxRPK^= z?Rs(A9<1B)YGg|;wun1eOQY_^3fd(y>``j$$vQME2z5v~Xey!_Ddn}u6B{XC*r*XJ zs-xPdme>J)?wRfGu~XaAbL}gL@7t;Fueb6?Bj>+ixuq}-))%)=^*0lhs@av z+I3l4Sn?h0TP!kLOX`|&3E9DH?ENJjafBSGC7koUurE{*-j~V_=~vT z8F@-NxKZnPDOmezSbA&d`=N^ZCyNI%a|H~^zGim3h1DOH>mKH=!{bYiuO<(rFC34a z9oN~Mthx@(sSiwXj-pChqia?m8XJ*$hH*_V6JpHcnH6LFo%B7Nx}Tj&`;WdY937J% zzZZAz;dEY0I!d{4I#Y3GHa&KM|0{iT-se2XP;i=RKXzYqHr43NlN88+IfI!TlDS-R zu}`w^1PTmZmWC-vFrO5~pqF)RlqbuSbQxEc7*sC`)S$ks9n!DDar`1=T&H00m06%+ zL#*kJvoVIhxl627h`4RYxnhyN-9fpAj~YC%p)gd# zH`rx1JZ0GHAU>LBFp?}ZJ|sMeV=$pHd+_rN_8Id$U7~B2T5SH}Tl&yx$AR0gqO&O3 z^Pi#auM^JOJkE`(&rNdNLpRPBHflc`xNlCiu6oq2ZJcfpdz2%3lxui=ig7ydxbU~| zm|?!q6!gHTxUfjNIB&f`Jid6nZdXcldDWCyLU;L7^0HX^^45Q)!}jtQv&qkx%LfC6 z+mg%Q%nHATE}t*t;X&v>dGfzee;|0uKbN@Io;zo&d+iO`qLPRsPhZ$*{{U{fB5iIQ z6?;`?pQAMYpgnWPQ6vX_YR8&RYbUrWOBY6y8b|u$h40CQAoT+$Rso)fc8d14NV_8R zydrz)aJ6}JMTX|{iol1O1hzo0dBs4pP4)H)L~}ji?=$!LignnFse9^$ zR5RnS4L6NY8(v8y=4Hn96)h!!V_9@ik!fJ6esejE z7XE(;>hRZu{x;k|Tg62EfSY!Y>>w<_mkQ|HDlAYdFiEX40&r_i@(MEJ_k8`Ts6g_x zze~8f>l9`R#h6V5w%p21zfu);63N&fet>AOQjw2fLabzRO#Dc^Fty8|;WYOVxB%vf zJAYwvUhBEcr@MUdG&wwI3NqlM-zV|q_mU6qBQo!7r0(KN?&ER0g(a}Ac9j--5`7O} zsTl_72s>Mql9++vf*JssiT0{1heBC%n}K;Gz)xt8URn3TmXx9I#sFHZfTJ-l1XZfW zq^exjM6de<`oO4^dy9a_(oZ zIRkC$4nDMaNZ}<*tIO^r%!vo6;c!CR&wxd^fMVS6{EUSjk`O25UVxD_;Z1iFHxyQL z3Hc%%cyafO?cfT52MjSnRGS3;?!kR-kr5Gn1}KI0(EN5c{4_j}Gtn>&9i4tY3vQRf zVg<6-P5TVt5utKWrAxyScAg@*y>7E zR{6NrT)*EHL)Az3{eU(B!YR~7I*o4`nFPud=;t82^yO3f3Z<*Su+JI zKmVmAES&cKIUgy4jxwFNKxf)^476B*(vc8_&&x_z4T-wqxRF|6#Akfgmdo%3) z%|sfsGMN7tKkvBHrXHn|AS)xni@JHY6b6)a(g@f%b$nXvFkrFBOgtyf%}$)Y1Zj~4 zGrlr@DB3J|7_6JMw}SW4KRaVR(3&sdtZ~_8+@hjlOlF1(xS!JdC9%q7TP_H|!`23;*1gi3ID{9{ zyXo!jO5+t3mvuSI1%t%MqA9X4S!odC0EiOn3PGAjz;75LV#T9?BjvXZhg(79;e}|? z?j(M<>$p6X6G3i?2h37!M zEJeUX*=N1C;$Jr*m|cWxkrZ5Z+ukg&(x`s}>zQ}|0jw$i16XfUeM3l$)|y6oeiGVR z9y2dnCmI6cZ(xs706GER$D39m++iYDk+_!P*TvLt_RdCMet~t2Orn_te{FGvYMoTl ze0vS}f=ToH=Qc@q$Nhc|de_-rPPb&mY~{4%@5_FvH!0WiG+j4N2XCaF?t)vS{wyAL z1Mp|WkT~+U0V5qq^jcn6X>SoJGCR;zY9mq$@=1crtx*IPMDZEr@tk}17>`%M>G#2boIq|}Y6sIn_7-*ad z;|Dxd!aA8;F1bFG{PyYSc8MW*F+qM1C1-rwYy&GQEK+ z7bSYro4sVDm@FHXsF{^Y2i8481sGa@G~(1AWXe|M@9?^%*^LcB z59?5VW8H^y9a|POAC;&M-eljZU8PmEX|??Hp%!|1Aa;`RtLwD=^4|H3X3^eqEvZ}8zcy$r?|UG z6=E6r0h9}$6;~T4A_e{*_U4r@=0wO86>5!I|?iLV1(oHu~(gM;g zAl=;{DBay49SYmoKJW9+_kAuepZd)>eL|034CmXTI*Vc;2>8$2!~ ze?Pc+NWm!mONpZ0zLFkEsO~(Ere}uDmEgCsfH-25y0yngX793!;CeK zFZHC9{FpLYnO!L}*)0$9VFxNVJRg)gCB-(qC!-^(UsU74{6Ph?%oY+42(y<>beCF) zB@_fW4taaaDkP!t7lh_?D(Q2BB$YeA&F(N)zKZA2cFLITW*`x!p0@{@4_+P!%IF|d za7v9v&XiZyRZ!#XhVM{THS1_AT7D#Q{@kq_d;0`{Z5KTQ*=MdM*XF>{RraJ7vF8I6 zk`+dsxIy^QOwAw&E{aBw`{&`+B{wE0GR1^P0V?bsr?(aT)Ax65I51+I{HG&+4nxGP zriUDM^>rj?POQpp%V;?bCVfsW$h?NZ#GVjcLOwV2TtnnMy>}e6nC|FEWf(oW{W#7T z9(6vOm_9i;fXTl=UilM43QO4WU}JH z6HODipQ>ZTzwJ~1xP^%0b-qs|-U4v$TFv~QDD-EtkkW0jAj5|gZCKBD9t1^ao#h5q zktP!3+(qYlJO{M|#DY`3AlYUffXCSWEt=D82_`HvB4%*{#Z-Wj zT?J50Tm+%RzM80-#M=?=p+8Qm3iIceB5bqO*i7zm3~|?Cbuwq@XbbR@Fru}!IXU6Xi+ zWYf_SJ_%Py`x@<(h@A7CS$?pg=c8GS*8TYY_+y!66_=pLZGI`%Relpar%qyb>$sCQ zy*|gU@NW!F<8mc&@125dUW&?m)qD$7w(TeC`YljKz=cQHop)bvrp;5?a9D}sWyEcw zj5Qm7>6t7z|72;@!y_-KexJpb{-|wVr9;GEuRfo}j&k*yws4vN>7d&ocuI?(C*&0% zNIjPr8=&0;!+L2O=^WoP628K`B| zfB1U8UH0pznnT0|-kGm->DJ~!1pITsXY+Zl!7nl&QvG>2uJfMomWMwqnaFU6whH1^c{>xs{#Kvrp zhtVSH`VI-bi{jAkvB_S{%I}y#RGpmFBr_!y1vz$F$zp7*LbGN8l=<)}eD4@8m0*H! z+$$Os0c>Cu|}vK{nDhH?E_j z89!&zOKR2>xUMMnBElZc6&% zHgC~`1!d^)dg;C~fS1jk?M%feazB}w%5&xRsz)!z>_}7y+_@o zlGuV)S;`VJ%F%9u?Dfjo^5g~cRB99icJkE)r`0^R@AB!S0t>(~1>q>n`u^eig;uD3 z%rA3?4YCSewllxzWo8@Zq{!P|Y zYQRFU@CA4$hqutO9o5RXFwoLkSB~ZN+d^y6a4R=#8!RikP-~1B7JKVSyPf9_lv@s= z+xEE=jtA@$H{J_fkqwL8Q%JHE2`GM^R&2n-8l{OE*OX+pWU;!Ha)Wh5wruj9v}K=OZAiCZOXZWUVHA#787lP4tY9SpKZ)A4;@j`hG7CGX?yxI6F;Wz({0%h*@e<435?NkMIgfA-j53ZAwsF;r3ZpAtbO`MpU5tvS)Lwj*X%H6ZktD0A zjh0u-y!@t4^-!yzBJWferfrgRHEn3ocs2CGllwZ%q=ou=&elQiTE?O1STN8@p7>_b z9b5QD+H#AXXzFGKws>0A>>I+Gbh{p1)^IENUWiA;E1pd2ZY$Nt^A4I} zb0XsL5gGh*H~%@=&%J`8m8E@~vJ-Fb@}j5NWB)@(y0zoP^yun8Q)=I!pMqR1+uLqD z{GI0koSpxRj`R=sudO_|@7u}M*0Uz0^(a5zg`WSQ)JXMe{ujSgA1pmP4z_=IZ*mv| zIDdDfM^GU$|BUE#9pmOJhg{?>!2<+&97gL#coA z!r+gB%{(mGnoD9_LM6Fk@!tK5QX?tkf-9u?4kp178~ou92D^M<=Z@6@*DEc$|kOX3|jI3}*A1^C#vmZP7f7kW=S57YeII z?2n{T%Ol~ui(|@1;nW`%%1TIPaWro6*caD_6Q+6*@9?tgD}Tl@{a+-d|1i^*J48}? z%?go}X2*^geZukGX!Jh!@ho!yCUGzl37kzAmCY3FdytroBx2L@?e4>y`inQ!nXLa# zO0WG%N`wDSN<$j~4sc}PNG|y_Tca={DIJVRO7rbWYNt$8K7IWO86?>#1pyOmJq8#d zT~GyHBp2(0>;Q6(IKto&6eJPJMs;;CaquBX zf7xEQBXTOSa4O}Oiuu>t1|txNS!)~ zH%Z}IdsQpI-JJ7win`@}n=G3H_MMSsb z5a+bf(Bt8tMoI{H77eIJi+2KSu@?ZYH(V;*+&iinAEqMzB&8Lsg@b=rr0g^5`rn1yLS70R(f(jC`o(eq7h(uVZm}OFy5REF@|1{(hpp#1TieM2s$i z!P(fT1g4220SuO3N#0}gR9#;;m}Bzz&PL9Cp3sGeVUXe5dw-|BHHAp*1*pkF&0O@! zdng4t!tf23pSOEul_`a$o!$yQvasZ>*febjq?|!Ui-!uvFNZ&lqc+TUN;>kO_n_}t|3#@)?3TCkQZ^;MA4L)MEt(a=)btVoKO8Kpmzdi+hLyx{Zess-`G zsk%Ru+MMzIY<1{LIiHb(#UDx?>+#w3$uW=dPu3DAD9CaGh4pC{q@RS07%5T}2o^Kk z6G*@Jqu9nkF5^C{|tf8i!kPvLJ zJ?>3Qe^F{Gn!yn&Dj*`=_v;gbrt(_VCMydu z!&j(K@@{6dlAw?DFVSx12@pwX7$PYR^~pjf)XLnT2A*EoiKKA7Xg6MN6WS0hM|qT$ zJYYF0z>EARDV_e=h~DnU%_go}s0$(~9nY!&L+)G+cw5&Q8)m2d`R5G-y2SiE!+qiB z<3v70QhHredXKCnZZyN_65UR!aRzqRboi$A5cTM2m2wsst-EBAXp28A@IED{WvR50 zZd~B?`ID5c{|s-egd>{LFho;&NCL zMFGk-#@|WwmbQ)735}1@-_ali6?O;bNWT*gc|UVD;z=oN?Q>VZAM?$SbNBB#hk zYiMt)+|j!%Kx-C4$rc&HVD4-4*ulWZ{1Kl5qrPiIaDiMw6E43IpgJd#+Los$+|}EZ zCx+Ztnao0$lt-U53VG6U?c7r8ESxnrDmyo3vMY)+{tu{L>PH8WMQ^!9j~06z2F4;) zJ4?ZkNx?A|fD+;tkiVS2C>@+3R6e6@#A`EnP?936=^z5{Z>=bZX zP6~!c?CehzsrfKzA7e5IVX}*}Q;Xcuh$#x9Dsn%gpqAXHk&bvGE5a?0Nv$|f^Smio zg`Has^ErVC-HRc5-6l4pc`A(|nwL%VCTVO|O;lkhvi42Mj&@L+CQ)q)?pJA4cJs*| zUMX)QBwjaB`zW&c*-^boO9>Q74ZKTXqez)BPpu_L4W37Iq-7#86T|Pg;@PR9?^09K z(zvwJghkTEyVI&%)6zu{9cjrN%%rS&uA+U)Z!_tYcj;xAA4-O}s)s16yfPZ~9f!jl z9Tn)C?lL;{?ONvf>gEH#*d-2>aP@gb4eck6MR1KM#mvJ; z@AJW5y||W#7&h$~x91LfCLC&LeZ+82SLO)p_r!$KkWQdgVJhOL^q+}Hz zPI^N5P8y38vkAnRPiFy3R}ROF}k!z>X7Oo>>K52cV44yLpPx(si~$DfSZrF5T^AbD5T1*OFm94Tc#nLkrP>e3k-4pgTE%czIT$TrJt63Tj-IJ$>RI-6q#N}2nHg@zW` zM<|tBD9a+|%k|F7bCoJG%qxbNDp(>aN{1^Vb1QD?E9dqrw52KoEh=eCD)ojdJFqHC z_bZLDJ|_lN@|b_FV*LCv@bgy5XWGrrPqC`vyFc$rR^2mJ6%Q9(MrLA{Wny3#;rmn) z{Ng5xVnV~N=+&sl--Mx_j*7mF0y zVgZtiX$n+9`oHLOu^nDwm$`hegP+wIQq|Wh)u)=(r*+kbKWmJqZ zO__^Lq0h;)vEx%5%HM7^6)rXN182e=`CFHtz|7O<%cb9`K>56tzCz$$wMvmBdu)cZ5?o*);No{FoG6XR~w|H z?K6EV>PDNtWP6xmTTDi)pnLPtVXdxt`v9mziN4)>s{LB5_6K(RbX5C|WCz5(1Hj3= z8|i>4b*9(0ABeRf;~?lnr@LjRZ%M~H?5XD#u) zKc1s3z2S3EYq!`h7)?1PUFLJF`!+7ao~He7X5T7S!wz=ecES6e%7~u9s7{%uJsg=m zHBr5&zq(5ZdKm8s7=HCK()US7_Q|gID&Lc7WcCFiO!a!7bU>eyayP-#etE9mxs0xP zhyI@GK1b>f!y^h)E@Jbg9+&(6gopt?v0ewm-k!1ncoo$^0N;QX=U~3ZfShmpFxp^l z|6pHBk39H27b_v^ZbA_|0OrelEw+`Cgx5nXgn}Xan8Qiu6)pf$d zkm83xRYPp#u9;7Ht}aRPMj^q`L~Zv(;YTF2Bme~U4P%I37RCqw8L7P=&b)nx^TD5> zU?g;js3Te+Hq(B7=}i$=kI^424fe9p+ID|GVF(`Oib3!4>}()uX@$%h5}n=mkw<2$nb4L%BA|@;n(OZTt!an}xr6rfx16B|>u~wEy%J(9nq<|FKf*$u|p3&;z{o5~k zZ+QDj(Ar3sA9Ps2JmQcQp!2Wd^rscpt~HOb6(KvTZNeCBnuTv|vBWAdAk&zVw&k~7 z3l0sI(O{k!(=~BKak^@4o|^(sq7fWh^}6uA$4o?E`0B&ck@qw_1H#t7$pO&(dgL)F zNCLcy%d`G4JR=0gIra0H++bSY>Ur3pZBONtAcF9CU& zG@P13@OW2}`qC06#uCDK>IGWo=p~lj+e6m*F=O%eZ6vlWw{}yxw>>fk(qp$X zo!9*K{zRwW(*p6%^Z628Ld!eNs-=bSwT4&%>8$ArJm3??zsa<^Z(S_u2fV&E35t}g z`VI*)T~(jphwn!SGF`#Nrf+rLSN|4V4v z1+Me;c4nQN%L(;%Q#tNn=igtf?1>_8GbPv~Mjv!Yf9SHGw zne;j0U$Q)-diH*d?cGv~@jG7B*Zg6+5-G=*6?f2-P#GI{g(7#vyP&&rXCOf=kbL{j z1%77wA5uEv)mYT(ZVX*p6MjmI$pM2=p@pEwnx@AQeCbKn@n<|w6Fu;nujeM*SL=4! z6EvZlxE7|sjOFh8E2;9q{Onfs`>)28fekw1@S?Y%&bNK5vlAb|7$+eCjREPbIw)se zR;l4gGysY?mVfb*oW=zXKK#FQq@_Y}Y5vub4h3;(_NM-!)HLG$C=~qpeE^1HdMlge zb|;95n^;*|Go~|{)P&~}dLGo34sxb-lyXz)$t3k8b%*lHbmfAmC)`DNLu5&i-|sQW zT5Qh*ur~Q4I?|3ZpDnbnaVBzL(JZQ2r%V*H48#H8trc7_2ry`J$Ckr9mmDVM&@MMr z1Uh+E8okk3)T>~U$Y^-9Oe}*bP!KXYI2DfjlJwH{TY*aUH5=uX{Y-^XgU<4kg08vG z1lRZMakxW*>J%+}bC8^x52+Cr0P7<`ey$QB)~A)O zR8KV{m~H$Ze|h+d3?H_Qq?RF4#<`S}w9 z%)p=qF^Yv6r3^wP9+vr*4y7vJCJ$s*Yu*iPt727-fwkKB0M4NP+%?x${DCvT})DjN=EG>|88Y0 zcV$nGPuR;Yg|kmN<$L3CU=}t+G^h|eN3{8DDppL!$fnJUIn7hT+Zl6JT}CV?iQm4m zuGP;c@C4&AjPGwdZ84UMjupuCFFUP(q`5)Y{S{h9g5_lWfi0=#9l*b4 z4{wxXh)TuqbXC+?YSzsp>kEI;&KMr!q6MZYkkul+i!UR53neVH31*gAztHrMs;&)Z zIyVCwpXW&6Y$%1I3GdoxueZAc}-QRj6(fK&m+> zjjRO(LM)x%I3JNx$@kQ~)@L#rcu8&8d(BhlHR&{^w6)}t_sIY5`Kw}-9m+{Kxw5%E zMr@yqb#Q2!GF}Ox08Y<*4+GlB(9pL8Xiq9Pwp%U0g!BwC@NTlb3#8jY?sSW zoEa;@M|CO}Ut~viQC}k_GC0qqn)aHDpSe%_OM=ZWJ?s{@#h0n1oGru8X54&kh z+`{e?_QI~Jr@-_ymq*1*%46pSwdJeI)lRCFis+Pz9p)dp6B)*4N-1s6jeht<9T?wP zb2nY7X!@Qx&_0|9Mc!OJ3jT>b1wtohL=`-305aE18B)8jU0tlm?$@qlQoFA+PeZ=j zn&Gx2x6>dZHTZ<)1fFa?%q;W~lD_8GrR06@EY70nIV|9q?^64pNAh_YMQ_lorj`g^ zS5x}juhFx98KjhOiyKO?V7A~M0{OcIr7c-rsiqAdx4DVtwXSl%Lg19z^At{MYd#-r z!#^GA=~ipOhIvFs`gP_uPBxe4e5VJ`WBUu`Q4vH(`W>44pN_Q1Y}!QF-<0~X^;eFb z3k0R!cX)!J)PFkC$F@pp??*o(I?_>1cA6=Oj&$soV$O%ZJJN5;Q*bQx|8%4glp2-L z&Ir+w?m!c?3;NTMUYvVseO3LZBQ3P}vDE|7kw#GJ9+vs(evkUPwqp~w#l=-L&qjST zC)bq4rCmY6rpY#E4|oIB%z=kz>$dohM?D!UH~pUNj~rk5-7K#DzUJuwNw@@(-Pa-s zy+w>wPh%M}*YU&N_7*5RMCdMUkl9rA@U^?fdM=I5UcVhgbfmrP|8%6ihCgDveP~$P ze&oqNVkYrAefDXy;D8rm%=IQZxNUsZ*TY{!r?p zzbN&ay4(c>r52lOlJKZG{F z_wD^nyVQlga*FxL*O}A_ao%};aXAMZI8VF z61#t$9!@y!!MFDWa3CCt^5$-6z<-i))%W&kcDimwPx0$)zw>9US9;+iLG5%TfAZ5z zk|@~&CjLLE?k}Ag6fu=VIc4K4vCli&e-d@3QMKU$_)&TxECwC={GfzA5J26Dk=cA# z21aP=gw()RgU)6%lmuH8jHFI5Q}aY(NMmY9VnQnXOZe{$VFLHA?88=$8VqPvVFs9h zaxm!TOZcrr7uls`=Hj0Qbppas7kA+^U?LrK(OF8RmbD@R)Ct9~bK!1ue)wMn>Z*2@ zEvb~UR)g>;deLzCvm)lB?#I+kgFUcDaBwiBC!3ESOQuI8x_%%pL>Ll*K-5CD3H&I9 zn|VFZ+RA~$PLN2fP$n~XqO_!?j5(tWzDTb`a1Xa*uaZEAY^DITwpXRL7047++3Ho7 z5m!qRR44AsdC{V!CHo?=K^sA-pSHXx7t+h`Gr+0UsqHhIl9f%Am0s*KL6MW~>N92P zH@Ey^+{*vrh{|e;&AOFaSw?O%sQ=WhpYm6)U9?w7RK z91^;w%125axq=3hc)kq>0F3JFv`hkw`;PUi<*Fyms)N|$*>(lM+kyc{l_bLOq4Lp) zCYsUF0^fPEgj43PhF@zLbeHR8fpH~34*T6FIlEO?S=yK@OVks4%w|J%kvayQ8YyGynw7=jG&m(BNmTp%-tw zWr}FAM-nq1XggOeNr)0eEtllTmoC)|f|koi<}21H4Gc3OS=IBAXjK8zzxltLP)%Dg zO{sHNYSC1@c+!K!t*wnJp+nPWhNGo_^+?x`#OR8juy5M1KzkNj2WwN?nR>>gpu(b{ z-2Av%Z~3vc>Jhz9fG_Wnb#ReZ?WLt6INpU9-a{0Wq|}eWW4WbAhIM ztPFa=m$OnabD=Rkkt$VTvOLka{4sTU?;k26ocQ9Mv=i#|e4gk#L<_||8BFAsj}_NV zT^>ss<4J!rk87rX!`uIHTVJYWIzziM(`Yb@c_G*DOE#)OQSH1p|3cxL1p(=W{44HH zANWeg9+!>jlymb{e3VW5VDR?JAY;?u+x>z=NL#f^e*yQ)kJ>NG9bOLjEY@v*ZWI@) zE#Pm_)^4Sls?rv1Bhl&@(`%j<>crLTj?w@5cnMj>kcVi=_vO-o@6s1XL*J;SiSnhJ z<|Vi7mrX{~W6YgH1y3io4N)%);jF~VUL#8d%0@I|MlWfM<_wJN9hX0RT%Ha2urOUe zHzvGPXXM1bobr9S^I>^KWoF%}X|3(?3iHYv%@up;l^&y&geS%ye2h&$uI$mwesNl9 zUN%0GZ9bH3I}OIPV{*3~e*I+e{QIiP zkx5_6s>`ocCF(UI*(IQV6Ln0?lTB!}6HYEzJBIgk#yB4ENHhUItN-nof?cYMXBS!6E zOn+^Lzi4*;#f(SUe1UPJm>X`Mh+-c7a-+m)gEh;%sd>XaW`niA2D{R{duzk`ej|v+ zLJxN{YIx&a&t_%_JuF^rS-eEv zBBR~%ciM~;votf>k}+7$%s?f=5HOlJ9&q`Ks`-OF(f%UL9sfZD+go)g?ewL1zv9YO+j4_^w#g4dD z``pWZDf<{O*XEYjrq1=tE^ul0_9t(6 z#63M2-_~!thVFP;+epLPZN@*?pgh?n9=B;)-nBoriN&@Z<+QEpv-XbNedn(esv{A? zvg<^<2g$Mx7p#t?Z44T>3WFQO^y|iYJb7>ZG#*bcE=xbUe$P|NuF=RYg3+$WXFvFf z-Ezi$M$G=W%3hM(p4+(HNBCayNkhhocJ|KhD^-b4Gh+EGb6G6*S;z-n75nNh?3**} z&m!&B%j_FQ4!W8SR2S{*e;sUC9TfK4W$l>NklN}D;aMD~pniSNT^jPkbJ8tnmTH$mmj5^kSaU7U&+)i^;I(A&P zd|ZBfT=8&R>EzT=zq`QFxF{jIbv@Zbds3itB#d`rqV23^bhsz6Thw=Q)E*TxeR9(8 zTy}kO>b#Io`s19%;6(7pC7#@=&X4OA*>jH{xAn4@$v=MT$X?g~xK|ZBmov(!I7oVU zwOJ^5DCl^4@(OuC7H)hzA>o3icG}G75hq-{BDgTajSu1z( z#6Barb|LzDN@z1n@JfgTe}PDTh&b$w%*M5$&4m#CjG|+m(nN@C^$hjL5gPtEdXYVi zr^)WlDZLu}yy@aBWXzTRy$EB&IMu5&R@QU2Ft>_iH;&{pE;Xk|=!e|sYdjrp)jSvV zFBUb)yDj;c5fSQyDpZUo|HV!ZsK1UP4-iC$2{nWZt2xrj3jwdrwe#FMyikP^4QjpD zdV|#O2qCR&@8#$&<=?wQJ?)wBscRJm>fd4q?+pwUM~^@;I>9*Iyg0o8Ov2`MAovo1 zxX(zs^Qq0s-cU^;1a)KH%ei=s*<89Rf`1EYz-#M`2^of|T9n44OWfb?x3Iy0y}=fB za8T!<2nmLA(HoTp3`G-d>4EgUjP`@qTKjqJ0TY8Q;eg)n*ZOeJ%Y>P$b_Abpq^4}d zic**2CUhq=#nOO;`>x*j;{(i@9?YMwpX(1D(PLzz42zTy1y(7ZbqzgMOboESHo^Bu z6TB${J(G`#Iwb-}q5v+R-zd;|s=msSDKg*hLQNP9L8`(q(j(=jL>+X!3rzKjD!$7w zNe&rsn_*8W#(|ZTQ&$=$e^zE2?Nl0)#0cup@K=+{!oEvwlDrA(P_%nSg9FfVait#I z+Wda&(t6X5u+w|krQaBWf5XZZ!s}lBs>P!&wIC1kn!q_8aj6+`GziZ|sA+s4bHLmF z)orsz7hoz0zvxi%bNBn~9jtrX^XMFz5{6tG&OA2-54?>%CCBHmBpAa7#v6W>zoV!$ zQ?5Gu+MQ1IV2RPZ`d+Z^&E$BqzFp@?eCkq%#vmO=7prg2@4eca48-h1eeWJZkR+P|_9$e84c8%5Nc;X?Ibm93$*`-kM6lARiDZ;7oA)db9Hr zIEwHx=S;dA^umB=-|nikFI}&}?HGP=#W`1H&TLQPP>%>fg9B`PgEcHBLRi!bz7{+PBtGF1hS_umNux^) z$IE3&QxZ^wU;}mb;pG_;+Jl;#&%ZUJCNCfVLI~^@A8h<6+09ICFkJ+>tpNk>Hb@Kn z6p!!je5Vid{YraX%T2{s%wb8MiGY4E>PIPeNL57t6Pyb)Q|w8nx7EEDnZyx z^I@-%>Sflv>*$m8pJzVU%=qIg3Dbvk%j&Hw8{0Br0t$2J+74kfy=bTc#JyND6*&3y zGSuD}1mWZ!+u70jMtT;q@J&n^WE!vvUnrE-Hdsnh)bdpsBGnj;?b8wJ7GxcC9K*0QYghA{k8S?p?c=_ak0SEr+9MY2z8K*_$_Z7zBp7X zz{4UA6pwAi)@u&%_&2i4rs$NiSDN*|Q7^(wi?Dt(sK{#dnPfkm>&qCto~yFP)_njf zVhM0E0*)p6v;f%N6u>it#MOc|IOFQ(M4yw^dYq>pz4oxJ4w1v#f~tclG5Ju?rG0Y< za8Q=b=-_zd(eXX_MvVbsd0uE$MbHE^=zepy_UOx&RJ4~9{Z<@$;EMY0w|vqRiN5^9 zdTGiwWHKZ&k$$bV*gP`Jm1jzrRSMPe$Q&?mZwXM_IyJ&q6g|3P~Vx8&!Kj}5eJ9|@F8zL%ih&z66NQiSM8SMV=;9v-L7 zpCoYG!2Y(=asN3^jq#uC^yJb6i1!J26g>3QV`cohqI#jTkmqOs`2$sF6OfNxKj-ng zP3WX?HB0P=;75twA8pt_eD=rC)NBS&BO5&qrCOBX>U*GQXP>j4m#e={W*to2u7znk z#BX(VvX5@oGoIbt?I%`B{1S})>Ueh?wkjTaHqs&faC1m!4F7fE+;Q`B_t|nAzAiw$ z_8Tj_6IE3KhEu)>vLfz6*L-hDl%KOi9o~g|ARjLLn9Q2!l9&^^Jo4Dpw zg`UKn3=rt#R^-GZ!xZ3qZ=h3I$Y zTi2s0x%3eL#Hs1l9MAxzdKn}la!bYs(vek#c*G|F18GlVpHMeJG}^%ybkJ5#pfo-v zPe7d=#5*9m!uQ@sD@*PkLqSqiF}{;;i&0j1#L?{q{Y>ldYaZUu-picolAl1B;BLWK zyI}0?rwU{kp#fkSGr;&3iJVY?KS&+QNI3_f3r>Jy%D-g-jQ|=s2@I!`&}wdLm<1WC zXp6O%&^l#FihZu=5^Kh&=iLoJ@oL~1a$`e+Z@!oC!m!diG;JPJRcgdfa z@qZ?JVD@4y{B-qjUV(}TDdoj3U^KPF8Z@@;fmYGDs#xttYgvbwq!FRBmEMZWz_J&fm)b#lGnGFC6pWFpX1!M) zXV;)|J$t}Z4IM&@DlbINI{uf*{a1RvLufy$IZTKsrM(5`>iv!^w3!NuIOo zq+-Xb7o@gn#2mYqVOyAkfR+W+GCgEU9_xqN3job}{sv&LNyl{cp9 zuIs$oe`M*($B}mE(L11ZMmuoDQK3TyL>F8EZ)#%#o4dG|v5HkskqF{U1xGDn`BGn+ zTLa-t02AD9u)x9ZFff$~V6&@}GY0dDrkqX{8-GlpuOT;eu$)0|x@562N(1sKW;L9Y z0a}Z=K@?N|h?v*Fj;|F7B^8Tj=wP78y`f%N3&aopr67;P76%#H(=9F#?q_)5XW=+G zLZo1x^sr|`r~eH(?b@mw*T~VK1+sKq&!o*8#GL$6fTTg8^cmryb%*G;we-5mY3k`X zs{GlGw)j?*KA4ex))oIh2Hs8ud51l1o^viS5!WorMMj( zx_{+4AisW;CG=@bF^Cdl0j(E)HWAT&2}3uXuV!xihWZ8^yqUR-p}d5O`2~!<{8DbCy-ZXLynJQq#tWq5OCC68^1O=(eq5lqTojsV3`HloiS;I#tD=0hXFjV{tob3SE-#P9*3!Z5 z34EsuKeb29;F6}pPYUwYX9z#yT)6Of`>ON~t7|3f%0{6o8qSozD1J1K-q|8+ED2rq zBcU{`%97JtZX}=!Sk9K}9eEk@+;Ez9E}j+@FWQ&_r<)C@XD&-}3tQ&sdB;7r3>=3l z>;dLy35!69yPeENmVlf;Nx9=QzF_Wk?;HL}B6Ed`3*--%+Ga1f(8;`AEoL`h;-lR7 zG>7B87BoGRfU)LWM<+=>^h=+1XDnNg&-Cn$s!^GAbQ%XYHc8Gsiq$Fx1~&UvodH#d z3D8m@!a^ail_BuWmTog$pbl-#OhMsUz0_a(MuLJioPx$O+8s>azK7j$i`{ujkHtTO z<(x&Js!+sa0)XcUb#ewoj3t+HE-R=KkJqjqa$GRYfE;>8JG12ZPY1TaYv9;*fh@%3 z2bS(!*r2(JM(nm}?2hdK7lX_Om+B^hHn*CE*~$=3tPj1Vg(;9ujT*s$IrHCl^o?^2 zGcHN=8`!pX!Bpq;Krg+_s2M?J=Eo*E+5{pYK|K~Y9e`rqMU6x6Vfsi8mmzkI0ZW&W zXNob4fkV&~`^3V9jZvv&gQK!l-3!SJ~3Akq>x41lqJlQlj`LQ%~SOtQq!>tFtSp!XV!^SWAfNW z3M?RUEzt9qQym8DCvOvdwDP~rH!zkpXt&DjEii0mwwr?&7@nXQed{$YwKCaZ)<&{M zeqdH!D=;+})}`G6R~MKYg(0KXI_ZT@4BF-=*0yVfuSn5cPAnV@G7;;! zRtbx)3^tWqtgqWwUaxGsM81D5$9i*F_~yLN-P%UakrkQL#stRd=DoY5#p=lrn;QIg_s zm%?9?8q1!RT=EyCE=jNahf@DTssDeW)YAWtl-frg3j9-{{)bNgL#O|t(?3=_gRtpT zTN}?d2NO9>##@^%b|>__|k_2G{W0G;c!6NSw2v@6y>>Ng8peG+XPM%3 zJ#Sl7alPQ!aD2V!GQfQ^FY>Cwb@ugc#SMJL_vZL!71m?auuQ&5bGshST6wz>-5@T! zPD-_MyOpHte79};3{Rvl!Q$j@Hz%yJVJGAHQqx{>QDyT%ehS{%{zJ%e^C4c(c=nO- zcZurbU+c86lR|We$C2q*yw>j4!`)wJh$Dc4XC_o%@4JR}8}2W0b>FXE%{?lA@LTfC zKE2Vyt$GYXC3iuLm6>xok#Gb$VaWJQu()5RBWfKF$dV9u6jRLX+v44)RepWG5{aEC zh;>P<%W@=QUIk=2a>;<(N4CIyB!I5Rdv1gp0IK>|M0t%15mAPY{~b{lDa(Osg+C^3 z28RkKu0x;3eZfz%3W8Hpr=nLNNfBV7pom}xKxNiCfoK>CGJO|@iw+3RM_{8Cy+Mqu z-WPZZwvk}M1_zN>(d!h1BeP46D?{Rlws25UB_+pcC;El@U1N=p*72iK#Q1Yr97Mmz zQ^%Z9OU81390g#B2Y+FZyF)yc^~jJA;FuNk?!5@z;{5?n~!o!YeGSa2+b4~ z*$gyp-~uLFiv}TSSOI!=U|lpIITdA-Hg9%7H5o05czr%bhMfd_a)inYQ9yPf4GJ0r zY;eJY{Kyl^K~En8lcQEZw{SAw&u@=AGsAhEWJZh0U)XS@f+Q^!M*`;vQ;rGNbp6mUW4F-|OLbWm}NJ^Bp8D5y#tAXZ{3geqNq+OIWKH`1l3_-3nG4R(q&i;w&AcYOKZAsY-yc!jQbv|`L~oi#AMAg)KQ|mFzkv+)@whjPET4Ga zvJKHnu5tDtg<6@DsuB3ptUINxQNiCIUykuVMP!_CWAlUvp-f#^pEkQZDd% ziE?d_w%qpdl2S%IjyA?gROn;pvqr{(1hELOW1@)^jpvwl{RTk?MHt;AbHTy*3T9YZ z#epQ1rXAQw+(AfPCigqK9f6rdeg_sN8feiB*sq31+w0EY;V#jHOuIPPWRUO-I_JF0falD7`eQ_BVQ2CW$O`+?p!xnzY8RvYaNqFe9}y5K|5A( zFoM2f?W4C7TPUvdcrVN$o4>b4(nCYK| z(^aq4jLCmQMfDOGOsUivjD1pt^*AvuINCTG8BL zoVsH7YST3jx}L4rXiE2Mcm0I&-`Km$zo;H|@%L-Up>*hmp&Nk_q#LBAyGvRSX^@7Y zLApb_L8L*tyF;YA6;WzD_`UDnK6~%id3Mf&^Wc8H=1*7;W?k!gUmqhJ0ma~HkAId>xvBIA&QQSxVxFILcbU*vPsJ$; zzr6+eKBfG4=Q}yG?2&~`d{Ket`?lk;50B1p@OEgKf~Y2b06iPZGPpc)$ax$(^Wy`E z(q;nN`-gEN{#7~N!^bs_Z@DBXXzyxYbn=S59neAiL*Y@<8ud*F%?(;mLSv#~@^O|d=G@q2K83wA*-NwNE{c5|IONJt4a4l|xB5#W67E|Q2&qZ=sN8|+hzE(#0aVzPhDpeG=u$IJ|Y zhr%Km2sTSx&`I2%>EdF6X?aQT22fCZrYwA+)`CMYaov#VYnTNyMCrd3oHb;^>XP*< z=JjiKgU?^;^IPbv>IQJ}1jpe8pJ<0Z{Sdl>8;Y=e5gOP8L!MUb9e|VU!vmlDlIi%a zZihcZg2&Fh`oQlgG7Hb(N&xqnQ*Lr5w@}a0voA)(K(NvOA zOJ-5sHqm80T6IfNtu`^$o-rS7A~vL=gLz}}X=8)sVrz$@ujC>uOJc7#V+rAWj11aONW`|<})JprP01eCjlnc*gaBH}~-K~(bZ4}b5C3kcG+(7?)= zdCMYYy*?a}M2oc~DJ>^i!yeBzB*T%6stnWwXgh z<|!fHlb7UtEtgZAyaa48pf2fbt}RsD?x~*XsS?}v_XiwqWmMjzX+aUGzNF9m)2V{f z(;_je-z-zjbJQcVJh>A z&W~WJz+kFbjw@=3_;i@@8H1xvfU#wnu}zP)1B3BP8DqD6Op|)YJydLxZGQ)91)?s?e zxqRk!8OJFG!_SE9OI!9|hxB(53=bGAe_H54`V7e42{)w7sDca_c3D3Tb8s-TpL%m( z+0o!O#m+{h@Ngk74Ei(O;9h1fp zosM0R)=|2F-A5yDHa)w5X1wBelEvx2i-cDSXUvQH`HOAz*&J44?d&pLBQxJ%W_pw} zxkQ$@jpRA4luXo@u+f$xIKidklBFy`r873AV+ExLDJ5Q8r9BvB?eb-+c4a%^Wr-uD zjCN@m8H^up!*g5VSx3nq%QH$wGV*Rpa`el^kIDnn$~T!SR^%&EY%7ZK%C`o~V{ua{?SVt(8|D(T3mHXf-S)2qhBs4?KF&Z|qi_O5xNU3QjHj0Uek+}4a1)vS3J z0|vEd2E0g$<>ubdt5!-J1MfT5)bIM_PctbAqiBfRNJ+_w$qgte6=|q_NNHAy=*TG< zuxOYJ4Dl7oS&k7D970iSqm<8lh+u6Ly!IyC$F&0Ff*ZYWl4 zaSdt-s%xz>XhXeg_0DWEC5;ouYU|%?i%)OmV{7dpC#ye}?>C?y#3E_HYVSR6PfTei zW9^VtY@b3Lf0`Sm8a41-HlP?^ZJV@j+rp|%_UX91?C`VijO6Y-xvSZ2tMw)Sf?D4} zGTnJ?Uvp00(uS4bf7i}c(YY`2#V@eaB8T<7zk(&v0Cy4#GOE0 zss@`w*b$#}l&A`oJ{hzVE_%Gg+IP=V8c?JdP0y0Ge>YTONK(d5(01Pi|4JV3OW2sI zDxy1zQa4<=I1CGyGf5cfz$Ta!9{G~hRZ&Tpy04NRK5X|D7AXAM@#PSIutKv^Z}EMv zk5H_Z1EI%jWiRwmn|9dRJ#761=DRpHYe@L`5Bw&J@J_gYK8tWs339GERu?@M6b*42 z@Vd?#4XG;#rMHy5Ko5X`&G;?Rx+4oBTF~;>v z6=~BOVLdg)_lHwG9K8^sC-SItDVv!$dBY0H`0R z7VM_BtdYMOZnUU}t0(d?1O;cl&@pWIYY6BfWajIN|K?Q9>2P#BECwOIT1O1T#;>L- zH!PnvcV-jTYlVLfg>aq@s!>i3aI64%;h?VYQRNBy{8^%*CI0QDF^_l1-GJ(T_v#v1 z`}pKqN6XkL@r2)7qil537?`=yx&yJtm^9>fHY^TUyz_(Mi;{PbH4{z{Ab<0HQ3`0B zzT<~^{i=fDI`xp|kUeA%{aK@~d?30I(fbRRO~=sH*8YZ`17Hl*L@Wpb5hp_8CmUx~ zM9)MAJkubJA{hMD+jvwPg2y{sxI66cw-o9&WeH{*l>M9DA)_R0gKD>>9Vc4v2JW$X zG;;{FRaOriAtZ3vzeCUBuBPvMUptYBaW1Bhw;^CBy-sR7m@dJuAKCH+%&mGvm9rtj zX^w4zn&XTpIUbghw-;m#`D>PI!~SiSO$~(K?|-2`BIw+=5^a&nAxevfDa4X`Rc{t{ zlBu5^)Tt2AC?EwoE8{u)(;6HP93T779cbsTJhqCFO;`wIwVhM6*!JbzlIg4ym{ScJuzStg|;R@^WqS^0}F9+MZlt*ls?@ zRk8Ja`G8$Dn*EuuJ+G!cKLNmlGEpi55#v(+ufQ|!I)0pSFNOcvMa8n^H~is+_jcbF zZ<_W{@^=?y154(m6Ym`j=41+RMiQT6{M?r*=o&Tqf=@Py7x-n!-=wAoad|8IW+e3* z;QHqO@CG#a)_#2iCEs~<(EBMdfcpaTXZWJ*<e^PI83JGUSQT;>e(bRu9q6qO?|F{R=AfA z(@+t?1hU%WA`eW%6w_7}Lke{JKk0N3GLmoz3GQfU7%qn-F1UMZ0Kf(KcSr!bZgw(( z?|>=Kj#L~Hi{^%Ipk#kM9wXO373vU(7XpP$^IsKenGAxmS4GO%qM>A3N1Em6I{GI! zwdLyZe-{do9~TO%$=67(fXm?SdZI~8hYK#*iH4_(MA77?)e@vn$>VWukYpt=Rr$?n z>V7h7^v6(&rHqj9%v75^vsp%(mWT~ZMx8;(`PMoGv^__5-i)rriVuGrFu-}bMv1vl zU#2q3feONKDEQt5@Z(=djgo+c$GAw#EqBMW#loqKpst7WRVIVquI&0MLG^4`N{}ag ze7zk!?c+pSIw5bU2J$Nwpi$u*Pg*^Py4qz3Vb}}&{n0T5zb9C$Fr~S=^Gh{UMYh10 z$h6#o22Vw9Ffq>`v9aePHfC=ah2olGnubgPP_vM5R=FOv#auisKbZg)(B5VRC#5G%~Z6>qYY~}v6HTW}NNKO|{-Rg`S$1cyw42Fl01O?NG z2H4a}`8x{+hv!=&0{8R`TWj$7D#HiVSJ-3fj2GWD?~t{~w}bab zpT$z+MbESyhqccP(v{rry>)dMEr?LsW{#`C+4rTJL?4lii^rrIG71cWPSeuGHYY-9 zp{z(igVfuAf)>B(uY1Eq`0nlDBN}9{EE7e&q4Ar?_|Ab!vMtbLy$NBRKi2P?Jx+Tc z{Cv)RI_|&11D2%17=Md*4Nr)@`ut`ZE0PvW<6H`T0=vDSGqp<`_=UotYXe{<)uJ$( zf{h)|`7$qB0=b6b zWI+zXIK^os{6fAo2{Pl?VZ422aXqP0RES6qk)*FrZ5zr|#>+e>c{WO)sFwp-BgPZR zUFAqq<$>)-G+~0YfaQFKe%WD|ILfwmCy6YN_Umvf>5qN&sj??!7)D1(Gwyoo4DOAA_Zn5+z6J?ratmh?Ccvhug^g!sp+l~ncV zxO;Vp7`FQMT#(OYTFS9#(<@TVd%U$G(hhnkz;b*dm#k6!ho&rgPB&ZG+~v2a@jrH- zl_2nx`Zb@@W@3H4yGEC>5Vd@V#Ikm%5;3wMv*T7rK6FB*-lk8hp0-|@@Sh|PT{Po1outQ}j#QB*2t zmeHL$(V#~4xopBNLt}I^sbq)XP|klvBmc=fix96}P<)2w*-cW}Q==n|;a$zL@ATzb zyH;v-WCImW$;FyK?J`=uXX?VV1gv=3;-@kehN_aQ5(E;s7)Vfp0xDov|q{OC<7zL*t=uy91iz9In=GPSmv2|ID2^+Dh00LALn2_i3Zc zUr0{ns?{!n_BK9Lc*kukZRn-!+YiaUWz^4>hhK%gO`@^3WYJk3(HVF9IU& zV$7M=FKo?|dedsa_b)m<+4v8gURSab_*4rw?df{EJTSV%o?& zR;c3;tQjGX*pQ|9tySYvuNaO`v?KfeDcy6-h*GWK29Aspx3NY+36xEA+7 zGF&h+!s%V1Nzs!?8Lzp|q9>Iam{_^Ilw5ybu>|;=89a z@$308E$t^}W}iJ{k1>11x2u-D`?!!_5b-e=`R7By%hW;FX^e=grdJJP_OEUPp`o+;U z7#SB=S~6!{LZ;mB{@lM}*cKNZj@^TN^h@;dxqtur*LnqGP5Y^5)K859*)6d@Qe7cz zVq_Ry6(n8vkJp0@x=;$msf4=1TDvgkx>7Q`a7MduP$c4S#ov*2L;85%N_7*^*FD$h zCVJQH43j|e=_W0d_+#Ep*4IrTT}yJpL3!0p&0a%}(nCWp`E#p#>!@o`p$E(+!DZJ& zHe(Z=82pmN<0M#@A%@jcQ3?RawL}CVz`GMiy$~2f1 zH%hre`wOMM2y0BhQa>v^K#C^4H@Q^G21zwPO@JZnWdbqM<@g!bw!lMTJzJ7O)yE?3oesD^PYm;uWzs{LuU7A08F0}&Xw|( zU?6brOQ2~A;GDul`;zdM!ak6}0Ru3qlcoJM6y+P6PG9r9EG-H{6n;Sx=#Xpuog^MN z9p8@npe62J_k(RTsh%cJX5la_>P6&9CwMLs*dWit&d)W(h#QXTkbC)| zsp!4H3?TVJ(t&37d}|s7o9+)Tmct{SG;nx+#B-&mu8KXH(UT~--Pj^Qc_5Vtd<0#& zVxTi|(DR{Tc5o;=m<x}qq6@qr4!|YR+)?V@8DHP&I%%)kq{uMF22?QR7Nm0$DB!Bz8EPNM%Ih**9H;@g zB0#sO1|xGjsR-c8Jk}iDn46%&Q&tQd?S%+`ddFx@KLvD^*a%`E8)e%C!R-ZAfT?0& zqu4u19&s|swxhC)sp=_6Ew98F)x`wZjQa#pKXT{0Zt90R#Slnf0A?PD73v@fMV)!2 z@O29NK>!=4g<`($k2Ej!yjm2}Ov4yI6>kMCko8>b*rmyiPeU@*xvXo$!F-8M* zOhc%nUv#Zf@F$goTdl~?S!PsC0p7VG+PP_^IjN2!*@sFxKTXn*Ii*TXStHGX4|84Z zbMIH@B91giNaxe;HH%rbiZHc$73K+q<_!(C)JEqB?X|G{v_6*4pATtqX3d{P&l~Wn zldNhL^r)EbY6uhdnDZ`#-_3J!^t=w$1~e9|s+z4i8f^L(9NcPbixy%&Y2(c;I1}pp z*jjKpRr^4$y{E9qW3(v#upni>$P%--;;kc@xk%HYqkO7mg&1ALK3(j)T|6k)aUD+x zs2U0+d>)Ld9Jo64Xkzp2MFtH)5doKvL!?m_Q6xqiWE zcAnKjAxFzcE&a#je90+qF{(sGm3H|qZ{@sr^-t}pHQt&c@j4NmDmnuc;nmZxtqrGQ zjWQawA`+!BD;Y_v&sDu`)RBgUWnGY>1X^OCb}JoDo$ zOClo6{o;$C4OXp;3i6Cz8yS2ZUmFNoRb5?s_H%8WcXq??#ZLC;O(WsG4(Z)w-u-!@ zLsX`tHMIj?V~u3~t6SqdXQxKzRWB};4X+-Iv!Lrnb|z|C>pzX)zs3iD zSMl5u3f_lu+$Hlo>$Q{LRyH#3Vdqp{yC`@H$ss3vxb zCu0<)SlE=yHY46PBbnHwmW`*muA}ASr61sDe2rFJu>}UaD+K6`RUD;TKxaP)ONnY_J3eTQYs!DLu7R zf7r<i*2Aw4f@L}58`YB< zITOCMe@KC)G?FJbYNQddrEBYCTI*!F>!gP1WT)ul66po=9kwIcow3@P>>lPn!OSqO zDrB@SBHETFvMV)S`M9T9@t&g?O|Q~gt6H0*N>-$V(Xg&sx5ila(>J~PZ`S3qHf7gl zjT074jJD0O$8$2r;T^~D@#6@sV^QSe2CBs_B8N)x-EKaI?(3>v?GtCWrhfMm2g2RK z6bD+Rli@}ON{5rt1qX`glkw{lqRJD*B+;qMr~~hhCapc)xwGSGBS%$7$9WZpStm!V zl+(p;$LSHL<%W1ml#shT^(PTkv1$=$5B23FTaXEuuGhOSR{bDZ8O zo+T7JtxY&>$U5y^8|J;`v2~gLsFbC z!bt+b=m8l1aLinbU&a@Ry>lm_6`j0`z~6!B;i&IvhMG3vf+3gqsV-zpmlAGzK~hq@ z4oG}TV9Dpw(wYcq+2?Sfv0jmrULp(^FcTR6DL^2`enABTnApyZNpzFi4KAYi8ZLB4 zu>Ox$4p6^;ivj+@{Zs=KN1<}nr}b`%&_!lOpkERXPWk0Kl|P)!-}2J>tk9sf7)!0l zqBZcqH3}ZULVd{^=Tg9VKJ+M+r-;e;k>Dhq=P(!ITAW9zth9cm;t$_cbP){CGMX#A zI4Nkt0=`|~YQalaGdmrp7eCjZws##(zUw*Ja33N;NItfKCj%k zq<;(k5rXRm%?QKQ4{lVrL!aA-Hj>-|zrEOTzULCA#9{};Y08fhz&{8Nhp2jnHN8uI z(Vy8s5+HM z3-8myNfg3J0t!uTllDnNM&r@ig>}vE>n3j_&r7qzvjl44qRw~00E9mRjL<>{M&rO^ zUwpKmxnEZ(bYhJ5(TsLaV`b<0w7v92n!F2y-=tEDq*C9-aow{O`sQGOW-)*g3_vMQ zEfj*!;{}G1!q@%5n@ot(1&?eDs_f?@Uw(~tJq7m6z*FJi={P^slB~KY5q~k-rNj;( zPb5POzPSI;aGqUbpk#;<@X~a8{<-o^xO`y1A0Q3+ro{i?f75Bt|4pZpKDxw;qmxMy zT;)v%b}^DIa$)DA(?Vj>IAO%Q2z*UbZ1iZBm%I1} zF*%i{N;dmYH}MK3(6^GfkzUzItEq+$pd(G%NcTcU2mfklRfksS=BycRg-Vv@M_kf) zOfyX~pKFOkf85p(mQTFSfn~w?&z$Z(k2i;!Vk1D8p_YL8b92uM?&@wrkYNW|JY63q zk}N8pKb4G098CAv;tL?Hj<^>CO?F2fj&ys13O6y4V?$6 z%O0Vy3kq;okl5)$Md}78L?cbxe2g;CO52f9>N6Uu-Bdh?0HZ5mgom74a__?Itn~mri8-ZQvSE8JI>Af8-`}wa*n-AzcVz&;9JaBHC$|_Vi4{JtMv`#)X8Q&c= zuR2wn9bR_|6@Eb$YuBwD{H2eK+IQTC-(-i02o;BHl&hhni@t$$QOj|o5^CwX$RGi7 zVt&B<)1&|-EUqa4`H3(D(Ljc)8UR9{Vr#i<+JALF(?h*4_$Tl4V}+WF4e?1KHnO1N zHw&uw7M;mWY?1k zc^{Ian_<9I07}5fg8B2FP&S%EEX$t%TBcK8j*(!_!^Lq3Kqfy3kd-d|6a#D^kw9Jn zJkC9dMYU|t=Z26zgL~0GAl`&E*V6#(rDfP7&QPi=HSkNhB)qMN$ldRjs@l!%d!d)! z(OEfk%JLA3x05~_Lc3@fczr)VpZgUhQ9qn839x+sE}|+N8`fh=Eu(!LLm)2YQHT54bt^{X-`TG4ZjqB$M5k9W4m?Tpv3|e{f?wRnE zd#D;unOu=`eO|}?!Ca3X1D(3aaPd7g z3X!f@T!I9YvIYnc(L+jq*I~yBsPM%)3--jT)0GP_Loy*W!--G4GbG>kN9sOjQf$#x zjv>`bIAh-?-5-{HfhS#zH2fO4_8JtfpNk8ix6uy7oatb6l<`vtmYoxy$4PdpMN`9& z*6o?|c_K}(^O;EjV2vjbmqrb?EHDm~QcpyK@`M?ct$6u;mr~2av zd0swuDKCMKtAW`GdhCpUYxKBwNc*^UXrKoq5K;7@Ld*cQQ_KWH!-c$At#K3NV*{Ts zzSjsiPJnsn=u-T{iI8dT}{X6$Z;E^1tjiF8CIqg}fYQ;T0=Dtvj?D2XNq~ zUj?SLTjxbCwa)A_M9U=TY!5iq281?2Qgdy{wt%#GfbrZGKOo2l$A-=TBw|cTKaH{@ zbqvh_8)Dk8RW8xpiWZko3fn>a&n8tXz5%t1&@&vs7sR>_Or>_$wsE?rV(Y@e+6@>k z75+LOb~goyTH|G$tvVvMM2IJA6vKMm87kH1_QpnBmM)ziuQ3Ms3XFwoc4H5OS0_3Ke7_UBHd|wA%rwzEpo_+EU(IA`4o8aSr z8*FBjC<-;>bQuF*uHV+`;2avQ{Ax^f=T4w8w|^%^KKEk6rA-mX8Hy#a z{>;YBF|Nuv7*4Kmw6|p;7&T*~*z$#7UFr3n(l(BVE;P-HL+i~38%35z>o8wS2lW%c z8Xcf_LOaDu6o|LA7j9VWgbB8so|@AM?E2EnwIE;YBw7265TgTa_GiaGk;unxa$Zal zbN&o7ke2#6?5JDe=#tDfD?akJcmYS<5b+ybe1sAb=AM^eK7YFN>K($zOpeTDvNNkm zcK=qKv+^p)`JU%Ra^=vr-dkd|4)){;gjy5A|aj z8kC^;p72!kch-LU1;d9afSzX^vW$CTazOX!pLG+l|43X##*u((Ehzy=pe%vJYQF0I zF!h1o{6X@!X|I*F{2Yl=V<2fby>K`KfY#VxqK*>qiQ%Pc#k}p9ZG|-2~m0VFs%e;jr5o4p9piX$vh1DkR+gHs>wem37k2 zO->>d7THafPMY^$71^w5*zrQx(Ettvls6}hcfcZ2d3$S&PDC9=G%QJEZ(IB4M=_)c zQ8ddXY!iYksY|pkVo~n#FJs;UiIrkl2 zVx`3X4lRj#wQ0~Z53bW{yBv=iP z{uRMOc4+j>NW zI$^ugg$xF)VFscWdOcQ#JQhYNh%qAtbK}mU%_;_yat7qvT@%_&jVIQ#;9|2LY;(rq zK6Xa!v)wxhMj1gy3rut?ZN?6>;!!zk3p++1!@bu**5+@EUzc0jq74{Q72A+8+RiB0 zQ?1(PFg_o#HmTmTUfDBgw6?2fbeh>yzGc)s*>gmC?R;GvLBeD(!056-hr(OpD$4Xu zw&a}(lbd#ln=zBS^=ntOVt4lvkM~TTVI`iiOkPLUUO7zO#U;+#wT_DbHLG5KpVS^s1TKr0PEI`APX4WwcYVk`~fWDe#l4Hjh%ku42TVGh+U z4K-#Cvn~yDVh(pN4S&xJM}(EaW0@mTN+WWZBa2J_AL#Tq=GeXePN&P_pZwo+`U59R zBH#a^(<&^<+W)50DNZb@f9dqUE7bp?)9ih+m3=Dg{o0lN|39MBpE=eRs@A@7eA}z~ zcE+)OUA2zj*g&h^c*40!RJ}>Xxy4w$#mTwNSG_IDxg%S>qr$nXUA=3}xo2Iy=ft`1 zUcLXG^B}DHAeQqmrTQ?3^QgG`sG9S*vHG}^^JJjMVRz56D(zZJ+O0zCMEY5O2IxNWxV?8P@OtCvE zD=jWRDz9ujI;ud_4zM2oM=SqFEB}9}mC44UH6=cZs|UacvHL*sV{{V~P>A%FQUuD4 zIY2@xFA|v$_vMELI@a&c$a_j5^v}%zZ7vAWMkOk`3uuA_3ei9VlF|NZWj%SWGj4Cc zxk8A*A@8f}|4o#+kX4m}DPX{G<-dsX(Fc=&EKIORaS$n_FS(W-&Tfk_p;@h-Fxy_V zSm>ebXQlBEOQv{a$rL;ZGl)WZ5t>JrtX7}f*iO$0TUH6^fUyR(OW?c22Mcat$D&Mw zs6ZP7;Y88}{2xC)FJmFHCn7LG4~>L^YJ;;bO(T>~0-vI71yiZ2p)mKSE9f1mbN0OZ zctijQiP_b}i&_}EK3+KSrviSJHRjTT{xL##~pY2%gFFGiOqyxnbj+bAtLgt8|yt{X~~tL$Ep zuY8M1X_#I{*oHAySC2{^+rx;mqTd7I74h0()=xT5=@Fr>MR?^bG2ND+){v_j}5S>C-~FJY|%v&Y~qi5 z8KgR?W-ABjkfniMYmi7Kf~p{58fkNA0#XxGQxFaO!U9mhf%s0^wA%I<98jg3SmIAo z$Yh>fM!F8-Gs0^}g5n5h1Xp#pLUhh=7BFljCl;pcq+j6W0@*wDF3Ljy$%h%SoP^pM z-ZK>3O!@(9sfm?Zhn&Yy@r2W_iEkY7FE%QHClN1z5z(t5oK2nzM2W#@=Hhpxl zsg{@K4!k>$pUW0VJ8A@XbCiA4$Aue`(1TnoXklCY$i-?1U!#JMSEDE)p7eKC6VN22}ZlubDOvzE(d6?kWnO1zMz*Qmu%_tVx5G~wtQs47l?X6lOO z(o_0UDN4U?`;c2J-Y;V1=WV?w&#uX9MJ70fwB~Y&nJu&O_?W+ChHSlop=jQbT69nnMq2L$0{^37$0(o^qi~QxLfJRKNJ)f4=MHso?McnTCkDH+mH5OQu7G8q^`(G$`}8+y7KG64!D zmkezw2t76n9S;m8>j`b54LjTn9Rr1ZVhBEv3_CCj8x0I=EehN33ESTc8v%uPGlcI+ zhVQuuR{RJLAc05rhX0m;*O|i++neD*&G6_Y_?uujZ)x~0Qp9FHJk~QJEiJ$`d z0rij>J)IsyfB~z88ON6XDFy>>1T($>J>fDvu^uxi20eKhJtYe>^)ele7d_n#6GIst zlRQ1kFcX_sOykT4ZzM$GSV?pVZK9`nqI7t4eNdu%Pa>&YV)0huJKCgYl1T#QNiIQ2 z>;*|#rHO3dqziCzVNa5iWHO6+vH)pJWl(YvQ}WlI41xP8jk|{F>NwwxFuM1LW zm{an5QVtGMl95u`BvTd3^zhA6C74rl3sPC@^}L2t6Sq=R7}NYBQt>3x^lZ|y3erL& zQV6?Ykj*q(aC)_5I>TTZ08M`ynC@khUbU5eR+64|2r1Ar${(JX>LeCE;U--chcNH!@1=VY)GxSEG~KZ@_B6-`C!{T*5*7k^L$89 zeqTghf?hrzCNtR)lt$q-!BG;OwKq5S-p6-nW_I8F|cRC1uQ|+=rz;lBKUO%N&tPtzSNZg)*It(rEKCq^+{la+sfj zDtasIqe6LsU|H5kK?Q5U{O|JGTSMiD%u?^dVpd4QNNG7zxfgCl=WRs^Z$-6U#hF({ zra)zD25WmHao0-aM5JC%WO<2xX{L9%C}uHNeWgl%m5*A+kV2JJWaXk=sn~M)PIr}e zLdB+CMcGQRUsB~mL|MH}bp&&b$nUDNk?JZK|Al_y^-9zgE7ieD#c#o?a=S{j)f$PL zniK9?h0R)z&8of?2x?UAO=OkKaP2@*-4BHdG=ma+pGr&vRtPyUgAW0dA~D`w9hMrR z?zFX<3=cI4$}p3PT7&6b%>Ec?xP>dgUc zEqQ6pxppn2EjGB#uUnfq4;u=|TjDco%rjdxd>C>JYKqz#-?TN93$;m(wq{|) zH;qzaDz>%XRW{zWy6RWgvDLrLY-7f3e?QY|UDq~1PCn8`GU?MYwpJ# zR4lc3!&~|)oWHU)Z;r-q+f$ASbu3P|cC_gsfRD9EPOaO877C2?QJnVM-nB_u0I@ zk&I&$A{0eZhD1UX`0`@}io%34S%i>cG5iIwdn*U602pM-Q}~BDVT$N6G7*@f@4}~# zoNXZVpaT?PA@tGWE>yyC-xJBD9~9p&x^J%E4iniUG{f#gVs9@OY)9xyNP$eHY*M5y z&^(-o2X%elqt{s%gh+ZT4OmR~aY_u!n+>a8_G#tYJmTfpN4(q{KuGKZKnLI54-^WI zAk)}_x?Zuc51R)Lv(b#oN{lM!4{HW`cxc)a3=TyK4|cK#+BV20I1D71jYeUPehD0V z+}G7eaJxzJD_4RPQ;f}G18dig#Fb;FW8?YVW0IhW)aU`Uu{T>gZwh<|MO;TX_*`Py zou8bH_m2&p*^hC^Onv6k}V}Xj0b!yqtV~@gnLSm z?MK9BIG*s!UwBq|&37thIw5Gs~*RCQDpd`?z zBQHS9~AF3Yj6kpyOuvqU`pAl_jT$4#qbW2+pStIY#ofmv{tvKwdvJXp2boc~qSWko$u z_i3{(cyl)5ehGvVK&%`HG7VhGUU1x8Lrz%c|Frz(#OaYR|FR}NGQ!80z&|kxI^gI{ zshV@hMt>6na}nA2G2qfC4MEF+#a%2ubt1>=#K(C*`8B%(SJZX31XvJ;@OrqSR>P<} ziRd`-d2{d?s3Mr&lgL+X30wS=Uv?fxllb;8#SE(^dhrBb`8~dX3bjw=0-or4Pc)=Y z1VgTR2imy}Ki)MO`bs*s?y$KoN$G*Y?e*!eV%`DO?r7oc#T^gM-wxilt-UeZ155ZI zkj;Gf=}?`;F+^3-*3kBI$+tdV?(pI6{$kw^p57iC*#AQjpqGavW^wR3|9~U^ke_{z z)^Iu23GXjt?ph}4gn|CmUw-5Z|LQMy=_9xb!}*_TF9@@A*) zoX(!SZ$$JE@FYDb#e=l}TVAiq%HTJ`=D!K%>DjZsuP0zZWE4$D(&?PBcBkf&(R$-c z%fFTx@O-q)i|+|Fs)@dJqN8n~T^EsVzsI{X9-g1TzhE%ANeopbzZTH38cd@K)lGA29tXBT1YrSB& zXJyK0jWD$4eP{g_GG9$J`uUEcV7}-A*&`< z(J@{hs`o;zJy5%cqpydJ=vOPTxA|j1>i9r1J%pm}Ynfwf$HemlD+G{SheGNcOQLIhD#ijz( zmrt)naT~=}!ePWU{z^)}D%9?Fa_%G(oH$?p0CBl!J)7cuztLxMTh!qCk5(oIA#p+Y zyG#KrfYTIe>fGO@u0e#BX3nZy6!=f*S$#+D10`{abh`SkLJEgbX9%h5u6#PLBa*78 z8dC}urR&jiunZI>Pn>Rpoovp6s6fUGu*sO)PzxkrC8!ebF44rmcY6O>9{)tQ-fBEY zCR3Y3uFig~Gn8EC>}#63TbP65;_hS^~-@oyh%>r?-2jpy*pyqM0 z$l?g*UQ^_58Ivx=g&ashjh+6gbIeEoG4$+-(^x&cn4iLdMY%)5Ob+18LK)EW+UKFf zUuoI^ZaA_OoEf>@7qorpaS=;EWVh61CKVp4F9drBo;F2WGSNtV`51ckPTODp5>9P` z5N{(kLQgwa`z6kgwd#9rUwDXTz}yx0jf**U=*b-%HCP`g%M0$Dl@BEqE#D-71*k*C z0>A#?lE#(5c6pqW=*mTZ#bmb?f6&FY#pc1L{TNL|dLw>Ou5n#^2{ZL^$LkcJ~377iXkpg0iukLavux{p0vkj=-S{U4N(k%=!-t# zh?ChlBW9uGl02YfO(Jy$X_hJ!f@-l{SV9;MH<^?Y$c24YJZ?f49K%aWc@Pq+dI1g% zrBeOB*t^T7IJYoR(~URo?ydoX1qjl(ySux)1PGqSH4xlgf&>BtY1|3!?(QK#NM|~G z&pC7E!&J?;k=p;^eXCZj^<2;WB{E7G=sgXRWBkakp(Mk<@N@kwVXNc`w|%U13eSkf z7K_e3y*y^>{m`gb(>#sx+gS^(*KW(WA9g{-7K9Pn*Ir6G6{0md56Xx%2~qPS{0su$ zE`TZ#^Y?^pNv9YzqlqD2pc#UE$^}Emqq47}4rhaJ%)0cu{KW9jsv6 zkjRGz2mzFsr@bG-f{rERaS1joiYfr+5%6RpmV<@5#e-^QX(p+9qRuPVNs@UaMqe!k zO{svr05tt;y(9_@KwlCAR2r;%O%=-$8Y6k})4D8^h}EXNAbOQPMCs7e{H=Yni-EJ- zLid#l!4E+DOyVZ)`_dviv*7Br57dqeGTInmQEU5fY(!wK$wRp4Qp^Q1UK9-w z4uudLK?;4|{t!3F5rlx-i<%AzM{WS2Dw)GyOfcXuaKP$0`u*&R0Cd*#A~-gH1P+62 z(<7@&V0G_eCI%kUxru7T3O=|E9>f_P1w*sDCbr{d`D^MN+B{UqVbEXRO6 zo90Ej&n$zQ@su!|uDQ3zTChCIGIOE z=xaM^sjCYjWMk;=HG7oi#|rO5-mA3#(z$JO z8(d+iopC_ycmQ|4MDo&vw(VTLM)i^C4~KlwCeH%h^+WNqR5eMHfsn^J>ObZcs_yVI zxd56%INVAQGS59dZmu~J*QZ`T-)S1^(h6}T;aT>W^ipOQ1%8dwfzWzwM%V_gUzVqu zpQh%M^yw;9N_4gI97jtSSP)rrQD^Tjw%Zt+&HA*RHEn?<2EdbaM)2fNA9_ zzaM9KaOBJ7m>CUayyq5v+4_T~X^jbaYGw*-1|yDljUV|*ZC)$Ansg=N&(v|Y6J^Jr zNnF$}|&}xzNT51(W>5b;Zh~I207II8s&50_T#{4hbZyuU@*Ez zS(WjA$Z^}`!I@Xlucd8OVu1-AM&Fbgle1Lajtx;#KPz_AVO`?R1KO(qgH+QWr!$=w zNC$pLW2URK#NA4%SHVJY+W$i^{?*FYVT8FB zSbi|AjO+nUgWs7y$Q)pny4=3m z`2=8Exzn2IC&8!+Oe>d(9NcRDqm?rZep$cztCf+PjZ`RLT6tx{PK+XR=HJk>1?gSR zfry>(($kl#7O(stFs=OU>%XDrE+T&HRaoem&l^3@UKXa6KbhRaLeCD0as0C%|AwBs zW|iFj(aL;#6#r;tmy7#4@<)YX&MaQ#5muj5ycs}D>o zZ&Y7+{0%(^^sH_EJY?wl(d8EMj%4c(vY}jHajH z%$8mJ;m2|==t6?s`d-@QqmC5RBb7ODUqdutREO#~{f*8J`-k?gMy~T&!|R7$_3gT5 zAzu07Z;wl(PwvU!>{TrB2{ zgMSu(jRHa}PSV>7T#Z=&@%h6Br_Tue>VlXbsT?Ib@r@$6&0o%JNehOQte=Sa1GzSY z(OG*r2+P1x&a~GC%t8CC!S|T@12i@E`K}LE;ZgV7H`tj$#{nkZZ%Lr$v|7sryD6jK zD8Ajh;t#*S#Bs*OP3%U;xxJiO^}MtB(;0{i7b*Fx>8Hr!22Cgm`+h)Akl0Zt@;iNb zLVMbmJCjKFQ54a;7PZrCxn6wqDu7%iHi&)%fEOkB?e=RA^vzNy5iu#1Jl__h8e0DE zpV)QJ2N7X$KuLx>>Q8L_J#hQNzay{>!4Xj;h}e(fB<+kF^bjClONLd~vpEJ}z3`bA zgt`x6F9C71gHTF)KutYZd=k}cz3&x!@vSBD#>IGzdWq5{s@6aRalNGJT_JP5l=H78 z_IjxiC4>8WG12?z`1;W9dg-B9sW*z0hAKXJhy__p;fZ73?DquK8k*ld})FFO&gfwv?7j|K6j!0?w($t7CPS38SbT+OG2}klglCa5FlFS|wB1iPL${)3rXn|EyH6s3@0G1k1$qeHjV*G8#5bOJztv z9f&V|ssQb#DURYU{!B48UOQndHTp0%kyr?)FOeRL7@93I5x-AZa}P{HR0vZq0hrTo z_|rEw$_`{twnR)W=hBVU)*a<4gjUHduuoQEsD$a4%CeRG31d*e1I9Lz#LtivVep&i+2Z>)F%zk&&JfqX17oF?4o8@^W#iXS57&G_V zQ0q-ztw33?a9NX(jG{=(-1V(i?c5yeo>mjZy!b+eBxMRnR7RFiNKR({LnM!kD5YZF zlvKjJbJM&|DolURcfmwaxVAj`LIv7_8d9iM0=7=@oF#{jcGtW@@WPO#j%v8ht3hqX zyoHx>o!`|u(!X`A*BAQHbl1rijaqbS-Yy!PE&O8BeG|OsXRO;3yU0|f%ht8n($VK~ zpo@{CY2DK1kXP=?xa7IOt%kJZ?y~sIv*hcu1btrg9#rhww(4Lg8_K9~k&CWh_yhCTZRJ~@V@ovQ(LtKQ>=MCXPCk%k-_tCc!) z`M(SuF^!sh;+pvvzAP*^>Z}!d8u3{fbygdpcCHnT8D&MSwI$SayR>$x2tt0WaWbx3 z;~TdquKzMJE`MvBm9y6ODsE_Ut|HiY)TMtUN@8-7cWguKJE8XYpmFxDG1Ob9 zyeR8}%i1`l3CL%|!pa0Wc%y{P1TSGDw`*gyC379Kbwx&V>%b&qeS?;8lR{*3hhMw- zm8lSd>GHcxe&@}H9Mglc^3%ztW2BD#mQ8(8{c{`Mi;p5VWm4Bsf_E32zsyZ9eFSb9 zMSiw0Ju;d+sF=Mj*@}?b;!WFXU)!=f-CCI3dXB2Q>M|R^G>7x8htFvF)1`$ZYffQg zHWR!JyDeg|+J0SY4%cl?IBu@zvyEyxj~&v2soRUCYK8}8AW+rDzceLek|5F*Cebw| z?q(&OG9^DWAyXB{B@&<{5~hxZd_k~;Pc(-P?yOQ;uB4meOx4pLOpBj-LrqBZ%% zK0}Rl^qKYSlePc5eWeFpx)3YPMTo{?n~Fe_I;WuCVIQNcjg0PryOoV^r%g_jO>y-B z{P}@_>6-C_js;PZ3G|KC)Vi4|zjgN;+g2%?Ljg-peY~^CLwa$(_ z(2vD_+lg`>zoUu^Gc|oDYtKG)RHtP>B6^&*afBat?DEb2>i1!ctG(c!efIBTwee$T za)+Oh$Fb1)R3gnfEeA)Z6ZVCpy6_qqJ!-Ej@*a#998`yD%-5X zlXN;q6Mjb{)6){u*7D2wJYPq?Xh+`K)7Y-lDrC-ra^XVPtpnv~Jgv}jLO67Ki+)Zz=Y;>tnNh(x z!F9*a=X{tGtv~8~)YqA_^n6@kDXRZ`l2dQ=@ces*By=44V#ZW*lIdbjSMs~;#loh< zj4cc)znN2At&X+{th?w<+*uJ=FHJaLNWZ8&wAsXR-4bZ)e>mD;y43y6yN9K>p~`!B zIkzd$zt!rvpMSa2eW^F((op7d%%pTOqw0Z^S>Ek(V|sPD>6&ik zb|v8aGsNiD)a}Qj{x4Uta2L0`sjJ<@tHr^q-^lI=a&FtYu83;3JF3^GA(wD|LccHF zptjkXp<+}9v|*njqZ*>JUjA3Sj93kEk01%dLq?PBTVfr{pen7@~K#n1maOpZR z^ahaZp`P!CDmP1Emz@l&Ez5TqEn|oy-cWtT_@92+NZU(*82ILhLa^Wl;XN7fqq^I< zIxXDL+RES^B7mOQi{TBBCW)QQj;xXXZS%Vs0Lix|azz`iW}-b#tG6jT?voc<24;{XK42ErZ(na1?5cVN$7%n@@Y$ec8&l?qA>NcHZux z1NO&flI$PE-unt6`AL>Jku4+Tg~EGulo_F5X$np!ZTly^XNmuC#Z)0KwL%w$Go}2R z2!KP+gBRn69qNw_@RswJIP%G~7Kv~du||6akUYoy1cqP1MGXHSV)J=&Er4qfiO>(H z{sE5t`{WLM%6SGj^?;L@f7sgvWbTWAHPYLYN-+t6 zxk~~0Z#4NnkVWu;)f=9tNiYjp5|RKf0Gyx(vw(Nhy=54oXBHC$Gh>&p!POk7RXyO( zS5HurKTnv|5P*Bvf|F?HRzjlNuk;VTJ$Bhb(=lQsK}jRYQjKCs?!V(ggNL}Tzxxq< z@y>0(2Tz_*Y;(m7n7vGW_8UfdUZ)Q{lzSdH4xGAr2WMA+Gm-}Y<^Uj(et0n=EBFz| zX<-c^5hKtG;=Lhi%2Nl@n_k5+KjkZhm^Cx-x*W7DMsPR6f4~1v^iQ=E?vU5W!2fgT z`S_Z40Q^tr`G#&No)iIb`uN65mV*Le!eHbvMN+GkB3X_%4 zr7*(Oo=9o5N=(5`qw;U{UY)C)Q)QBmz#3+?Ld++LDK1P*!A8s{jftjJN#)k4Ckkrw z*IyVJt*3O5MlO{^%<&4M`dz3!18nj9(UE(7bG191#>KVx`Kidt(mm)kdFZDU5{72! zHoDLnJp|84eTmRLgkWW0r5Qt72qJb@ju`h*9p%Xes zV(tDHGzSm??2{4>3)Rq?{52xDY+(~*d~E5I)=(glofcqVR4_eG98HKJ#U9CEU%Dy& zpL{Ym9X&vONtX(+PE0KKH=mqJ@tQR`O`WbvE8dFCw=@f@#r6Y{k@80b35j@y0UQd9 zn_hWt9PeQ(L33_dEOGB0WGZ-6lF)bXgd~tKhug^f5<5vUR%rn;YgS3Y`sEeNgerLl zv%*+mwkrEnLv><$7Y!WNq#HWM40@gRA$CRx-5?caB|s8~3_h7nt_E+OP408PutwG} zd~$75!w?yO$cTtwAj*T(17?|>qZqM`Ial`6;M#C(n$fZhPunLgg-wDn92}>MV)~fP z+Of-wxVoRPd_Q;p<{Un+0#L6}KyluUOe0bQ85sId6&t1j=!zV@h>{wJw1`-Q0~WH> zA*G1UfIci~XTZ=i`F!aCnuz;1{?;Ja$;gKkk_m`p_K24C<{Isy@s+tc!p|aXx^bDTWSX%pz|!5vME_ zLL`XZ(+m=5Yg-Hwq5{mJPjIE;>hNeB5D)^%b|}hnl8G}d2oA#?5S8E%c;Z3xFk9Mn z3*rvP{F0BvTbY6yZlmZNlL5D+*Zp#$7VKfM1!@ZIY4di9`o2mHU{SAY)eeQHjgLcQ za+ko+P5Ln6p!&0$xI5fGnf~0%qIOnq08r>oa~VLW#Qp$Q|~> zGz26u$O4csOmC<;gFva;JZEUwA4D32w;~2eF-_9;3h1eHoz$ow1-rv5xpiM*9DuCB zWn`NTuY`=(NEj=J_+fBa1yJy4=_9Sp*%$*KUrlY@uq^g-5`0>egDl02ZMxT zf65vTA{41(^aP~HjfX#gpGNpwf&X)iwud8r4iFVr4)Qb?nc8f4L;)6F5z+y4rqQcE zttri9>-H_rsXTtErZ@r4zdxL#fyV?${2>{U*!)smWqeFWKAIwTiVwg!087uT&JOn3 z*M&D~lgSoGH!>ksM9F}41j9epxuOA7U$aYAc^UvpL+N=Os(W}8#w#(U%lXP`joTd; zBCh!WVr8es4puqgBp>O&k=AJn^=S{DDzy*=XYmV3(k@#Le=fPO)$K=ZUWYHtg?n@q zULp-e`_gPDnn1KnhsqP8IOy;dDK&@XCBN4eJbpJ?MgM3?Tm)W+;UP zKogrhl+c)`vH~ zSpd&A<=sR%7Wf;?c4Gl*;b_kENlE8^e$4iIy8*lS^iQRz;`Jb{yNLW`NS~ppsKR7& z_y`T435yo+L8si*S7WT;tCT2mX*k&RU0X{QXjK_b*!3(Cn#;MY{j#O(VwUurbw6}x z7Rs^D-t#;lpWl+2_2Oo%6f~w|`}i5N`y$~AW9MBAtFyeZR*05xCfqcugm(NTQIFsd z{Ahw(MPP*EPGNoBonTyaSDG7_%=-D}*D`d^OCw_GjSq`Q-}dT`-}*gmnm@ERjZ%7t zn;XutqdbOGP};>42c1y-3G8}pNsr3v*ZT3}^C*6}j)%g}^Z6F2YqY?8(Zz10>{}9r zuLEGOqbQSeI;?;g%5~$y3QAfw=0J5nC7e%l`iFd9+piv=kZ!ZcqaC8oes+_`2#l`2 z$f1UA1e(=RhG2$UtcRsHs!y@CC;7$S?YiGXudA+Nl0xwaik^dTgghcuef#j`LRCtr zMVJsiY1C*jnq@R95#Du}9Uc~q`wr+;8hQ`|KZt1m%-G1I4_JDgX@hvXB;2zwE$Q?P;1-{Kpp~Q5nwFQ7e=}#X~p7k2sO7pJwk!5nIehTb%JFaC+ql z!ZsPr=43E)+7`~THX^bpo-q*%Fy;#o#|jC?{tS-h&X49n_eY&^sVynZ&LX$sxXo51 zHkxG2Bx)&R)C)k6yw3p8!_0=hj~O6n3vHEpc&EUyL8g~Nx$hH2#-rJ>!zNzq_d)B4 zA#V&-zMVe4iGJycfm~_{nqGN^UIa4z-%(LeI2t4FqH`e&P6r)iFKARGD zdO--^>Xk8HRoN!*rCGHp1Ub`~`p{g46%vwd1EKk-iG*mnsc29jF51q1d=W!&^c3MR z<00Z-936?Ph_p?9OHBqJI%pn0+YliX`?#B-y2%i`jZICx8u= zuncYEmru7gB(wF=!ds$K3YfR*>=w%u^FXDcOonv40($`sG;z*!c!9f|4_n-^bOhPE z1m%`2x4Ef4rDnSw}niIN7rXvV52=c34=)#~})vO1mk zZIt*S76{oooP>c7lRmfn4-ddY;U%NX&OYA_?vg|~=OoEBg(!Wf1b5bW2SwFf=!oAEO z^+3P8OuxR&u!GSk(3)z9(I3KSk_z27DNZz5JTRSQG?cV48#*vMJTSvJ6wNs3CSej~ zD=)>dHRmq3VpB11VzfN9u_ijSMq{v6+_N>cz4T|A@n({VwPj2_l+b3fv1PK4E_IA% zbc7#r$}V%rKX6_(bE&sg+O;(pD7S4b*WEl^dSudtuW-F&K&52%WUBDwWcCvHpIZ6I zgNgbdtz6;j%IpWz%6LajLH}rFSQsYXu9m=Vw~+Z=YsI^6<{--$pP|26Ie7EPD}>~) zR(?1Nss2YRW3hz&rK0j1{hO#vv*EC?UHxkt}Qn5EN z)j*p#*_#Dwn#I_^$ku#OWpB}~X)$GQwXJD&W&i41^EHIMExM*Hk-a^mrahm%qr9f0 zp8Z>E&9`p$&Y_ylDfX_#nyyXu?!%hyOZJ|JnjR=S1i2Q1#nDSt+e^jK$5h+L$M`gZ@=_lxV>7|KF6#KqvqXNFm=)*c$=FXEPpYDC+-!L$8=C-&i~tN5bp4KGIk+ zoJ1oPOQFzII-16!Rc$=lR5qT;Z8esw&|E&5Bj|OyKH6OIy#N$}MydFva;8K+jm>22 zOVwP3dWmA5VoUWxjefJ^##l?u(r5GjSW2bV+LdPexoVT~*1EN??t5c-N?+?YzWLvs zZj68ZywwwmfKH{{*09qL#%DL3XlvXXPNrANS8i`Q82`lUv^mkPk17Ahl>cMO|1stNe==pkI~24|2*x@D>ji>C(TgY2OJLkf6x2(S+e_BjOR?Td z72gYU%(VYH<`iD)+&;F>K92Q1&X+#!&OUk=O&Hx->(6DpRczsYrc~Bj0NY7$0>n$WB ztPewk29slG%@HyyF*F}Hh*>*?F)^fKF)V%F~pZlaH#R{haieb3PSf>LcvyE;Z`$}dEZ24oFocB%DERO)9BkdE7O$G_Y^c?&O<+A z$KN}Sbj0KREjUNo3L(0=ANf{ej2`*nI58=*@Qvrav@6y^ygMNU@dOJm1Vzq-u^BS( zJNCu{;u!iKjVOSc^|4Bksa+AAR3gBO^}zQaBKuCrTrFhDnczpzaOVr5zn@%-tjB23 zMD5FWyic-D`x9Lpq&FOsIm(k)FGiSo{V?Kb^bdwUQN}som?p;ji=hQxrma(^-*bO| z@BUrdVpb^yI;qq97ew!1jEh=L!9eslhdTqttQGAnL&B_N@0>!>toDq@)V&Avd`yUb zPF!kEjNbE2@N`Pi9JZYvXg<$(0nRQJClB*=65!+_IF>}MK0h1%G25&E!syul1xDM=EM1bX-owpn!C*A>Um0z`JeWIHOF7*QlhOQZ zp2p*8!E2?hf8)*@m;kD6MQv_?Tkm?3&?>jlswr+zznl)7xlVQ6GRem3OWj0ibP!xJ zob({!7mn`^5-YC%$mkQ8jD`T+;kGPJ*4vFCM4Wg|3%rNJ3pIJmbHl;@A4A|8LN0T6 zrpYJi^S1Xdd=rv+6O%W!i2+I6JB1fZrsOk9>_p%np>a_-A6zEZ66OJq3j`zpBLCel zuQqLqwiE3(1tT^q|K-s{#02?SELhajuijgWE{4Q!w~BhT<)M5_;O!DU_*Y2l=JO^u ztiRb@zYT7@Pw3xyb-1T;2nCe@$VC4VX`Omr4_6|CkPIKrnOM^yrTQb4&0QBpgcNfi zxeE?2Co0lwR6(s{8;|3X_Jh0Fo!hlzG||He*>~?bad1>ov${__r=|;C+Zs7n{alZj za*xWok1DAA5Gd^<1eD%@aI&cYxzLq{#65rZ(-);vcGpwc$kP){K zBnuR|X*eW(Kx8Ot8UQ(d;lzt-OQ`;QH<2RMg(xeTw^oew+B7God#@#A@WFJ=Mgl(k zS{ctgAk_nUBlLJMICG$*u}x5fn&7eh$Vrq0D?V?pq*&a(W4$^py48XyX6RrJArDaV12bI>ILkI~P zC-_UHi(yn6@+eyL^X;qWHi_p4=Vvjf2kedeVmTpTS}Xug-QHIZXKliMb6w_7*Hp4J zYWk5(3FJvwoCNoZI=JW4(bZRB)gPc4hXNu%5!3I}yp5y!(;Aq4_FHWh&;Y!qfq>8f z7#SoakVpwl1d~T@5{+HySi)DP1D_f#B@_N9Q)W~NSALW$8%z6#DQg`nXVd6a@9S$F zspg9YLlLWA+o>1JBv8q~bnOmt0>PZt;VimiiWr0|z6 zfS4PHq>Zk)iZ!hwSFs=OjLy*&giylkT!wHohY^Q9G>7qJ(U=^}`<)5lRWS!sDJ&_% zq6`!OuvCJY(O5#cc~P14-RXAGoL|e5+BsJX|BWik#e#At=txrVo#^=S6eA?Yx+Bim zM@M)o!@?}()kb4-F#w9O)+Cj1^!R~r(J?Hc#S(bPFB)>Z?_enpq=-&X+$%g!nh)S` zL}+OAYj#aHy1KUHxnj;x5+DkOB-j$b)eWFmXkja+p~V!~HjluW z8R8X3(h*jZVrIML3BECSGtXu&4oti$^*EyI{|mm}PW`XzVsRsC&v-%K|yp z5i}S-K|tfBtyPe~Iw@{wO&H3Jhi9dF-jV9L7&k;?MZ+@&Zdn6Mv%C()y+jO+#6_+K zz0s9$cN$XFi4rgic4G4~d;f{ta-dRi z+aXy74Vhz`Ab^~Mhn7$W&#=rO2+nqe-l1w^k%lZC6PA)D8Isp^scJfokDP{r#*HIX z<$+N#>hi~MxwvHZw4_%qLXK5jr+$t#pX)siYV{J@RfUn8NRQ&YiQdr_pulJE0tVv1 z$6@gq@*he`yJ<}*o@>F#y4RYdPCaI(%}#(?GGI;OiIe{YBQEoJZ6Uh=%YHolD#_6| z_>u9=oa%>fUX(&VMZDi@9c0@@oI-re zX=$c9YZ0(sE3>O%thwPW6;m#s_W5wkWXCo4Od&h z4-drP;Gg1*8xWcccYM`O>>>Pjz04g5(*Q(DDXfrbq&M3V8e2K?I8Z#gNLqJuAhkR= z)BOSAj}3&29SC7Je;rB@X^xa-nc=hgvzuI0EhLjUKt+nv9`2zb?{n& zuy@w7l`old1L(+rSR5})B2CB15`r*hDoK%EJh8tM%CEc&%B`doZL{@Hcgm9pPv#sW z*#Tnn0&(#)5dr4Y{8;|Uz&X7E-YlG$aIXbW+nz8P=cNx`BVm1~o|Ng6BOL@!7ccHW z>fRwC;e+-R4sQF%KE;f1ELYbMRHp` zN;{twm6;CRf^xM=XQXAL9pSWMG7M=Y?L1pyR4Aay#giv*LXwc*OD5u8C(bxGp12nX zc#Rbq|Jw7|_=rt!6#hrWM;&UL*K4UA!YHY!&hU)H6-zazX$yak?Pmm^UKhOMKT>@| zKhombosnY#*3JAD7k}y3cxZAX#+dbil?&3Ev+0$Z*#*M5dS`UFd2gxLZEJWH+*_mj zyZB@GZ^EhfgHC3E0<IWEDOly2|xH=?tOeu494Vm>rdd8c~Afs5o+ zUUhyOXJ%Z@3%z2#O_{-!mT%szE_C~P7Ux~KeR#K?bL88;v~lT|$+L9R?brQNbU5(m zyKN+K|L-$-*B|79c4I942j6VoBpq>V(~1X->6vO*wgw&Y_dMk&<=+*c1Rulg1o&JH z+dE+1divlN5?Ask==5jsGjn&yj~26^=kMEot)cu`?J3x~`LOk3#nlrz_devoF8DV_ z$opRh)IT2GDDUou-~Twn-u`{G^#^n%{u>SQhaQwe4tf%Xz-xmtl|T=U5Tr;@+B?W? zHU#(uQbgYsQv*TYhs3RcE}tP-1ic^7dt;K3s4Nho+i~atkszGNgl|2#>Ahp@5;1}j zI0_O$vBiMOh#nYOMwA?`k%)(ckDB9B4q%Z9B1+4Hr6FB3k$scol5zIwku1=#3iuis zdGIU$K9+mQu^h?Rf+d0&`&pUjJd-2K28 z^Z~Nvh{(!t!%FEMMKI3pfSUE-x43?m$H>S^0G!YuVS1Q6HzJAiph^5U!7ovxkHxWt z_zt%crhKwDR?@t^p`#>`aU?^jY(rM*vQ0UCFx(wUgNW@u{H9-F@Wodi0id4Ykx26`$eu?Yj|>O_}xB?^vFd+*M>s~*>h&Y3oGKij27M3wcLw+ z6^Wr7sG+QmuUJ>q#t5xK48?4ut3$-arNzasBIv*fC3K)~8{i$VRvOn-{^2x{Vvb*$ z8ux33=xrmodlf%A8!Vo}Ci$8Gwtub!9TcZ}r2PFbsPc&7^N(|I1Z^&WJNJyEmUy+o z!83O&9qcU0*xo?Vt)cpuE(UL-7SA*Nv#BFu21|%e`K))UJU9MAD9QL{N(`^SoVMT> zcLAJg32(C%P=-!VuV5wK);A3eEQdf%47o-Y11@W>J0lRUdK7@0*BB~f|+qG zC48Cqh?D`LCbjN9wQ?S?NcPMRV1XGawKfFSD$OVOGOPy;tE=m_A8^WgfAN zCZLeX>2!+hR&8muyyLh$@{#Gwx&~g|tW@!A)u^Unam6V?)pVyy?DCXoG4MJU7=Z?e zEXI#|rk>;z6l4^aNzkIp)~c$STX?Dj09m=ZCg^_?Z7Q=uMKZkusy0sY0F|LymLIoC zfqiVWvOW{+F4|{-+D94-6~zT_6xhb*RYWJXBEZ#uve@A0Xb_&i!$wqV(L(D23xORf zjkD={q`bNpU-euTykm9r@^m{fLfgMAcJ)mtrGg=+K7HOpg$%4e50GfcoDSuY~5sxjczp?Hj%JdDO4!OND6df|))h8*i?fDOeZ);e8Z zLP~oZQt(B6^nrM+kN$3x{$A?x!^HBh)#bP!F-ene{eBCk@GB-q^&}#3rpc(M2EWOW zS@G0d*$g-MYsd)eSrqFKlg0tcraqPSeiMTc9b-qU_3E_s z*t&JUuJzHVipesT;RWvR!K)Jo>(IbXg;^QF=_sOwS0;;P>uHf2%Lf8JuQtv-P3TiM z))!2|t@P*XHt6v;Vm3B*7&lYSH?{~Hw+W37$~x9`jE^wiZ0U#|4;q~k@}9XE9m<$e z4~n06@n6*$UVk(?krBP2G`#cSxepe;*f3?E6#wDF_lRWh)M9)qD*EiB|DvPzi(mA2 zg6O8zcO>l!<$dF?ZUnmB4X@fP)<<3g*enol+!>; z%tD&Ux@}=ws9ZwE)Ve5iKOTP{vBuiHbAR8*nmc!2zC2s?0i-V5uADEcY0Ihgps(?; zKc6G6Eep~ywFzIbK8vtfO|VJuJis98HQtmlEnhJd+cd)BG>2;N5gl6O+jQUApfT90 znc9}99HO}%%7@tI=h|Y#A6k{K%L>@K5ShAe9yl@WJ5p`9J{YhTf7kl78Y z(goGlpO%+979pM{Upfj!Icm*0#$uh>zc|*5IW=NAT01-Su%G>jbNUi;(kQ#xE?@#2 zIJ;~)Q&>BTd3Jh&Rk(wl3^~tR>MOfVxB54~_1cOLW6_P+Iu0;7*R+C0vBW1rjE9Ea zPHu{Qw^e{n`N|Bsn#?X5&$PasUKF3p;9V$p8jI#y4B=gxa$26^SV=T(XuX)0x%gb- za=7l&f8p}^mrEiTr`_bxLCUAY{a(y3sJ*awpg?wFJ;)Ygmopx}BhVl*FP86Hk;C{+o|KPd| z!6W|F4X#@Sfp`c02UQ|HkGDqdU5W1LJ~s<>H*<*|$N4u%oj1_Qn`gos%0EUV%%il- zxBLQ7&!S%*XR4mUn75Qpo-Ag!HJqF5!=96&mmEj8>|ZZAQSLT;F1eZS);Df>sl;o<10hf4&tsykkW1X8t}RDt=pd;3Z{u z3wl2%adab9aVvw;&BApn@8&IQW-9IGE&27nbIu#!?HwKEEtBbeDdw~F%bRidUZvn( zd+Acc&Q>k+2VBIBqjk$iP|7kZ{^1*R_NJQ|h zIrw2$p=)zx=~!Xy{Gri-%NOtJL0|1bPu$na&*v1&TZ=@-hn5LY7#Z1yq?89#1xKnv zx#879L)8FC%b=fOBw;>oKg0ZgPP_VOe0_Mm_@Mqkq3`|^{21n)gakew!j4S_tNVxA z`F}9;!+7IUt1vd?A3xFn{9K!`Hi8*fIX3%u%XUJro?p!4PXN&Wn8QCW&es+zZ=ZES zu`h}P4u;y`*ifU$w*eZ02*{rlb29;XM^BSfk5wt-yzyYjL_B^Gu$zJ-qSF6U&tsVX z<8tm(hQZ&bqDBk=k#{e68)pd&$hh*$H1jVY@U4A8?S zzrJAubO;_3da_4K7e>>;Y#5<(G3g4V;9f+))V|Jlk#yEK|laB{&!%;N-tHd z-i+G2$?f>sq^Ibk=lGvN*4TN*@<0=o(6D7BU)rH)5bI(AaG4soQW5OS`ttoxrel?g z;)QmI9q}%K&W0fCRwoeR$NEie@QMh!qt?ghEU7dQqJpRom=20q4w$kVZ5t*d+m8Bv z%wS3If_)qp$Nm0Z?y@{H`=m6h;c2Q^D7zglRBRHsi4E970Rz6t16b^@Y5F43hek2Y-(2%%}ww`7)ltcm{f3b!BZHv1VxMCpw~Vpqtl(iP4Y! zJ(Vy)7e!My>Lrs= zlxe6V5DXS3V-WCzievC_1R!PMVni|-{#OK4GJ89MdnpQR z?WO8SJPsPbKy^e!xh#r%S}CT|Vl=rL3W9@l9WjIX1grYP(ku)M)DPbC1|RZ#*EI;_ zqzOE&EwV|Avg{;mZritY0n^DSbQFwuW`z+%iZew&kyfVT;07Km^7%9aSzB(y`y=GB$oyV9cWy&big4e zm=0BECuq0C=^&^Yzbx73bgIvqfCK21$_eAh>A26UYn#QeH1E8FmX9qy{ej z^hyH2%X$szA*GdKh&E>B8D(OQtZM}lzH6525Qz-J2C8Hr^)AS@K5-V_`uckTfcieC3=%HiG6UJ{{~ z=_qo40zMyrII*=4K;J7D`X;fe#?{eao|nL1(tB;gZE>0l`ui?ne04Ah<)f!FSEdye zz{&}tDaoOEJ`;*YgXkdu*zb>=ej+GyYr9V;fG}#Dz0tp>kPKHBNTH;qHAu$$;(skP zqLAnb=N@*@$6ODGHys$tvntu(hqKShWiN$L_z0=!y9#iN;tWzo;~MN`&_D;iOP0WY z3-Yp^tnn2{-#C+-E>@{HJ0HwrYwnqr$$xKMI5ff&q2s1W&o(4tPq}O zLX^n9%y}iP3>{Q6%9{^|o_ti2Pq8UgA+VH@kXQlUf+vk--JDr8rdd6t#%x2Xevc{Yj zxivB;>=GTa=R29CYhxyr9PzU@)@>8IQOWJX(_owXn4^nhrrc7Rg)WSb=oZ>b{rd1z zZ)=&wnghNss@K3FL5lG6lat{Mk4L}y$h9lXalL4v&5Gc$)tglx92D84~_VESsu-DDH6I_jKb9jXN~%?i$>JySrN;5In)%-Q8V62=49#cM0yn38XWf zthIKned=7CnX0L&U9;}Hs&D`G*6;a#IA0wTQR1}Z@cqIAfl_7w<0ohWpGD4K)c`7@ z6#xS7EL5D~eItG^U;#P-s_xtShEz2s7hnW^3D$>VI~FF1v?zgcJf13z&@`>aam?D& zsTQ5{N|o9@l>lTM)y^qf*LcB&aCnL$?Al}L#f~+tjK(ZP{))W;532C%x-|5^HJEI~ z1@y-jcwyTcR_W8U@hPLanZ0h&a7hh=CaR2ZE+Ki`FxS~mzt?}(F`|xE=`$ZEACChT7!=%_J$(~d*eWVdNp>y88x*K)Jj~nBxwNdY|HwOMJj+cX@K@}=JNNY zB2&cRYmp;CKnE*g%cr3{lj^EAJU(Cw27Gf|an3XdK`afX;lPb*e*y~evv?J0fWv3H zb*Pn=;IrDh0i&E~cqB||nT2<8uP<}srE-f=NhpU**(0vP6rMv%h{>!Tk6By< zpdK#NOW4z0^RDZx-rD18h%5kiZu9&?OM5pq>D|ottyAdo_D!_7$B>@NUDqi79lE&Z zNiOeOfhOZRLtN)jsg56%zduS)Z!@JPhrsjDx1r6(`Ca*we|KDad~#FKo|EmlJC;Q} z)yqGfGdd&9FPtNnnazu+A-fYGhgl+Bc_y17mAa;pibCCnA=-X$-S(v@kOs!|$*oQ@ z7*Byi^X6%!rY}hLFEVGKjKqawzNoFDF$2*J(}Ks0*}QiUg7WM9@>-{IpOKgs;F_QA9e&pxC2K-hk5QhbA8|CZc?qIzyFyq-ZRK-~7B`mH5 z0k<}Cho*j$O10kuzyPte8l{?s5p)>_6 z1ph*c&s}CD(}f+2g_Ro=()(uLN^`%esr0>4aINiu_4dSp=EOu&D1xY&4C|;Kx>QS; zoN?x~sYQ~r8L=WDX?A#lG9B}43vuCD7dUfqdSEkwI7}`D00c1OkyTF^96m zK~S>PeUf#S0XxOcbDN^92S2$>#h?ilX@QBZuoA=j;_TGY{FZ#v+rpgSAqI8obKMf0 z7IR6*{VUjb*`>Wb1}V8XOE&mkwx$vJacu=bbJeh2BN=N8>TL(zGF2QJ^b=J9iMJX} z=0tfkp5ipv0%|olhZ1+Q7;tkyTueh}E1l_VBN^($eJZ`Ccs+A;eF;?!wNi1;SqHoj zLwJA@G>z5Xf+|^gEH#~mY1w<;Bg;K3H}puYm04@bQqjFbed{9|(Ne6`Lrv#$VtpD1 zYb%$!w~k8(ZcFp-b#$l~g}y`}Y#AFrL22J5o7!2rPpqMClp`N6k1_*j0^mpe(QVBL zD@0Cg9Pj9Yf}{f56N7kdRfQ`;qRd0vu|p+}Lk|lAoNb*fE5gBR8WF=-5zuhKarA!P zR8fqwk#+P+Z54dd$5t)$pT1Sd=FrFRX2u-Sm#x_P?NwMlRrn&?O#@Hdh#2DA;giVd z5(H(EX)Bk`ZS92_QaFuLqrN4n)29BEO_Q-s51L5-W|3jcke*cOuW*u?b&^ta!Vt?q z&|aC9hLSyelGZMrdqba-Hu~++G~2JG`d?dY;KO?GCEM?Z z`rlwS073%*gB=RL0g9X*nyvwwjU9%s0p<-mtZW0U3Ok%m1DpvvyiEiAJ9Y%HX9I#i zJ7RbPVmv!idIM5EJ92pgay>iB*9MdxcGQsu)ERcP_CJ@ zAO;5}ej_G12Nqo;78?gPUnBM#4jkD=92E{+okm;}4m_JiymuV5YW>97N@fMD-lRUmJ;gI7mhsNoF`mmm5j9ImnJ0$*wra9~;SkbAS+PIB9K~Xy0+tc{b7cbJB-5(Z_Q#q&G3-b264U zG1hZ3eQjdu;bb0ZVxHk-S#Dz4=43r;V!h&Idu(F+&B>1NnH__R1OGD}2RRof-DgfV zE-t>$TyMCzWj}MPaPjDT<}u;owfW5Zj*HLp^ZI`x){xQAp!l)bh3)T0sin1vg;gDc z<7Zbt(n@PvdWXIrom%?G-rPU>CFa-#C%g+!4o)k`tNuJR`K_|KV{LnHXaBhBOJ`kM z&&uZR(#CdeYtPK$TKCB0*S_Jao4fassV5g#L23E@<1>R3b8Q2o3#(hF7uVB^t9@hB z^=-W$Vjz3;t4?9bt^FelYg>V-`Q5{lH+PTA8#^Y_cbI8gR(Y7^*m821?J~@8l;gf+ca-aOSb3D^_i%EQ9{|sI zTo8h1e_R+rTXkF%!+UyMoFK#aA07T59sd7`4lkm05S&jWtPGL~ECJXs5=6ixWynHK zltIyhnOI0SLjd8VBp)0qa{r@|d4ReP2hqOftegZkyeS-v8Pv4C3lM)N1`7I5#M%z1 z0}n{cfc;KZygZ_u2A_hnyBaISfD63*UwhV^Ftdum!d!s4$$#{$e}3cY&52-llA5d_ z(6C|5fD*Tqp9osPNhMN{2W_nI$HC zrUpvE(y2nD5cNXSFb5(bii2zI_0IHHw0V;^H%hGE46KHDY0DI9saSgoWo}W1*pB=v zd7u7|i1p+z`z!aihSLO(pwS^#_pcM1mp+djpVx*S?R|gb^(G~%$X^yX~pr5MpD%71-*$Z8ybda% zu(3DwLIi(CJGJ&Cp->uKC4#SWlB2{aO2c_p!5|Ef$}*VaYHuxZ&vV68TcZwx0}#Jo zf=|4iM1!Yj9rF!y5A1}pf$ToB?OF(HgeLGd zc+PX_t}`s_1SZp(N8WfQXmm4k*3fr4!7e589nN_TmQcxu?)?08>SGs>;1WLPJ=IG# zNCiWTq-5(oVDNL=t-IgMw^h#^82syMEWh_%d3#L=G{^5pS4r^d6NV9TK@20S<0q_V zq2F$kph#_}QGITWldQtEZdqtLIxHZu; zR*gna*nX;Ci6N7SUNMXAvyG|j*J@meZnurC^NKCDjogup3Fe6{q>Kxei)$E-xs!{u zERTEGjh#k}tALI_jEFtZjbB@#*zh9#*&2I^$hfE*kMIx=^&EflB>Z(Cj=3l@wkhFg z1voYu(|a8Aq)Uz zB?+%4iwX!*wNY?Y((_bC$#^Fn6U4k}OHo`+vF1vFhfa-vHkLn0RQ68QeNI-F2N~GW zYud$QW~Q18q*czRLYt?B+@!9^`B|=}IeQD(B7s~pncUjQI6Tt5GSkJsJG>r4f?Z@j zgc(7R>3)Q4{+VRKnHfSYZFGqOOvxv-sgZQ)NKBb+wAp%ex$>bOS8c_; zt&0U%@*`=>8R#m#V+tb~s*&jGSK~|DB0ryGeL-Sr6rgQerR~sT>_VdLsif_bkNqm2 zJfz1k@EkXiNk8UIJ0+hqA&@%P<~Co+JX1-tEKj=%9%ESdrr9K<-Db$D^=8<8ra6$$ zThyaJTBSLQ%sI(SyOPiTUdeKSL~|dR`@@d;@r3#%lI9l@!|yg~D190jpTuWEdN@HE zB>SA(lRPx!Tnrx;6nkoH`+NiiW?Tho!ts23L1tn`YVvVv3gmoDgV{GR4Tky^3A+#h`-EMpUH78 z&fY%TEh_sRa<*p`ooiJ2hw%dEwesnvawf_OFe_rkltcwXP{lXfipipiW5}}NUPV7r zWv6_ls(s~tcxCc<1+9HXRu*m2&+z>Ah@8{Z;;O9j@vMU9@;v=2vD2!+jH+Gw>NWZ5 zG`s3Dtg5|{s<_DNos;Suq?+QQYW30TD~Xy&+nURuny(c#7yUKc$2I5BwJ-FwXA-rD zNYyv1Rn^F4{R%m2jPxt|*4tG%yU4{yr{!H)b;jd$lX`W?Nc9Gsbp?$X4?gwi+Lf1C zW$+R8;GgvqrS+RWWdMT)cmp2jw^imopu2WbGy|U(#`GI~VvKB3+-M5?4njg=d}0Gq z(zg`kzJwI(cvQrsG$<5w28P&gi5bqoBrHPFOcSJRzIa?6Bs>l#9A^yz#Ke5rBqAuL zLJp1MFGO#ANu-HWC4EV2yc!hOo0V^?G0%$C&dA@MHEa8R`DK|W&qO1eO`sM1#nj=8 z`L{2IZC}W$lb|G8S_@lj>{=E$60n56I8`+iRVB+YeSI(3;MS3bde&kU{WTrAl{=!v zRjB3DL}5@ixyuW=qXTiQLF)&DRHy9LNS{`vo7UjQR!xUCyNNdF(>B)V7BiuC)3e-y zv!e0|5*YdRnzQDzw{31gZ9$FgwFVt+zV^i3-8y9nA7{e=x{W} zo)2byeu3SdXFWI&9sb$}BI&0T?x#NQBM`=?tHCD{?%6!U70~EsCmG-r9^f_{AkFC~ zS??cc?Eh6w!sa+2MlvWNJSc_Q$B&9H>xVBa43cLyfl?h*B^go|9^%*-q^=(5ZyZdX z=mQ9YpdE)Cp@!)lyLQe7_^Eo0NqWs|@EmdmJcQz`V!BjFdhJkqonr7jU-9%iarMjI z7%ja4%iy{H>0mdw3m4m%{Ow?S3;WnIgG^$E+U7=eUWYqT@Pb>oLbWXk2K}xO0Kp`H z&>By9>rtU#TUO>V{T~BHsAKju<6p(c%oK-B{wA?o(j?{a{qg95g~H=`Ilwk+1^Sfn z)3Yx&iX(N7BMs-RQyav-ez+SD5f0@H5#jHjJn~;B-s*-;AprLA0H|MZn}p-yNkEBy zlZR^4j*1gTt{**{U7VMv3KU20YNjAn?BU6w-v%SUC#KDyX1&g*4b6O!7K5J@fg6)P zTf%M;cev0OQAentlbjw{rZ&P=-1H;m%=D?U4X$2c8z;U={$Pa{$6>b(@c8lT_^BZo zrW4+rBd({7k~iN>NhcS@FD|MJEKigec(T+Qo1tRB_8{SQRjm=3jOMvHA35$|b3+65h@f`EBkuVb+6yx($%B|5r#ZyYLvQ_c(#&G^w`3CU1^e z_|)I*#3Ak^e{u^cFz`<>TlG&co7?8hV)u9o`9x_tp=)|Z4{fu*4#?*f_9vMA{oEYt zVvg}*f$YTZazp6Th3#Jm4yrp4ati~P{;}W=|FYmMi^mpQo88J}<ixa zDB+%Q?f&%Hq3Fp{93C|YahV$Gk&X~8zt&3h0(gb{LkTmh!9;}&jEjKrmxEugBsTt_ z)Vto}xYnGr`@_MnKSH9}6#lrCb%$n&H@>C-XMknu?oH47kAuq}LWLHPb!RE^r6@F8 z;b5CL#WpZ~mdfx}>M~XU(7jNw6<~J6@Nh{V-8$M3m;*%0HHFOsK;;9FO|P&;u8wei zUBSfNk>}ruxCRSktnh2t1RCDgU)=j!TXKbjXqHI2g^fcuLYFmjX|p}jVBpgAkjt>8 zB&#&SPh+Qr*~LlOXMfr%d}m)+YhQC{-(WreSzGc;m?R_~K>cg$LPV+11%?EKY|{%! z+{Sh@+5YYN42*uvipCyW`gE1I+?jI%2X(eA6Ic#jlv;RoGFXs4CY?@}Lb``=a1c&c z&uP!QM}<#wskx6i_3!S={6;VU>~*iOyW0!l{vUK)Al+=_uODk3U7&!jC93|iA8Ph)%@aVkN#c+s+ zND|<({WcrfGPx;MXUZAXxzzN>G1t z1c1n*zQj|@dfh#R#E3YQC6qjy}E?O?H#h3B+M zGq7Jy9#uUOD^&$8p2-%KlOGb|w$x#fgGGTMpiqK@xC4uk70+;BYc$>OhKy&V`O1~% zt-fw1ac-s-d~iC`1PQ2TQE3*Zh_ncYKr};@9ZZCCK{fw4qbvtTX<=9}Oal}Jwz?Wk zsg^s>vQeymbo5)Sv(nuqKpBCgNvI6ZY5|wJge2o9I6(>;9ApWKQUpa-3L5OuREMot ze=z(SC_k9C{WzRE7XMAc$xg(63Z?|1xFx23W^ozx!13&H2(^viyc|K^%q(R&Pz;31M2azdz71Xx36W4t9Ub40Q0=bTI9VVwE zI*Cd3=!i3a8F~@uICFYf1sEo@ybD5WN-HMwBNz=Q>%{HbCsp?W0(j}gq6@V7-@`eL zE`mSQwUm?53&f>mzsOAex?J`;YtZ;`7u1fjBNW_^V%ph{tyMplm%P>GYfSnm`szkQ z&LJbzi{s`vy|}UA6nq)M6(BJ3kMOpI%02=zB@IQ`PA^b2A&D;Y9O1_VKp(6P4AAK{ z2M8ecA>*W0g9B9j^iDU)gW!Y%CnKnM7|Bdss9PU+Y(Ub2SW6MGCBf7utPOh+$qkxy zC`+p9c+F<$T2i8zKaSY|-xADj3f>&SHL^<@CXjJs3t?Tx`!7SsV8%5t2LUN)qyfFq zJl_KVS_!^_=UVW5a(sb)_FgI$`Pj>R2^yv2R>~oHcgPYVXV2__rmWouS_B!NW*9!Zk`5l0AZp&mh%q5^iy#mzi6#i$`Z$K)RSN# zl?ptXh)|q|S;#jC2(e<`2sE(5VfrgB2GEKxdjrx zhPB4}siiOHOp!OXO*wvoykf%c^YwWXbNsyF=Qdp%Rq&V$k#dTKuG9zAX)6W~#!zul z$u0B0=Q0mcQnp~iL>m#9ZHY)OK(HDEVYbii=q49FGuS*cdJ1rpy~{j5Cy^B^@3%KP zbFVZo0x&j=DR;$DDWX=8k+-WS6Qq=~9juUre^^6Wz-ZTm}N~2C;zsv}(dbU%3zG3aU+KNVA z%GVYIlE7k*#fcCiluux$pJS(o6I+1A0>jdSrK6;9BX9+Rq;Z^ZYr|Pa^)M&2LRq!L zqduHVFDQ(r5MU)naqk&qo{~@X;sW9dOK3PM$EGOvlM6|#7*vpS0ToG9HOw^%R2{mb z(;lUBu(m=t}R| z9lY{))i;5f5A9vFdKdV4-vsXHx)<$XE0}^A8;Ogr4?E6j4?4!|z&T?8q4qi)`_v3` zh8y6>#KB`Bxrg(cd5{HuE!wOG4~*yk)X!Ch5$u}7OL&!GB=XQ08B~)%jPcAX$lDa{ zkh4z&ojC?{ZE}i!wOj^ej=wR!N$tS5V!;-ez@FYw?oh;E3GtjH{(h4QVL?0-XA?kl zx6Hp0>(yz`;eSM||E0r?l=fSmec$oA?*ns>n_1g?UCG=_{zR;G*1n|=yXUS>9;XRr z&0nrH7fOEAm9tq}D3|$ArPXCG82@vg!u7uTgPWoL^4ikZ;SY5mx*Y!MaNgOBw^R0i zb+}ARs#TYy3Y)KAZ7R)8`dT;M!1iVT(;czGWg4H!&t?CPdlazWx##x7 z8Uoj2*BkI+F!}Tzo&QhicVPI>Ccm!2+g~b`KRzv!zue%ngD-l1=bz>GfRB0rH3EQU zHfWq)m>SVL6n+?~UU+T+cttoRBo z`a&;`J3o#vA_g}QNKGrW7a`b7i>KK~OwCVhiOBpEjUL%oUl1rM7Lp{jCeKF zLI687VFause;*`SZ3L;HHi!0P6a}*`wbfo4t{7J0XxXL zy@lxTk*hUX2Jplm9Uky9vdTCbc-OfJ(czPP`G0lzhUDl!bh!OLbohBoJ zZg@M&BqY~TJ%WHbN?|aTGT4!>*^nW{oEMltsyUIxsW>b?UjLMo zzlVI!fXf}2g@qizE04%8P$k%wEX=?{|C}sFm?DA6c&?YyFQo`3Fqj++saRkZTeghw zp}>n{PmB7gNH2_N6PPwzNleE`>Ntnz`~%Mg6VFvV!|QA;&_HPkhk7NXet5qi!7l5= z>2Pb)bmbm+5 zD%ze_c@H@mDOyNE>E5vSR!SvEUzrSBHDrfm7YVSJ*oWDq%#(#qB9MB%qO2WBrc;@x z$}x3MKNH6^3$+=G!9w(4iHCs<0NSfYbC%)YBI4MSS-e-HR>M+HDg4b1L2qhzSZdM( zbE`WfT>7f(3p2R6BM0KC_+L~7C=mrIrG=Z+FhpiaO2M-G(dv365vIriW>G3_f+L;s zWrds>u5&Xsdy%#Zk#<>QWLo`y_ik6Y+{p5~$@+v$ z9MGRcYBk2I#32#O!9Sz~XdqcLTo@0T6~aZ_d?nd(r0aN|ipN4+G$UOO%tb%om*UZ6 zQPVu3R0CXB-gz%@w^ulGGd_z~{cOvBCHxlbRRxIn2(-^OJ=!z7Bt!)khD=Gmm~yBXyr=E zVoLPkq$rX~X4^{?*GdGHBIf^^a4})@WiT>e<#dS{O$QxDN0nHIig=}%c_kpWA;gM5 z?7lI0k^h~R?pDx>d*w`J85oA6TIxS_`A3--uG-QYXj0G!n*7`-iq)kM;{R36rJ z5zP!9p-ih)3z60M61}4iJ=eFZSz4Vra0&$nV=?!uucxcSm}}STdNx99MYv7D4*CFt zHLGa-^2PWPxaz6{s#>k4$}jpugKKqrYa__(VfSnGA1fP47n*Y46iKh6SQ<2l7=&sV z1m&)OC9Q7_t!!t}r0+85R8nF5Wl*tbkPK(oO1eS%eH}&LFq&m!fF^O+=<~?OsX-^M zu~0*7?2Y98jpHkWI^ENB^h-h8vf!nY0w zS(ntCVCk95HR`!F%AGf=LfhINO4%D~+r5|H=h=GMGaA#_(up>%&NZ&JFfOg$Dw^8* z;(#T{{al6Q2J0NyDQ)@Pg=D z^1wVc%q2ZER#vPyF^u666kao54YO29Gl28%MwHoL>JEOMSw_X~eZSf6#V(0+Bj<)eVxx>Qv)gtNMd>Un6li6}a zaG!~6Ul=`0YU#W5u&}JMlsvk=T(_{ow4@^IxTuHxTWibMx&4}h{UitvW43bdFoP7U zJOmD)h^>+w4ya=ex;`ExW?PYTTBVI!tyLXpJ#cCrb{KuKG}*E=-4ZgR{bEden5}Bv z?quC#WZn4Dx=-oAR>tZ@@=&40T8GzK>-=zd!WtRX2AFM~$8=;%W&2ut~t_*vvHq1ideUSdOc#$`tF-|^o7Q@9mUp1^f;)y>yz<(C~s#- zol$rhUt}I@g!S=g>G8YG8F-iCrul~cnGD@ z+GK{EEH$4fP1^CepOBQ3s6F<;;1{p?==sR{d-h%`x@YSu4}|*4y(tBF8w<^KRP3k?HoKVf#@$g|T75aqEp? zbfYO}%V|+N@NAgjjI!pWjLe*<;kV1R_Lg&VSi6Noy_I2u#TLCK=ZgXE3+5E3y{U`! zht$n7&NZ2pt%nOts>=#&=XO@-4G)KPW9I_r%fL_0iD{?bX*>2sO?N(Vo?9zklo?;O z7@v^|U80NJ$Ov3pbKio^?+%TR@-D|ey}7q`{PF23zx1j!`6{jJ>Sx*aU$iC_d$mJ%FhgYGgF4E1{JD1mLG%jzEetesD zDc-uq0K0&dTz?z65-#;(<_i<3XrQvW9(=mM&KD%~7bg9!b5i$XYS=ZYhbg` z9=Rzs8+eBz-(uy%4IReUgwPuX&-VjmH%xCf_XciQ_%<&OZ`k7_ z*ko^c{N*@oZuw?JxJ=C0Mq~%--1aoyV?J*7ml=v;yf*;f9&OwT%PI-Y$O+)zP`+`8 zLA%3|xy!W>d&B1rapAW)Zqns<@{hZ+kGpTu-DP@ix2fD!;qImLuT&qq)bd>wx9`+v z+=c7ig_rJf&fK)#Oz2{08Iqf;eEndWdrx`ju21f6l)q|1E@p0X^p?*ftNMdw&z>op zxv{5*#?TKH{Cm4Ab3wijzhpiPIlF5-Njdh>1Qvv(w8F(O{uSZ>0^!pD&p0qapesVa z`=baqg!fMV_Zr(C@3u*G*&hR+0$t+a7ARzpI8os+pZw^&g1>sA9X$@ok9V#_cZ(s` zqsGqBqlHwAk7mS-x5jwmdj|DB0%jjO>mH0v3~Y6>*CDxYRcb?3tQh}ta{8n{xo==7 zmuWy{h<7GFVpb1I%(kbtPPQf7Kp)q5tBd*ORLH$zZ3J1G%8N*w!;XTK-@Y?K-(qQ(EE6$79l>{E+D#3oK& z09`?g3J}A@k=R9qpzx^>t?5B*5zL5!{O2qchh7Xnn8Lm`)Bx}lx$l4&YL&`!P|weZ z<<>7M*@kjRM)ZKV6*wnvI`vulc{aqwBg7@ok513NI^|wpGp7I*N`R*+M?%D19ESOV z1zR=5E{p)OfERT`-ARNjIUET})KpN(AfQ3YhX-+-+-G8$#qrU`upG)*7q!)guKRbu zXSs-*H~z;mKbxTl6J3b_$J19h5!a}IPvaV44Zi>YL?bw8*cEALz`yBmNW>aetO26K ziTKp12?D4_6DWDmuWc!IDdP=*Y1Cd=W(q+}xIWiUg}WFkkjn@DJ+;2k0*P?JPPu>S z@YA~!xnk9FEK>F%ivSuF19&em=Ugr*vvn3E_M~kUuSh2h52=Wh)!y@tdjNd$V`a^VhK>z?t zZh<8FzH!|TV=*9#uotRSHAt7mYe)aoj6NxhIBJ1R!rm(dUIGn>BPq!VTo8+-)7B&r zAMwse3FMNY&5Q+$f5F!Pa9va+*}`t_CwRdorc=f8Q?^kjE5U0OCu4^eAc%{3r9?`A zL@gy4tGt?{Bs8?Wtx`_J^$sOSi;xo2ToiRSKdd?}lZv~lY8J}k*R{=MI#fZ<6!PaF zI-HD#(nJSPnV<^i^^Rz3|^@8YdSaC`T34MvbI=mpE9QKb6 z&$7R>DQmW`g6Qy@1DymYRCqBnSW>*i3@BZBU|N&Hpj}GK7BY!8HgqpUhtuNd0wj4u z=)`>(iC4ewMhOvr4)EEXqXvLnYg)=E2jStknHP}7>!{sX#ZT%`PFg3@*3Wyag5+Sp zq_9dH@Dg-hA^j49UUvWq8?TTssap7JdqDBSglg|w!EA;vuzz*9CDO(y4Ie~@qx{w3 z&W0&T5FLK2K`IN;;jmo+5FPFX(czv9|E|NuvH$9DY={oGJ3argq!^?dE^AH=(cwbR z2@o9){D%%tK(P`Fc?bB}l>K3u>r+f+N9he7<^;N4OyjT~UCLL84vz!w$xZLgks|$5 zhu6x+{ng>1JAUy*Du@n`zPhma&TIWghkHSEI5OPsKXo`+U%`LV;h;Y{oa&DbU(W&m z3@nFP^PIzmn+9%r+-CFNMf>)+J`#ICl}MD5tWO+dAndFVHKYKeaeTQ8pb^D$(0ZRZ zSu91xkC|9MW&$G05?J6-@(kpF<6%uy?9?clL3kLV2m)hjtN_-Ajaz$KCMfjlcQ!wE zB<8CG8CH?r zEhR4%g7i-vt_KYEdJECvqaxf@jj<&Cd$_B|!vfO^aRCrXE9md=1aPKo6PGe* z*paDJy^kxsn`JVvlXD$XPt&q2WpQI5);zsQ?vzqy@fD~uxlGFFM+LFQS5A%)xMeCL z(*_otOzP8Mn=a-YGB;LEjd8nWH=LKz_MJ=}8)<~?ksJj~M^4*Sx#gZET9a%tjK3HC zoO|OQCvsIe;TII5k46tb&%K5X1I|*ZLS8u*juH_aG5HaUAYE%vD1&MtvUaNkG$27W z6h5F3Nj?A?uQvdmy%!2&^mwd6A^@6T2OzXhBr-*)@zFdg-#w5{$;om)r|f+>wOR#~ z26An;3bN(cWh+yN%u)#rD50dOlvg|DOKn;xH6%XN@%G8=MQ%w7L7TB*oo!zp zs`H5=LYM4}pl9W7p)k58g_i(^LV4|?m>z3QU`as5+nU0VtcW292Q8i&0bo>7#NgZ4 z*mBh2D*FULMUz!(&17016{Hb0I36{(qFSnS+w8URKWkBw;)PAsqG%7U!3JV2e6=~S zeaG==5Yn7lgg12T+*l3lh-)sPV{rgzL*5Y&kJ~~;N_itj)$uAt5F}qm+ zV9Nvp@~?cnaB+YpYJ$Es)ipALU!`3?rdET=lL&{}mDy86(a}ICYo}NtO&D#=;-AX( zrhPmHPzhPY6@1qguq?kA2+KQ|5E~%Cc$8H)Ist<0O*Y4I`BzC#C4x};u8F?1&PrUy zrA}xO^?V)sFj<6P2P_1TOf~`&&!fpHIf7JcqMwyk`tgE-!u8r<$vB|gs5Wrcl;NcA zXd+f>VoabWyeXWiM*X`KZ6G=v1gAV2i0x#g3!8`&T4X?gK8M3$~~?d8Mqo4bOe@kz)hbCn+^c(ddsM41mXl`2^`q4=F_}f z;px(LDngqMO_K0pVMhS|~qHpXr$U>cxTlU}xKJU#$SYo$ZP^y6E2CkGxk&H%4j z`+Xh{4O*#(apbnE@GxtmP^#|(-ujv|4=;2uZ&dAc0dtv98h#O7u^FFrJ|Nl8PQ&MhW?6^fhZJXMbePiKE43#ftdoiS92 z@FY^kWQJ^LqEtQ&(VgoDId;x&3*Koo!@f_<-WZgq<4eHNSc} z$$MuuC4O8MSWLX@@lF_U<6PdrRdV&d$;-L1D2Q-j{$#uPmqoMGJwW%@Wt>V=A2#Ph zm!$6#Du>Wo;?JNj#Kw9No>6JAWPqR-#?h~dz^giVTAf0nf~3cF$2F0 zT}rEM-w5ssn~c`F{c;|^8ei`EnQCOK8l1Wwa1rM5@||VySjpt%moZeCaV~H>&wG12 zkX(Ig%j65`&r)*43*#$>oRhiyjSsoe4OOK9{!bWQDfB~$KF)7*oo>gIxp+^rV|saNj;3Eiz{m%YHKuUr`W}#h3yzZd*qPn zyzl+>4<_C`g6<^+OOdUkMPY!d*r!T3U6_aBOnN#5!lso%<3-IJT0;-Zz;KQLA`jg* zA|PV!4iQiswo&XuMepmaOYj$#?dHo%70TY3+~!hLmG0U!D2G0ehf?fec7rG%lq3Fu z#dXOgC(*?hrZ4u<#o0}KUwa!Z13ELZz#zeIG*uKi97GK81(Jh>9aEX`OS`0pg5T%9Xu4I?wtW`6%3Z+;aiP%F5=7Lh%(1}3I zx%H1$x*l7*S|vYoXyRha@S3c|MS(7`Gi>Iu@fN(n=ToUO{7!%C-{lbp*F z{}sDuq|;}p(+sSt{FczdAcj0=yQ25=MYQxqMP?=i>j(6PO6$1sdnwdQci0{ZE6K=>$`OtPETVC zQvY`mYa$1b^1nx{nQDFhD`E{j{8z+U;_a92e@3i7FJ*N7iC8;y7yXZmSpP?d z|NmKsv;Cjwa6W%7{_xNIS1w}zPaER>@<*o^W}jl5!ji%>i|gBa_m9ucuWq`ACz6Y* zKSZZn2E-*5Rd)?dc*kY74~|&}#;t7aO?+Fn4Nhq6?7z8tm|a>6O)tu;X@+!Q?(Uxo zYMQTa?+fa_WK}d?{kS{7`Vp5`arf|4-O_b&ecL%SKEJY&S<&Dbn=vvy?;f4*5|QE- zmFAO>JwCVS9iQcwlsh@UeE;}-czV9Lwsm@W?VFH&d;d7Uy7{?lV0>;VKELwr;raOd z%G^I@Y<97r_RGP^d1+(o;(wI*e;VTdcTD+zl=y#?cun(?{aJ16Vbxh(=fmk)eJ?!I zdBY%{!+GNOQR;dT)8!jv;1Lq82h3P=)F9`b z8>NE;EHRBkByZXprHRNlevGPpGE^HyPp)~NOslcrJi#k05{B!*_Ik zJ1LUhd^;ocm7jY+9KW_XMph-~?wcy{uVy(VS*I`IS|%y?i-s1h_hTBKEDzx(9V8Dc zwhp=vQV!)8yg^Q~IFIY@DEyC-p3Aj-V1IAEg~zRc^~XnvU<7A=zfiiAr`?$9uTSFf ze5?ZAiTIk&`x(BT&tlm&mjWKSFu^VKS^7+na3_z9ZL)O0zBA5id05f_onP+|GspMcZTHXvQsRq+479#76_TRcT1g}5u zz(^uWgdDR4-JO`Ac#aN`{bUaSvxS&>Skkvw#=3-wGsmI(j}Fob{)mK@D+1O^a-7Zq zBlkEXe(4{zVtdrT*-GBSsnn3hB$^Aft}#RJ8WmypP>HeN-o*RjHH_u_BkEFb?_pz9 zgnt-QP^u*Jt|4ON;aCmew~NjZ<3u;d(4 z;>Xc^c5}|;qK$phH<2=`tT%k&&HGGhnIy8%sQwAmC9q6-<9vBZX|#^U9UdnldSI*! zZ=6GR20g`kR8vD(`T!{OfPi3XF(?#MF&KiK00e3P#q#7KFXVV3P;AEv6A;aS5;@7k zIBzuhTEw+X138)wfyM>X>%h^Q0{u>t^PvT7I=(%perUP<(3nHl$_xlVF%1Chi~}Gm zVytM60WieJVyys1U{ugV5y2vTE59HRBjgOmisM*ZD}A<3*sTx-O1xD91jO9u0#Jea z#N^naU9<{vc;R&Z1XBR7%^+Ghe1);1Z>ec@rH0;i00PDYtdI#~)@*%;X@M zT=(_)ef9Cc3I^S>YJrRbfahhYPD;3Dy|`;ULj9XM<(;Zyxe){kXkp`RAvyBEA+fk! zX1K2(FX?JlDT&$AMq7Vvtk&RoO}+5=3B{oKbD*KeK7g7iAm9ZwpaCt`9jdNC7zZq4!a#|FL}y0USaO;!vr%@w5}iemvlFuT;ioAT@F zRejzj7Su~x`RjB6ajVztiN*?h4CM+Dx-bSuQJCHzMA;Z z8v-g4R9bRJ#fp(QkbkfvQvihiX}|-a_7p(EYK*A@S9nao>0ud0^Bj^^sCLZ2U-Fhnm@hpd(H z7}%PM{92rfa;tO__zp9?V=1d?A>KaM+tCZJIju`Y=c%g^I=}>n+ zYAS6WHVhBI;|2$^;&frZ0eW4US00;-{GTbQhejzWfv{AcNdevFvbq<|=B6V0Z&Bf7 zJxplDK^b&?@V+;_4F+&K=jgDI0>rOVYu2ZwDqhEg)1|0&}@vK z8@Z`~J0!KzfX@2#dK=d{#4#s_E|x{XAGvEiz@xq^D%4t|^6r`*U3_to{=T5{`zIb` z2=3-<>2IX1F=J^47wFbfP4oV@%}1_nN2tfg>l6#XSp5aFczf(ozSj>j8s-X1>82%a zZ|CN2NJHgAQ^f;UjF5jRfHy1-WRL0`r2aa_`(OpoMBMLL;$MDs?%ZozyBkJ^<8CSi zUG?|>raNuZ|81$)#N_@=2#iFgS6lynqefTG$(fD*eF;*)%9#(>rk5kPZ?C-n9Fu30 zC3uY#a02^v2>Hbk8)WAD4Mcl7tvNI?ZX!P(O9#R5EBsyrgy{iq+4G>t*XuRJ%LJ>gd1v;|Kj zNh6Sv5x&KnjlegGO+Kt!!FgLD>L?#Xc`RJvZjJKZF@-@_@?d*(7!2$#tnE)t0?;yp z$s3Fxo?-w5Xs{=OM0j6Al&m-%wW)c(5?+|2^9a3jCv(#-3f0mEyMtY%h0uh5ARBC; zc~rTecbkGXOob9n)1HDkuS}wb0{M8uasne}Uxh(IPM|5rKUy%)>~Jb8STDlK%Lo=p z=A%Mtszn0RA&EeqHrqHilR87NvWc-#3ExtSC<>w~a!Qa>Nghy3hY83EbIM~?51HQciKnFcxM+Z0Oc#Y8vH zB#$uhcgsluswI+EF#@tKRz!UKw#`P7Qr)KbiZ;$dj@Fh!MTT9c05NT{8i z0$uZMT9=M>>mpD6VqmTHr@>-qzh}ho!Kd*s=%`{$yC?g!4$BuzhJ|8=#RoQ)Wj2A? z#o$R#=;|>2wl%}%MjR`T^$=X4v=JkOLj)X-eeJgM@2g=;d(Ct##sWa_BF` z*gu}Epm1hXr8s08R&*O?Y^6__x~#ZL%mhmDXTt1H*qKR{5{TK^$+4KJl@jp}ljue` zXiEecN-|kWIG9rDIKs0jOE@{b=y(pZxl+B@Y%+xISol(zL=Mx0OJEW-{qvh=9;PkK#x``8 zhm6*#5Zh;T_AQKWZ6Hoc`FiYO<|WMUT5Q}8^So`ceMd6hQv?K*a6bgyF?)J3hS~^y z2+wr2iHQi$i5_7N(`EdG1xYA@B(XE5EYYTUK{D<(@e^T8Oxc&%1cJd!*k1T=qkP*lxs*;1e#XR6jx}ERCHohlpItT zVpV<$tbmzRRxwoS1y=49SJG@(iegp8_EhdmR^2mH6^#^Lgr{Sdrek0i;(J#R{Nj8P z!H9-k-ltQID5?Irlvn0leG00%TC4((RIAe0+$+}5m(*0)Jk%fpYtja4h&XC54r-*4 zYRw4JpS9M8q7?|17E6@Mh>Fz7w2F!=*ZK$6n!c)gRN@`)>aZvol+vE4Et6}A1V}EY zC{PCJ{G!#uw$;Nfb)2n#IIGvEY-mtwNH%Ur>27$5XhnN!6wh)AghdsEsvm--zlz*aBSqrc&#UID$=r6+`{#` z)j72lD&JPx+FEwh>YUexV%gSx)Rs8h+A!M2ir(J&;N2Eu+8#>K>fhZCDQ>T%YeU^? z_mk`hRcwz;YZG*7IXGU*rubt=(ySj=@?iPW89cYKNHxR&gMxO4(I>9?bu{z_e` zbsdKy?Z`N7F=<^cW?eqTo$s-`L)g0;*xK<|TCwk|N!lnLM5HO~n9e!si0=LH>}2Wm zl|gMiBES5p%P45mm9g&Iq58ee2R%$aRV@0QY(5==_q`Qiy+aXQGNQfgRKWX~KBfO? zi2tL+)%E)|efqW2|J4xJ677M52IL8PP13ozM2R-H`fb_<>{bRG?gt#H2JQ3*#3To0 zBnK?-N$JxDoL2_@?gt~sgDj7 z#14tI4JoJ$XWkEIQ;qoA4L_9}k;oaA^XX6#g{at#2yTwJe(YvVA4zW;L7Ev!wySSe zp(qk<3r{DDO7AOc>#I_E(r-6ZGuCSy`*yqU?c;=Og%;`t63ATvM!NrYM&`Lu_27od zC@65WQ@?G~PGPuA?hVL!o8EaxP*oEVibOXKf{(M3Ieig@U0x8ctPCrOjw$(!@or8g zwe{|;5YrF?5L8!&55Ae-CIDdad}Sj2<~>e=AHj#oR;tlE=vbr57-=~8-OpihH(7Wkoc$OP80djGlnL+^sY`oo7{FY4~n43hG3 zm@8!Anrt9ER1{ou~y#D|KFWD-3o*9im<_^{wwzn7(ghiNe=G%WP2#A9RY%@d8Vxk z7%zTpcT;Y_*sMWCnOI4YMMeHWLYP@YBtA+qL0tAN98LmAU9IJne>tb#;ri`StL@4? zK&;$8$p-UMwm{mPLFU2(^vQsa0I2{hd)J^!&G(b0CT#larVMQEY;1MY`J<^^B*-Z8 zrhRvHd0b_6r>@Z~5)6yt-W4MQqWyOtc6?_i)7HdGguL(H0$OQU#-MF|BwNo z#l89Gvli3q9z$CjTU+1ld>@_qIw`5nL@e{kv;obbWAzTj_&U3v+oMwl;lYqI50)+c zD`mmyG_V-(rmy(Q)5z_%7bSTQla3QRMJGGQxq!@bFfCbN8VuIxK$3NmD^xKiEDk9+ zS?Cqt-!Vbq1!IQ9d}$_y#i@cn0kCmHlF5mc@(-j$o=LDpBvORw4x7Kw8`@YTb0~WBg z@IqrsY!?8BZ_xjP)gRFM(a%hsPWUOlBio;KJe>OGoSi%Tz%lsPqrJgi1!LtRVW0d& zCPALQdcr+P%KMfi5e!S(IO`aS`bVq(_z$h_ZgJ8qzS(+m&dGHVOS5kki+TNmTc#Tm zfWrye+jF_MyMo}cwzpllM}G>&|68@(@onM#&lKF#dBa(qx7(pvH#rZTPdYF@TD+J9 zrkr+OI~_SYA;mh4X#cLo2fjgJhoY0$qF|0}zwO-L;*z%`TxTs0``M@WuMmDI2rco2 zGkDY=cv6UrrHewL%cBy90QevrKeFVQz;1v-(DCb30NsZGWHMdA5rhm1B1e0$GUA@Y z#mk-G_K#ED{YQy6#~G`n3fQmprTpCxf6IISgum$JKMis9gPAm`pb0YyjYIVkjdH_C zOyVQW3WIh(R1VeBk!sA*kb3KB$UuNGS$MGrk41M7#}_oCQD+?TAhVG%bA)O>0t-z( zhD^aExEl)-Wo;Zg&=?~i9;Ze1z?f($-BS3`2~(34%}(V%&w4n#h_;+7H|Pu*r?`4l z;*zxk_ET;v^_bSlJWtKXOq;n6&>ppa%_twv^pt3(&jw})t9q`{jlaj+04B0ju)<+Y z^eWUmNnXOcZtCLuYN)2~!*8Fv)7^!^tWMt(fb%rV5SGJF_S#gW4JcL42Xt%#a|E)n z?U>M+M?cb`J+Kf9epV&`lFc&+ z&;xK;3VRjSaEN$}2^M=v)fU#E}DV|(&iWn0X6UhIT{C*gd7%7 zc6JpNM>ax;nkm^|oafheowjMp%!Rgj((mGV!O@5(fB>0N?+c1wDppgkUHb&{02463 zR6-l7I}i$a&_>NI zll?mf>&lLYmRrjJ3_d%fezH+#$zhz_W3jm6f?sRNM+3_aNqTZzy250spKX&mNc8j3 zaJ|5iJB)eUde}U9IU$(1H91U=miS}>icg_+_UHKo1}{=NBDw9u{2Q`y3Rs2Oa_upg@_@9?B*LD^!! zGWraiNZQ*eV)S60+<*k!2zkS|U(R}^U0DJr^U_g(c49yT_-cOWK+)}Q9ab?xrWe^2QcuBzso)RnE{8VR?Aje@iM4^3N0tQNbf#%ORMqNCkp40Uqko(% z+eSIy({h#zF*b^{_hGQpkdhDjN)YYEk3oC1KN!_kRZ#-9ckZvz*%fq$Mw$YXc(&i zMvB@~L1z-vbhF8N?KG7TrPWGbc-p?P(-F z3xBC?z$$fmPOo#?BHDf>0Qht2zSI%^s{aZ%B)YxWnCq9o_<%s2q~5OCqY_{EuZH+K zntRjV4RO822{+gBX|V&>ht}7tMzDtFzZ>GqYkw*6TF&ooFE3Yrqg{4_PM-MnCJo%l z{nZe63=vvcMy2&AM4>rz5n24ZAuiDIj}k}s97;nu@(_7!h|7D9Xc*cf)K=!6xC^Jq z{M`_LJV5rGkbdEuas8JP_nP`3exAHtxGO8~HS=EVu_3;C@G`U|DxSvnZzV48GFRX6 zsKkG7YrmYF{<|T*dfZoWxA@o)Z)gwRNUWp;=cJfh)+p_u`XszEZylMMc z{rKDN-nq4g{{E)_rO;vY`u)DV#QIF9-&Ny#i6!^<_q!5*Cc3g7t_R;ge6WB2`+EJ) zH?Gbq0T>LR;aj4C=y&hhw^QVbyibBzNJ=b>R}VU|)3MGq$y= zwV|SP6PAe+*6|VXcN6Q26T9${nst*=iIdd{Jbdb=B!W{w`KbH4Y2w9bj(H&$-E=Zy zbZxv0j6IAfVvNDO%<4TXb)qaPyllZe>@E+Y>_oiKx*kq`QO+G6uALt49TDz29$une zzB~~=A07djUO_VvK`K5_P?b)M ztPz5fRaRK0UzcA@g9?G0OcZ24F;6;I;BUm-k^jO0V-#M%2)tH%wx+uSejoUux_Z6 zPgXBE*1{wV@GQ4!8;a>`SLyR7Cr3&8p)hZqZ$>nnc;6GQ60M6s4tWIY@Zqf+g#ee~ z46}Bncsa|1Pw{=l3Bih){3A6#6_YTP($y8i^9DZ$E1^P1a!rSe>PEhmDD94nldmtsTAsu$w#Oh*rGzLNR5t(w2oz}K6-Bg zGEfyQ0Yck4?mx=CsZ#=kzSMtzwiYy%sZEF zfyuJiIYOS2C8;Jac_kxKlFtYcAGi@8!w_LZ;Iu*psI#^rv=GNbO-yr&EEA z)c)Mb=rKqqkl#I((5vvVAH#p(TWaGbts&pk+>t8idn^996hUOzQ@RWQjMt}I1)?0O zEy=`qj%aAXJ1x#y!}MPtjt1-@)Tpm!H(rS`yh=tSUSs;-3@ZlQ6c-R- zNsPfN%RUrK6=GGgZuSL&qp9xO#bMv5=vz=F^=dZu3uCzk0OzQ8etj1^9sKy9W-0>! z(T3!d%2UiU+-sW1(rAo7GereY$7YukFkFfjS&nDp_Gkb%*~1h$ge_BHx-mq&2$Kii z7DrCicf?u*3=5``n&!|+z^dGpsnjiBJt4cCzlKxLnc?ZkT*5{<@S|LGi2;kgB8CU{ z7WJ#x#e% zCY=)Sl0Wj&^;a8hS7+;A_u;Mz`K;b48GNO#StPDs&gfVw7hCOL-9t8PyjW%1Ht51#o1k86 z(>Kh6uGRRi?f7=?CDd)3LypAs4>SxHFO{pmtbPBm@-0K^tX=Q?_u5jIVa#{Kp8U0+ z)GJ*A>$J*mOjF)mm%sUiF?RoDJ^iQQwd?AYM%{1X4bYnK)#du11Op_^4b&55WO1YA z$aU6_8(&)2Ps=x^(>CbGHqZyUa6{U#2UPI)jNFlpu8}tpBAXk}H#PN)RfskTLgq*v z+DODT$wM~P>o@y8Z@MlUkA64a;@kw?8~0Lg)!}YYjcrm|d}53eWuAX%qi@h-J(*y5 zkYHoh;}GYEW(siPX~XvTxJV3GG)+nY)Bb#uKOEcg&$mg5Ofki`c^bxq#5)DhOrFk< z2;zx8voI8S0TZ(@5T1~bAW@Yh(S#33NYT8ILDQ1%kdVz(k$=#77QEA)zH?@7c2~O7 zFt$U`zH__0Q*m$Bl3*sfx1Eo%3u7{Wr?UH6E?n(o`9-3HR+N&CVXsD_lD5UJM!)&V zXY=j4UHy)dHz#j|j?F(qEq*Xr7^7KaKD7wYu%PzaGq310SnIH`;I(y7w3FKqp4*E# zw!kQ`xcX%gL1oz#xyOuWX^m#U1l`xt+;6wBEEBb?QrUNR%l3STYW1kt^=jCEO)ceX z$m7o}A8=yoLn0d3AQ$YnVz#&Mhc+J)CH`TLJFG!AJW~)sBM~7d8!6cIYQQSApg7t> zJW9|q7R`Eq-+Gt9`rGq^Pny|@f*lEomdS3`DN0f)asojW2m3SDOZnEvz1CtlHb0K7 zKSB>vX%0)24sV~?BpDtSc^yuM+wi9!f`41v*&TkWu<=?tj9RnyIXtw-vfXMstfZN$ zd1$Zh;Ha;VYVcbZbU9-AXgeN!REBoY%)HtnXIm?d+lDvM9%a?)X4Q!X?S>h2?Hx@) zj@M-E%=qoR4UegPkDDXxsLGB_F2D6<7LL-C4=0LDL`gnO(P&LhSk4$)Obe>aI*7~( zO3u^JEEL#|``OY4e{V~)A2zrAa&@qrxI93kxN6wCbOqnMQdxJ9+<=*HF-z=-i|kgw z_ucfiHLdp=OureDAD!48?0sjNKcUTY*#Ca=-LLjk&iH)K@GR;(O`ii7-zlZx>5lc= z8{D@S%u6>Fo41*gzxFn+8(PN-PCF;;@6p5`nBhqBh9&c-=z@+0SEqk0j)Aw1=$&gQ z?hUBXrkL-4q!s+gt99gG`=NgCSc2n(P2+?^@}mysbnxBr?)lldxD$?0ImzS-M(EkJ z-`T9**>1-f1XA5O#7rk>ihx2E9d#o%b>_R3K zwC8ajez1|AL$mfcEv>j-euv?=vvBcqM4RwunLtV3QKP?Wclf!W`4h!Dv67b+XDT$u_fzmdN(UxypN-@<5c_!)VnB6Mh3c=fyWDk=Wb(*5dk^{V;a z4fDiJ$j#M3;-{Vbu2ZEbSNfIX8+Vs1HCrxs#|H`bckXcY$z|KO*ItF!-l6WIU)+77 zdEE;|1EQrpqaD0MPv2LXyK;G033<$oU-(|T2eWu+bll)u-0-h>3}m=F?YqZRdc4KI zb)WPocJa`_yNNno`P3NVf zKTt4kP*gn#GlX!m(C+~79nT++Pg$NH-#d7OqJ|`U0XG2|(WvJ)Lozc2kj1;~KNwZl zx8jwa7MSBCp0Q-sn9F&D9Nlq=U_yEx!pCtKz|ku+)T_d>HZ1za`^9ZSSPl>a1oWV~ z#Qs`9!isyHyB&!Iop;9 z|6`x8T8Yfhz6Mic{IWxY4!w+0L|g}dy@@9aCqVQK`T$e+XdCyt4G%|^35sUAw-UY- zn*?7@?<(K^uD>4J&`Qw<5CD=ZF}NuL#XlGs1+6OP$ENgaB!e4&D;{H52nsHJ+g}aw z7<&0QsP#F0?ZD&XO(dI1reU1^! zY53*XeTLT+@X9AN~Xh~eJ;8i^<9v| zHL?RtR+CgIaEfDNka0d3#Tp<9$EZHRDd%}@os^TfVR9OfOdQDI=9-0xa~ZR$gPG4t z{9(h>Odp_RVu=rX2n$PQh!(s1x)vp2f!br9`}LYcfe3D#3fJC92FK!%v*krezAk

      z3D;r_}n?So8VhedRQ(fs`W&93{yGnb-TPufN&9y~u!Jr1i= zi(Fo)0b=U$k8Yhzp!W3>Vbr)a(2rHOy~lmW-xrS2Yq<(V?`4{IlRGOqj&G0fp$}w} zJyX;)aX~mLc?56MQsMl_qA1TckT7qv;7G|aAQEo3s&kPH;TPznx+t zAtP4kteQQ4I?D!_o%#Ka$R#Rv5tudV4j{oqx>9ftjxaOU zQ`_!F2C>4C(7I63@^q*?8T&+>9u8jrzz(~I*0fOxR)$^&(KGX;45>KRSijAir{882 zfE-JrJ>QUiBTgUqgf##a*C>E6u`4)Qh7LojOA>Xj-?y%EMI#UK{z$gl_KmXx2^ z3@WJ!1mzW(KWPULl9hi#M`VOR6YL7Wb@8X`zFbA+_HP5sx|)8NpN1MUEHf|0%6hok zyCcI5zRhU1Aa&b^Kh8}SgS47(=wRMrlw0%Aq;iM)GrLzStHdwITkyLb-u$7^rt7_G z4KuJarTsMzq%YJAL~#VKRL)#Afm05>SCQgn~2FWy=D z&oK&rnyWYuzFz;O%i1-!cq*T$V+aJ9bs>4?1Q3)Np?U9gBZd74=77dve4&y1;%XEjicSsbJ8 z(mCRFz3Nf1)DdzS)t8I&75ln>zJ)SXs8_3l@tZ&z9hgRc@goqu{(HpJXFyCr)rSLn zYg}x`*~5H+J~8_5so7+ zTVB4WJfHZSyO=R6i5t__;IQR!lA&5!yjSio3r6QZ-O4%}z5{~s$2aD0l9#FcomqBP z4koTzKG2+%BO7heZ^k8|AQiNx4&W-TKSdhPtOTks_iafY)PNxu0zOpWc|u1WTyta7 z>WKlbevJpf-Ek2Y;e9~;$D@gh{v3!Ar6a&z@>QLvp~BCY}i-GF%CtSofMH?8w$3!o+ULB}u+Bq!oUuFq}(q?r}1p&EeM?iCO6n;ViG z4S>REYqZVigSVydu{4sK*KQ_VD~o7jN}abrbvvVQXzL26lzZz!(k5t1q;-MRH|Bm- zQo*v0VH78}7ytbQzK+i}=*P{c!u0d%(3?9D#>iO2*LK=dr?h)9l3QRyIdhQ)ut3SO1Lb0`%Fk$2enTkgI-Lg{iEn#W#~5S0>?W zdQ)&*XeO@cdcoon@H%VnfOem0V~NLz=vj9Ay%9$mnOYF#*LUHm}?!)eB%pcK~&XEU<6?gW;Br%z;kdHlrTzDsZ&{ z_itY#h>}Ii#28^U-sRrJ-OAatR-n~IdCwtH-@c%7wc5&Yr5AF|iT;K&naprcw=EAh=3~#C#7HMz zLxJ-4ku(_b#Le@tQ=t!2PTi363eZXT$zW4c;0%Lt7pFjmeHfTBm>H^%kKD1>2Jso6 zqfJG!gnxd)$;ihX%xkEpER_Kh-L8PZ0=oTi7wiFo9(*2ui+hQ&*?L$+~I! z840*$2z(gUbu!)f8U6Yh1tuQMo{7uIUM+FGy*XxL9h+hy zqsk_Fuf@0IznZD(2ETB?2h2XdbTAddW714a&@@D2OCe-8r~TxUFVm4~ooyjCH^aF* z1G^+NlImlxpW*1Afj-|^;+7%oV!ALeH?}hm+cgHN3dpuLNFwuTdBTJW3NUiafueke zhJ1KiKFgA6v>iB0EYDzzkub2&utOE+Hec?Ur4$CUafli4F|P!|9LiRp;a9+eROr(| z>T5Ia%bsMFIK!5&r4`PkU9x9RR%p8w2RoY?OSXJj75Dgm2r9fO4FSC+%)uUELULkq zq9}YlLu?zjOFO>j`5;y3Qj@Ru+R8Uv<5i|r#tw^jaBet>T)326cogCL#J%|PJv%pw zfTg&A0gJ%Q+$PQ<`)5`T19`z%GH(s{BLbNtVAcuzY-j^TpAt#jUa%!76ep~yB$klI z7lcMQ6z94eyz^m8PE=2!Ax^Y-{HzpGb*pByG{9p=~A@L-iz zN}*SgaFlJ4KU9-!*5u064y@IZaG1y(%`@2|RBii=OUr0VD{V^a0_hu1O6u7Mnw(1- z5^W2-jvD&Y80DHR!}%*~AI-lU13}8FUJ*d$-NZfbVa-}Rll6me(O;$t7rM$^@Bm7=*5DWH`&#=X;Qgch^6w})siFWjiAiC zLHq0Xt|IZ*534@=jY87zuQ_jg0yxxfHV}>OPo*MQPHsFSDT!{k<3ojnC6lx&ZrxI_ z=Wh41wXSdXbCU2@zgeeMJo7H%YQH-=sm~;x_+PPlZ)VZ4$G>BB(Ol4%#iTfeenA(Pk8Y*LqJVr|QVdcQv8H28LGc7bY>@k%Apu@W)3A6oCxwAnyj$O!v z{$Ly3CuvJNdvFN27Q;V3&J4Pj78N$e?>x;hCYpr8tO~|b@6soJ$o7{!4twc~6`X#; zyRS7>Jn?0h@G+bW05E?LQZUD3ug<@TzY2tBmyNu2UI=HTfQ9Q4ecqh;1{Z}?;KzT+ zMip3MzB;1z8Oxt2SQ!=B2~g>$ zfT3f^RBVQ`Nq(dNT2EZd6giJ{Qgnw@>G}1s%!{Ovs{#Y6Ao`q75!gNbK!B(q5Gycb zhOD~SNt00K#kgnmB~i0nG(n%sA0$Zut{|h5LEE%>@P}(t0t*x<4WO8EOJx7KYF5{} zcn*8b7a}m?F@H$XxSgcn^5SESt;S`S(~7`ab7Sp!leP{Au8sc!@D)<=ZngYPYw1F4 z_-N(cZ#yGtJ%ghG+*U1}Qn&+LjcTW>baRAV(gmyu=nHhBZoX}5X<1$i-)%gRwKX>I z)Gop^L*Lp8P_bS@rp4()7yDX_!Aw^r~Y(p@`BnGnws=`fwlAb7Y9qo3k^*2`EoH;`*D6c*df%R+XRKpRF3i{*Zf*sx-0vtjV)@bDs^v%+M-asRU zpSZ*7uXuqNNX5U}?hpSJcdt!dJhpghNnX`KT$Y56zIWr|Ik{t8nEfxT-l+DOdlCEF z1?27@tR5*Md%8av*^nMaH)nZc^lWxLAb*RbZ1gJdnMke$bup>IjvBhxEdJqz_mtv+ z?q67a;BxSFJB?0j=zKF?!(Ui^`#Z%v-npx{zrnG^UszqPp~0h^#(Z?A4wuy*Cv_v3 zg)F#fJFrJ$6cccaP+ma|lLCwX$LcAP5NHV&fYq1w*B}G7l)j~uTB_`AT||*RN8snd zB_5u}rYc8JAgd_wtw5-C?AFl*pAnmoHYu3T0p|U)R{z%JY3sutxue*^&_`d}$%Ou`H%D=_B4Fn-viH~uUi$h#Giw}qGog|gGVaRc7*YK4+2eBc`jM0G-k zv$*_coL$KsEJ^~1yO|1ygxP&D;c7q}xce|$amKJdV{h{M-s5=t$kZLf@8@Bi9!_44 zu<&F9BOjGCk1v` z!H55rWvADS!lbjbows;P^3jbIY(@gJ5RCjt#_;uq4Vj#JiIrw9nI3hK4f~b~oty@< zIiy~j6Ze1$ACrc_lb*PkjdGZZ^p=|3nw~n0jiH!|_JEpBhn~rrjU$YTWs#aq@qwOG zk&VxqiffpfN0?rKjZH+6N~oDyn2lZxlTDh9N}`xrQc>WEBBv}lm3#`dA}0OwMOL+2 z%9ml(uWsoynpyQ0DYZPQb*u%Ig*gp|Da%o0tx^(gbl~RJv8HUC_QjNz&515LNp7Cv zP6x4X$vHj4DBpP|`I9I6FD5ZJCrwEuH=HE}HYb0)l|dZDh1^1;6)D3PlM_8tp!_L< z8&b;_Q;V(R3x}bV2NV@LX$^{YLcD2SxoKri zX&tv|@rh~G&CoW*2pa@@zbDJ^BBGa^ZB&P45|d%Nm|-@IYg~u*OV}e;$7ESf@n5)Q zT|HplERI<}VBH>O-Y<^bRZKY2fgZ5MeIHIZ6Na7^$Ndx*y(WiVvVFSsWc}sI{D&?6 zw>2wBml>5k0XaMabBP1JBmw&wD=s@T!4ln*lFY#r7;%XJK07P;E`8aRaT&6F8FgM+#z9X(edh$taYC*di5!iB;#A)y+#);aip4 z#?_yhtBVw?Yx=6y533(AYor3JOA4xM*lGlVYLumF?yVnc=#FY8ifh2^wc~TG7Wf0^bfqT~}9EpAtu1grH4M?q1rL1pfsCyw&t6>X~jd-Fn zO0Jg{sO4Ss@>hM(NS*LZy`gafe?UWWPQyZXgYISnH>fe5u5nSJ!NR&RPO{N6qETzG zu{oy^3Tld>Yr;Ed^s{b?l57f#Xli7S`8Y}zzDyQdnq(qUXv$EZoYq{=kP|IZmLO7` zRN9;?((;a9BI6hRr(Z-A(k*2oE$P3SedAhQRJRnSk<}cLHe#n#r4{G2w#I6=2B5d) z@3&^@$~1Ej4z`jG>rstH5Y;KS%}uv4qqG|+wSRb6YBm1VQgqlXZ`O{+*0w>{UUkqO zVbivuN4BM`u+yrrzf3Wi);`RDWqGG## zu{ z=Y6|Z_ZoYB*`M|pyMIK@n&Y1Lah={yM@k%YUd>}KLvt@E*M@_4O1RjU<6;@(0fkj6JXQ20z5Ml1RzbmjwSb|ibI5NG0=)C)on^5ECnlTLij zh^D%XqY3cz84hKLA7zf8SiG3Cw_nJIn`iuuV+_>EiTofU3KGtZ6r9v4AOaK(6I{j( zvP{lV?=CJoO!K}mo((q^8<`bSo>F)8{Ke!yuuNd^drF#OTHcYwGyqrOHvy$QXaXs2 zPmcrq+vSme?&y)gHDCfRWkNBaI`%iE&n3YNV^HhiGLj=laD2cg3JzqO6^{VCR*^}! z%b8r!Z=X9S%rR^IL}8)rMJ>@q>HrY6w_(oaO4Q9NMlK;M^1u1|2MP{Ceh@hTB@_Zg zQiBsv1L}bg`IQM{HV3dpW@Vup1Qx&js(!CgRxfE?dK1jf)5-%XBAcIH2wacN!hq%koQc-)k#JXQ zI^Iz@gbQvHi!Gv_3eCX1dL*2y(DZ-!I@MM;wb&m1Btd!0KYV>@+a43ZF%_+j84C-o zbCxXbVU9@U?(hYAGJrWm>-GUb;eSKxI0x6!+nt`w^(QFG6+69JG=0^gk>K9 zdIpGQXM6Cdlz}H;%1xl*K^powS{%V$p#^$P3z zs>+3=)5S>FWG%7|uKLqrh60l-SxK{J=-k2n@^O~Du8JkKQhYGrr z3v|~2pnTdvumt;)P;K8PoCJ7%2j`R5t6YJw4^tBoaBJW%Zg1axy@AjAUb}QQopXVq zx({ot@4ZJg?Kx3{n`Mk8D_TBmXzsJ=d9`JIY+l!&y#P>$HRNc?VeX*$=zkVCK zA_cn+0RiN?9F*3Ud-cqbF;O?^VqWiwXp}*(H@I#^xb>O zPPc!tdJqQ$9MvF&)45p5GaSv6 z$=11i+YCQx>`(UE$)J!HJB^$;qKG(|&QC?e=B8*9;O&|~?UtmJ*^Q4Rhp)c71H?sm z6DOcY9SrGUG5o^kB2qY*YG;Wkc?D5>G-xr{MXW@6Aw{UcU*vy55`K93 zKlhjkSLd5_pRfOT{Da~m{s*3}uID8V9b5`$+s;wM!=$m_(MO6tA$00u7gEIA;&#D+ z0^yFQL80Se3;%1^fx`-g65U9cVK^iWnd*3{aduq)%722R8JS(Zz%b#rT0_J0~lj@_{Y$+F} zil@^m;KyPCGfBNN-z^|?dA|!rmghk&{+C@3{Ku{rCQb>f(%TJ*-)iE@vvF{8kAso= zG?r*Trha-8Twg{YPZ`m8U%(Dm0I8>81u_fL(q{l5{CLv5Z*9MFdAzl+HDXy2-CfgZ z5kt}lE#g5$;+l=3jOSH!GeQF+%L#Wx8F@LU>=q!yl5$AI9I#Y7?bkAg7Q3&5I@&tF z+aR&*(i0N;9X7xgHSc-Mpx6jEmXm@oLc5bf5NikX=TN@0lh2_kgW9bhHPB3p|K!mN zSY?i%d0J&VcfDE9+FWb><_rf7LQqpG&0aCfCBy_Lcu6EM%>fuX%jWD|(SL0O^V&cL~jlWH?gs(&V z2s^HAJtFw5`@DYXW5pb)889}}b~E*d@_ngmixs>0wGWW3T7xIG+Ytefz2~AP&}Mpj zcs_`k=;`p>WjQ5yB00SwJVrZqRdD&f8?_^JAU3KabfRCh^WJy~&0!_qOVstGG+l7| zr%h@9!zO*6pI@*q_KsI8Z=(E9KopgH97!)=N~itn4>lBkZ|? zyJm1k4?>3(18!$0^+babA^tO=6HyRH;ewG`Ko2rnBNI)vKoslQu!Pp=m9OP`;Yim@CQyv!uoDuPA@8NlN zm9I=eVWy@Sf~Z2BMDt5y9s49Bn6MfQs0|tfya$C4)J@pK zBYY-7a!-0mcKon|yNrizUW45CRa=cbsw3@48W!9(e!wm6TDy}uwVg|=qTXls7$xNK z9oMNX%1FM2&J0VTa?|L~NTs>!jp3rv0f*pIa1tP|`vE~fd}eq6c_uwd58B734f>$C zpS`NE+r;AiqX&D$IA56KW2zcyirMJLDktkhGBK>hYEu*g9yDb|_ZimJ(Wv0UW3hlxxbJ$g`7CU>k^bA2(6B&URQxyafF(dI?tmnkpG^=N1QbRb zIG?|FVBsJlSQsU61x_-s#>0!63dX+IX5`z`TY?Wlxtp&#na4ue+?xm4QoP`Tlq_-a7^itsc*;qV?J4Q9pGWOI z{wNqdJ#)9+50V7jkfkodTNfZX_DS@j)7`-Le8qCq0MYzCd0XfZ*e#QjV9`ja@d7i7 z$}8+P2)Lframt%S6m^p5La~oax zV);y$IboD`o9UNh#rrE_(t^@0JM^8Epz7nKN5W0+jfkwMwcwQB5@s%(^8OLl+F$_R zojpkOP@FMKoZPcu;0~c?%O|A#K`ukj5~tkFLY6|S7&G+8c=W@ zPe~0{|DUk>`o?iuMMJSN*bZ7NEN~gf*O6}T=)U|ftbX6=9B6N_byYIf4JTHrk1b+w z=E>9ftMe~b|C=;#MsjkgCd}DGk~AFpFIZg$mNZ{ySwc(n9{VS0?!Qb#MKf_}`2JsO zr?8|s$L+^|lIDN0`W@RS`92}P@7yOb?xKINy6-}4*PSv=4lHT@{Nu}CtiE|pJMD{- zOzBylzIkE&_+w@EFIL~YoX-8Z{uiq+ce=QK`-|1Ry840tN}7v%FTdo%lIH$<1c|my zuVBLik^Tqj8{VV3Tes=m9lNi)VM%k!^Q^x~bMa?yO=#X-sa(L>D=go|Z(H}Z$6V)T z;(lw(#uFvqU`g|CKkD(k$8MCs>-$r`U83!u!{4ZGlDqwn`14K2yaMlv#RCu|@}HN7 z10OaWJTASqe{ECoUiFFx-lqSF+vET6yx1LBSCkJ+ntymsaGKnKjLqlEQvJ-4BL`HR(o13efA+~@~ASa&@I^F1JZ zi6)mGdDdPW>E0{hUTK3~eD~f{`(BCIUZO9(huOWN?Y*Q6y*uN*Lg&2{hyeY6&R^9Fsd{Q4MD`=(<18b3q3nFsoisw7$0``GRzhtDOM(EDG}N%fIQ z(F^x;X-Rb{_HVg$^M*aPAl0xgm6sH5Y8F~(OF#<D=7AoI0Wk3Zozb_#G{O$-1Tp zP%9OpEj{cnBH}?FMY@6z1O3}rm%Bm>QfwPGTo?{>5Di2Of~obGGJpoj2)z*SAGMAs zGawg!Am8~;-r#4lZ6B(66??q&NP_g6>3unjpUDz4s3~lv2IeEFU*7O+jO><$3lsn) zuY=N4u~x?#K30tu#))_|4w=5e&p0S|$$C@dK1Rr`;P_@NpY4rO$7t!mSh4+>UHe$o zokGUCLd*GBEuCTzy5h0Wczs+qw#9h!MH{mFcuVRyx|X6!_IUficuwee$H90PVp|*R zvJd`5uRqr~?L@z{QWC<1qM{-Xo&q1aqJsUz;7j6Y7;M2*aY9L8^24Z(OEHKTzJcG4t%%XJ}NI;ovjnt z(iYW<1~{-ydYH{DR6hb}p*v!M;DNfXGKQbdisE#zk@9BX4EffiBY z43>%Y7KZ9E;5RKU8Z5he)Q5I9dEUqJzRg(9Qq^>vCq)WculOuH_E|J*Wm^a+K|?1c z6s2(aanCMupG7y^Lp4=qrAIM@S4wcMM!aM#jruEoyIO$v zs}RijbR+#kyVc`&dNE+8P|2yxT)k5^P8e2?sb`9NuE~k2OGGPA&RUM@sRPV#7Fp_i z5?#xFv-WFsyhzl5gU6tTXRTRreLQZxnZEiP!FZcddn=N1XOltq-a6Bd^#*jqlNW<* za>Jnk0|@IzyTL|3!3I~r22!qJS(V|4=%*p}qH%i3Df-uwgBzoYhNE|ePraW_2P=MTf*+8Y zu4GKG-fw>lH&N2w_G#b#xhZy~JORBo$%!@oZM5>NJ^P1u2LZW#nPBI4mWip<4obvM zUsXGDf(aTSA9|WLys>GUqa+6M_{*m0+VzehnOO|$?yjhruHx>*!VZXUgVxZ@D|UA# z*G#=~ch267D2)fir$h;Rbr3TI>uiuWi&Hln(DF%8$wKIt%-SH(y``ppMzOcdd^{{y zf;3L%jh5yk4dw(}du$B7uaKo)V|8+P>Ts7BvZaahENSs^nDQDcav|?Oguc6U+gELW zM>qLyzIy+0eINPvzUbw<2lRs@HVf8{eyJ-Z8QCofV{utyC3z>VH!AyrvTp@dL=+w* zl$sA-_74JH4sI_G+C41J<`4KO4`+oeftZIA_J>+EG1^Q0x-}yD4+;jxa~dk*hC>R* z5wA^TE%XT4ObJciriqwSDp)`b-*G5d5gt9An_35oSeCr8liid~JF@2EWoSG~U9@zJ zShRs2-JTyMuvu?R9t{dxhZ`QB*&Q1qTVpF)|HwU7syX(CBFA_kZ!>jS`$yCSrU?f? zErTAcMM;j`>1=xOPTUMn6va+%>}?$5Z0560Y?Mzzj?yBJ24j&sVzy)w87v)^Y~l#p zlV!z{C{0spSW-)jKI%v$=-8$q8)if(rR&)4CfWKlpI(fg%3jz`e>v^^bt*=FR>fi$ z*>$=|V4bXD_Y2KV+}{q#$!>Mic31dpq3ujy!mjw}xFXLkpCp_&hD}oHy2fEBidN>%7g=ycw&#W68ElWv+8cw1>~QkMM$1_5$wC zzKz>~&EH|};%orAS)AuE#-Qos^cSu(UpU+w_Cu$aE(U8vXFaDT1FhyM*%ktY7qKLl z(@d6zq*hfdSDZ}Ntc2H>BsOcbzYRHv4?2F{cWj3`o=`Y$b6mM$USY^y9jJ62LQUty zY)_E)cReSLJg-i_I$f4r)vsUSzg%?%2yGyyI{tzPf7m{C>{o zT%F)dVfCFTqW=X;0=i{(pC$#!cOJrXS^nX?!*LB4dGx&X{g>x1!iU)#9T$k@^^E5= zD8dEp+jqqLYsUy@tn_pA?H!C|bI`Coj)^JmHxdHX?^vpOcwUnDkH*AauFw?Mg$~zW z#W$p-nG{5#gr&}uiPvcS=j3uG;OVU&gwR{uZx@&*x72@JP(R#0I^H5b-Y`#}uzb5_ z9lo{YzBQ40k9Bo>_H?_$?iPA@`x@J=N&EJ7cN*`9AKd(Af^ud;k9$0kq5?z^(Zmft zuODKG@5TT8!0rDrx&Px2r8^(CJEN*Q3*#-9$Q?BHZj#*{;hS4t!j96iJFU;G^5dP- zD_Dfw197THo&O%;>P}PFqYvX=+v~oI?Or$Cqf6;t|J!}D!@a@sJyx8D6p9&cw~1-( zU01t%+V6XFY;lIjabqIO5-CqoO;24bPhCn+m_MP+d!Vd&uwI5G?hnl(l}xrhUGgoR z#jW0BYr00hcQA2va(;C9^WggE;RbcK@)q~NiVU4HZ#hIn~Be6W5D zA^HiV^XB6J>0Ii?vE}8fEY}WPot(j>DYjbW2fZW$DnDia5*o%0$>435S9FsUQpt2 z1s$y!?w1cfX*RxTA8tIlNfsxPDNd7fekya~;Bk$jG6v%^7vi$Q1?B2K<*E7()BAWJ z`wVY+fzbe{5GKRA^jee3H1Ft)jOeVNg`quu!85rRiDW!ok41kpMK=4l$a5SLV#)!hI8wFb zP|lI2_fK;IL<^?TtKZnxOM#(U{xRFWKmGNd;(&06KzPy2sFmq>GvFU`VEZe7fWQl~ zy#KpIKZoQgMLPLw@c{O(FW-oOCCmO*+h!~InT7>GBc`CxmGCHi)<=2j`)=T)IPhos zpD1SN6$%glkAll)a}EAi(p&%xkVZ#@mDj;m1yN|Af0i~82Vm?cff^xMi6mTHMB+kX zUtR_Y(|WGT_J@^Jlz`Xmg>6I8G%RUO>Q9XG*P*j8;M(v64SZ3g=A%C;+=~pY1}i|I zU=Yy&vT9TcJF8adYNOq9z2o@<`$h}m>{#{rN95WVP~idfPpv(P43KzgQ8K7@3*djr z#em-U`XD@!R#Wz8IvA51R2qllT|^TT!o(s5@-Cqvjc8>#V*$A84v*F2%;i$})L*Wq zBXLx;4BE={0DPrh90|^QKe3w(OzUA6oa~C+5E@qr`(W)*DI!PcQe)0 zv3n@!XTsQ@A~z%|B^K7~ze?yWhtg(w)5QGvltH5oKA}hR?xmN8!;h8-3y*>#wCdr+ zv5nE^CyKz4(5c?T^~lON0teuw*~t&!r7?ha$kIp?jm9$DIGIZ^23$N}()q)eMFIOwim6EqOLch07V+2l^SjGiQ{i$U8@mIVwj=*qE4WC?5w$q6jd%ok?+YO zRZ|jwSSdzlz@|Axbd3YB>B~xs>7zsd(N16VbJlKt9|bCh%Ru`MP5+MT&)L^NaL!6d zFxiVHofO5Hl#DhDaE0Y&7C5D`8y$$WgBfP*0YYKC1_hIk-m1`VzQejFeeRtFCU zq89Q!EiJuz+Vy%!unzFha!-bkG#&Iq#O^@2BlHpnP)P;UPZT|?dU%v=wcQBa9_kyk zJc5!RP{dk}!aoE;?-iysW+@O3lX`!|+iY@62Q;a4BM<=_#iTFM?*d7Zum%4Pl`dN~K7*Gx#c?Moi|tdEnjoIH{?6h@QL|Hl`XJFeFF>0Qf3^ zL_#ASqbEk?R32o8_SU?vpgROnf;L(>M4~>ZD(}Yh!-X5w3;YiJ(`sC-*zF!s=dpk; zdsqZwuMw(8dLR33T~c`CXKK7?3h6CqaVEhfFV*>!Gv=sBDBW4wjX#+fT zl%c5;?^xzCXx}mV z?z@)=?=w?)kKv_V(yfY~3o7}t0JEO&j>Hkx0#7<#ML!tOC*C zg8{$qaN%e@7r{j@LHH$*a2CB?G+H=&J!-C{;Qx|*inB-rQA1#tY5|H5_^^GiGY_mv z&Ow?qp*Y7XF)D*EEitpT(KjrB9n$5mA+J@CMnkOd=7(nHoNE9DK_qyZaAbSKYr49-_4hO}!eI;-?UgLIne7pprit8L-bmfMd!Y6F^zjRCBBeV((W zi%lFB!daV_DXB8)tq^#km7YavdO622%gPqctx$J~P-372KJrdD>`H5TDj5)or6?HF z#S{TbQ3kZv^@77#-~fLs>362U#3Bt!_^0TQ76nRX9Hs${_a$;lh8acgs? zr$bumJLO__(u1T$==G;p0hfMBFOnABzkk1yhM%wiV6^n0P;v_gEUd<85sra8UCm7= z_R!|B`$qoV(lg?f^&cH*N zC1jM;^uiOe7UU@@Q?uDx^%OtSF%-VPt01x8M}myQKgr8Kljd>KW|>;)pl1=39hstk znN%6t%{+($38C~%-Q+q4O#7JxUkd^PA6^Bu8rejVx3v{^@w?ZtlF@FW&^&!@s_(^g z3B>@?AcZvbJR;z{?iPdqRNb2JOfSA3RXi4N<|j^4yXe3J~PZU(GGM5qU>ywe}MjI6EwaC zkozB>>v#i*Ig$(nMMOZ;E2SoZ4`ZpM`v`ydrn$vHiJ>Ap(dqY_Hu1NwYDEC-a=&)s z#WcQf56Gv7$d{B*231u04T{qKE`gsZuNoG*uY5I93O^Hsa(;+J#M5rZO+`Y>E(%aK zxjXr+a#5F(r=Xi3y)=Ay|2{gm2gK~xwEM}k;hIc5X4$PWOf;!=dGp50WYy=_RaLiQ z$4M3n?=jJBwF`yue&TV<&Fr9Wuyf}*(v$BBQFRE(h1Mf;R-nE&WywsQaT4W5W?pG^uc5dT$7B06Dv#66%i!2@DubK2GeezFj^S_F!))!~> zyf(mA!T~U0|L|YMGF%x@HyxDG-yq&vw*_O!l2qPf($*M2DF_iMks)K3LzGLIR9LB; zB|vo2Jq8+cM#=%2wOk2-Jxql?EFEcVSt=H%be17d7C5OH34qX9#BOJXVV>mYF@q95 zLnZ`5d;>z#pJ9deOjz_RznEQVgE5+DCMjsR);@DVXTM6Qa+4x*oYB1UBpC@CekCbQ zmT5B8_*qy(^L0J-COIvglc_WZC3g%h#njua1ybJIU0%sW`kHqZn{MG<#EhGF{F=F2O1 zTKPRX^TlElnK?RbT=+G4buo*LL2V28Ag1IL=E4*fdU{i>-p^MQ~XQ$NE8cEFD+Z| z>Ycvlp+0o~E!shPZ*lNwu`&&V@LPIMogsX_Pv#sYu*EHp-xj}J7*utREdPph+z|n5 zYdc&k@A<2K8ray~1NAXnCnsbEyRbB112u%@m{Pk~LtXluMr}{0c8_ z$i`5~#%YBqUS+}gh$-;)MAfV;acd&389xcR9D;AFwo{hOaGJzX4&W{SD1>Gwdm0Tc zS7l=UWQU$=#mwev3wA2^3Mo&A#$<5lWG2{p6_(5DmnWJtd(|^1_AzJXm1l*hp?n#psJUWt&gFqkAtnBuc}{+Z9tZ-?$cb%u%>I94^@oWbO3l%d zs<9dvR%iRIRyF`KtfH>eUM>?Eiz+ zUjb0+0N9*xM0IdfobZfw@UJ)#`0EhFIT7XR5LG#mbnB2zIFYUEkexYEpk8(Vf5z%5 z|KGyu%TAF0sitpRha`^9ENt%|e=4p{F05!D7(4%dlU7{a+%vd;d}i?>{`UUSKRL%X zG|4&gV`y4IUS-4J#9Vn}`~N`n|AFWub%p(rAX2y9M6pccmv26CU{6`j}vBvWGQnk+t zxe84ciZ!Y^|xr*OvHru^_oNbPOtKIGn zLO`cfYN^}pkHTX$o@n{HKb%CXn5WcQe>k4OZND|q+HgEwAQelg+}3zHU#3}U4BN3h zU#@#Mo~PX2e7WA@cD^;){_XpAPbfN-N=M7h{>VpGlc|o@AICGF74ua(+wRX-8tk{H zI@=$=@AN}s{|BP~zl7)(|5u29IArhqZ-`$1FNl7f`N!$*FGRoiZx9`!$7O(6)8|G8 zLpSGUSl!7%eHbptfh(0pSNe98jXRS|<{yYIG{&YrK{;RLmdJ;Y^J5CKztYevj^cP1 zCuN^{H>;H1!t)oR-$$w^8s07FW$QJK>B1m-ltKT-{j!A{@q@H=dUbP%t=wOTj`#CH z3I@@?eemG_2cqwPdz6Gh^cMeM#=j7~!Rx0445GLA#1s96=%M^i5Ew*n^~^L7c{nPV zUiSGHM9Fj@NDQf*tNH@D{cIH;Dd9 z>~xxltn)l?{#9#hhNAe@#nu0Y=#YorSAqRmCeRBx(AlDMaCy7Qe?oLE7(^##L(=(f zH$T6951-VFn{^!qtENBkjr5xMTnEP?6ar~iAh;FR5dss1SO_D1gb!!oP-=@Ecxoo; zo>iAfd8H!U^o&l*XBXY2b`zX)IgZc+`>@S(?8ls+1BNnRBQ)K2KxXpaXzf&E*Z0kd zobLx;zs32W@v?)DX+3mNsP1QH_^vugUJ3^{`NKy0J3QMmIfon9gh#h`1hKkua6k=! z58Ib2tX6rJE7gP#78Zn04Kk7n^>0%0m2ZDxEzzlf$enHp7#L zp`DI1I7F=g{-^?ggmF9NJ*5fWhPvwtbaSb^ueeI>)Uy7MRQm4UR66+Isq~(AW#5-0|fBFQGh%+VmMS}$q<~dO88BG+ZGE2 z&1_^qDbkHi3q*l1IRW3DUitXVpp05@D#VZhG=e%19uiUjF~m+{(XNhJEC}TJQqgg! zj+Cw?hsFa?MuMRA6^8^11Qi=&rXwKUF1a+Nf+aC~3~!zniy}O#3R%x})nb-HD0vK7 ziGk>Siy@&cU_%Vhh&jTHUg%$let53d8#Am8@97vK%GzoSKnURh8@?8Z!suHB1n2Mp z%6Xw9b_g?XCy|57-n~AvrXpG^&ib25AF*IHNE)~DY)J@rFmxVYm5A~9=6cSq3$%wL zT_~u5s|z;RwOj8rf2^S(ST^o&*YEaxXq`cFq(vFm3f=&e2#f^l^lNK}oD@_7GFSr8 z-*3BEE;hFi#5&Cj3!FNIw;`+sw|MVpWIXhsAlyh`JF$cyN1pfMV(c7A&NU!T zWd%2dmVw6j5Sy-~3kMmUO2MgLuRXk4q;C13(wWii-H(4yB=z14>rhpYJ*7x^3C5k{{ z*z#s*T4f;wH7=9>&Gz~5qa{4$wv! zz5AYcfF8Nzn-{g#)Wb41ER`MxOQoC2ub>yrXN-{pcsp(RqdPR(Wksj?>V>NBuv&#t z!pC_yrT(VU(-TFh?Q4C^aNZ-k!cytcR8fHlYTLnvi`@~b<(h@Qk5tDLJF9zsK6M;; z9I#aSo`%#BQEk#ltynd(ZAi-!z(>$|`D!!ZH)M%4sM!!50);1W4dJrPG^=?5M!KRAFf ze6p^ejL}lK(V9$P!7(*m6pK`b-T5$HkQ_>=t~V~w4~P@+N&pm3#E~c$I-w2vsOtki zYXWy|LjPdAi)#WQ_J4~P)@l)f`reP(i(+w0QH~{}4m`qDkS+IU zEX(9UvVsQY=>f9RxC}1V!Zi1=84&3yeSrKD5v!zEPk^8wxRf=M+tYz^9#t1q)&nJh7$D+ z4JHW-o*)IbASI3<4Z#yL83_duGbIT#4aF)m?Grf_2_-cuANms;{V6#kDkU>245F7a zbB~h0dZKv!hL`n}jklGY{}cw%!-QAaM9ay=S1BY`sby@L6{E@JMk(Id@=1-dDf^JC zwo<6KQfmt`8|af;4oaKC?j-6%j7}3ZTiGlH$xQ^)99GkuS|zPp?OZe2Y?;aJpVGWD z)4lc67kbm<_tLvv(|rXq!dj(+PLtiD*&3sXc#vRtQaY<4snxPj&)fb~&?nJ1SG7 z4_)^YW3N7UXE{^)|NPC2DRjq0;#qrthZ=_xeFU1eqRBUp&EUyI>n1xxA`JY+DW2mKAQY2ym z<+2!LDpEv!Ba~T~7266`(PA~xnAJ&(ZhV5?2r=sV(i_3n6V{6K+gQvhJ{c&KSlcmJ zR#4ls&^wa4*rG8y$8fnSFu2)Kd!5nwWJP$`Aj^1TK=O)=R9VqhPPkINokH~&iFS67ree9G zB8l!giIG8wJ}cP79`9WxiDfp0^*DhoE1tbQiQ{>a!8n=oFI+ct4%fDe%WLa(v5NJE&YvE!P!O0)@q?P-N?3$^0p=%>C*95qOmq~miC6-HVO3ht2gZ&?_1Q(+M_DkqmVmV zW80s1+cj9*1`HTG&L^qBblrkGqa2+IhA$m*BVewBj{k_Pr`^2CPIlfmM zzFkM}(CiSL+P|vlA|qiJ13oW!kxGLC7qVCweNKk|uBJQZjEI_zN`D;|ip%|%^a^5;{EYU^U zg@;Sg7Y-R6pkAex*qhoZkDJj>w)^n0kBD#z4sH8j|3AJ zqf;GYa~DmgN~8-N1cU?t;$n9)q<~L)iGZ2O?T$&{totsChmrbJx&KsC$5eLkczVYO z(guO!uqHf?m-wRcm3-pIsOiy`>36zb{3ir}$^OQPeq?1lD)uqpW{*K~xM8@@oi211 zL1Na8Y1Z~$YZq7hkJ60D*TExl@bttm$e@qXq0i*TXq?wrP;VMfbb^K5(`Cf3i+^4y zfS8YBMj(DlS(%c$8t*cPfK(nd)D*j^$MN*y@?&^9N@j|OeJ&Sc5s)&^*U?Vf`RV8J zhsMFhL4OVt(EvA!Ad#U3VgGqs_C&!C$mgMY4ApPsN|A!HP^?xJ5P#EHfjRNsy|J>~&Z;uAU1a1`JmdZ2sOf zk+X;ea~P=Y2ny(HaRQvxw|Ra0CnrY?U&j=ey@N|yhEs`?3z$aaSmzK0Rs3{kDQT|U z94lj6wSn8JvWDNAL%_uXX#SH!C$8xgx!e%LBviHH7-3qD3fS8dh#V&dOpa{6O2A9L z-2Aw?^KKcqw+9rY428P}isfxQRPS<%9GJo-I`JiP%k90nn(Srg=o+y!Cgd6xZdnT-X52?@1kywaBWO*J00%kq8w0g9I*#K41cJT0eyhI zJ3+Qh^L8B^Pv{&w{ogk)3TN<7Gr0~P5tYIV&i0{gih*#Y_1g}ME?MeMnEmv>X{zOV}FVBke<*C`}$ z+k#_ditLOlkdWspj5z`15%pJ+4^aYYj0x+UzKl72%`;w%iNXT9l3r_bmCBWk9 z->qO3bWQ`@pvV;UJH4|@tnMF1vwMFl=wEkW74&_0L{uyityifER2}zuwXgrd^_3_AU7I*}wOACDO&`hB?DqS$7s3P^}3LJY-S zQqKJ=Cg3~yG${c9pMFWTbgz~GjlT!3$ORcA=~vnJN8hi{e|jIy?e3|z|1f!Z18^96 zAg=)!Sj5CVArcXoB);-Ld#M3o2t+D80ud7sE=x|KFafn9DI5ai1aNQCKvXaRF1eC7 z4j?Lw8bgEh1pc5bQ8WOGNSbOUStt`vDU+pjs!^hx%4nm(ANeXbLy@fr7! zROdpk-f}X}5l9Gw=#HCRMwLs28;uCNEY)Ro)R^1|rE$TwI5r~yTC$^0f;UQ%JQAp6 zR^Bw!Xpu~~V!*0p)95e;j1=hD>3)r7+h^tcF7!oK7(_Q}zke>hvtMg++(zakdvx0B z)Lb7dGx+8>fHhC2^-=ISpAFdrO_n(c7 zGQr5(=j1|uWEKb$HJQ0t0U_smGca;XI{*P5`E4+@W=W89jOJV&T_=$x-AA^E5{*Rp zKXolT{cz}UYLWn?7icXcqCSdSoDwkN20?=>=%M?=QqVK`hb|*X2H&2oL0wLt?1%ar zMn^@JpJFkMP2`vww1qtW6WAjc(tXYlbvPT-0^-!FsX{FTJr5cZWIMn@m~l`qHCn+> z?ATP_@l*}7d{QR9$C!2)9B&*CE2L1a56m-iGY z4&X7;dI#_X{B~6XLE@0GTXFVMhg;eAqn8?G+k*Y?HJN1D@8htr!8bWX&Sf_MN^AMZ zajY&0HS(&#C}f?k1~S{}k4wUnpGbt93J$csN82A!JPQTYnMB4pT#(XWT#|R913Jb} zJN>+GMlk~Xe^4M15AVa3(H4fN439holhq3Xh+MXWJn|4uBzQvoPb3tj3z{hCEK~ue z2uRSe`6L~T0fJuP?a`Pf(*2uBurMiX;hK=e7IR7mRZzP>MVbN|-qf7HZDf!ug3TKV zthoJA;fY2-YI!6ng5O>Bc|wz1m?>62Ow;f_?>I@=f)%h%Duop|gT%jMW+;gWffdfe zs9j8fRPypQjSmR4Rs|xgz#dl9*FofArbxPIJtIK`V&r@k-e(P9fDmtzsv}6O)K~s& z!Cfw*gGEOoCyMGdSLIKCPC$zt&e2+nJdkTH*$I(?%(g-9XWgjUpV59iMcx9XtvA>R zLZ+08Hc4P0i@2;nNFlCNSQtJWz?3`*VXaYiSF~Qqd1Ln(XjMn;3G#%z$oEr1W&2D> z55m+^Qm6&fzWc-BnNf~qiumq_0>#s zYT|9dUwK|T=KA@h5hXP_B6|_peRQg-_WKe{+R+Rgt>~~POF=UjtTr2?M;=9}Jv`{m&RH=@ z=U^AWrMHMnSXVtrZEt2zQ1=j#g8KDfg0ozI^Z7VO|L4I6Nn6ly@?7e*L@^6l-&ktm>LED0o@`ZSK}eG{`-Q9u( zsdOd(KIiPy!=ChH&ujkGwcd5Fry-Au%tZ0^GHWn7XFl6YlDzYyM#|lX2nn*|>88>(QQ%&E>9BfV*CUdavT$K%3)7!;x#`N{HsTK-c_e-n1(82qQ2e*bx9?c5Vu zP1pG8(Rsgi@vT^B14i7dmmq7;j~@!ryC2kPvi?H!sndTT`ZunD_x1+0bhG#^uSMYC7gj&L4b45BI4EvyfD{M&kCx@;8wdI{qh<^Aaoy(aVzzAb9 z8Y`<1!lw5JqVIi@$yo%j6CvrO&`Ir*;3$NU5BIBT4Q!ssWJ6)OLI~3XJ-0}foB|Y< z4`|N~tl1A_r2rpt0)NdCE0ZFrbae8q4p^MF8~2C!K^tw01>uZ;Y&kU2E-Ny4_GZvg zOWeXCmUz)W07}b42dK`u`r zoOXmbU*T;7u14svK$=1X>qzqFw)kg)M0mx}Ir)@+MUoFANhBi~HzQ&zBYmi&*|ejH zCnFG{(Y(_xfW>Ihvtal8(UJtE-)~0c(nrhtMPCs zL^hISxk@2+N5~GP6;8jBTx>b~L;3*{1n#EEzAnk&Qf!{MWk>A%gQoy~=G`HGNt@DGQ*N6_Y@b&J%K&nw3w@ z5GzDdxkY}#G=mq}f~2ak3er@9n{6Z{L_-0fw@Hgovx~;XfTSSUAymcYbtx9FrtrOU zDPG#B$!3=?H79ImqSEpKCHeHcEJM3A{vcWmcRXz(S_3Xx8RAKH*%=PU=>n4PdoF`? z1M1g#@)00mg!;D0Mvo94h(T`I>(;CCf zOyL5h0SZj)mRgGLbN(_aT6791Y-FfFQk6nARiF?0+1zjnTChnOASL5qn9R|axm#q` z+kQ?8^Ap6H5v;`9I}P2BTS}auFY@x zWy+NomE3I-V8d$dSgs#AACyx;Q^!hYM$G^_7rI#ifLvCvj8a?EL8Iu@Z_b1)=yc(D z7C4j_*GDmzSc?M$7yv06$iFH#uQ6TNsu+c;0u9R@?Ea|>QC8shmIS+3O6u6y?gj# zL|kEU3 zb8!qqI`Z8;xZN(5U9z{kEc6xwXXXqM7ND$MdB}Uv&nrK={Bi6$T5*y^zgKu5y z`t19GR)_XVhjYS*c2S4;={9rahYy`L!+|!O&xf@uhpMDUU}jrajHAzDw#I64i^J2Ru$^NRMY@$JyYkDU3Ai;V25?Cny& z9`|J0u~i)FMcGA&+2s^0R4G@{t5heA6;z4VI7v0EE7xI&G<~&b3_1$tv#+fx zO39LH;gjk(KW@zu?L?63wlXZ;w{P=61t%Hx(4T_UB>VQcn&~YDCuNxe915E3M?4(F zvmCT#Py35jd)7O~=j|YqQKwk&XVte3GhGd1_?zFII%nw}f2f%(>Ig01OD=a&t&rQ# z%bnGN9qHp857!(gj88YR);67t)~Zali|ls!oW5zCyPcfPIXH=wpEi7Tf{k*jusr`h z=7eSPp%dpVi1SYjmqC)t9d?(qDkpjs7s#i}@lcmrV;4B*OPY+!Ut=!COD-E?mnh<4 z7{3kg5L~;~E(V3KC{?eJjIWR(E>k#Hci~qnbXVBP%LLYDq`E!$-6rHyCS<=ID8yHZ zoL4HFT#*T`&w&uPaT>Q9`|B?s-DpIwNxCmP)UMkiuRo1k_ZnR@WrwhF>=NI*VRT1@oi1xZDs$hrIx$if}5`M?Ym+N0}csmVz+ z3bgc!=L&Q|^TBdq1b{<*TY%5I{}w;bi3t-Ajo5eq9C{%v+y+m*cUcg}2?`9b`3QJ` z36BQOcvWzh;RKa@jIs{Npa{uCbWyq>9mt4&Y>AG(97kJd@2eVo zI~nO1dfgE(R>}fE@=l`g&YbcR-1yXWkIADYy@>`GekVP=I#Dt75Ty4jo&O3F`Z^7& z&3&QT92EWjgYLvsXr>L)G{KkI*GM1cK3Ohg>>ILr1eRT(O}X192Z7bRf2g@&5%}kP zs+WJ7OnzBPju-i$zsKwCKiY zs8S=+u{n~l^0Y~LT(1tN0kYpTD-Ggue^dz6LaXTpIJQ3in6@cQ0+tbAXxscVv~BJS zhPKU9#s}1Oef`=Myw2Xn7jJ;+TT$3QV^`<_!U>(QLLRoZ{UVv)<#Gwk0gX zI`lCOiB5zQ04)Y=5kt|unkac%qi5M*pS`M+pDE@L8cy~Gt5KdpJMijwPZ{#b=jrkO z=f!XS?r%oEoC%EemHgO1bs23C{+$L7r8E$sh1d%Rf|wI1M8^OkL2IM}p#mF0ai~Bp z%4rfHo===J+DMYAHeT<;tQYref*}nAO)$?`6LwE;Ix3-u09$L7$kIH5kh+yNUe$^& zKb~U(OPd1Wj!_f6Bmoc423J*3D^cT7D?i0wQr}9E1U3g+IY*k4kmL%Wg_Cz4OvMfW zDuxuPSYIn*rGAS`FtmVCkz+K!(C5<(2X-kH;%j!yTyEF9MHNCFXG0wZ9Pph@MhhG{R!oK<+gBjY#tcaT1$km>hhH_Y z%1DPLSOY%6rpMJR*tJ*MEb07>oNGcO=OP94iaZe{J}9`pZ(~|^)5aWY)~^*E3hhR* zs@_jCDP_7ZrY6`y0GaqVOr2CqEc9K!*aftb$HktB6uukbYgPka(k>NH-#>E=^L>0S zCO}h#1z;n*i(n7N70}j@tP;_3lVm9Fuo*^)CbjH~cT#{Ov&sef7yxT!V=rw-eV;uvMY@V)aJY(w7}h!BBGrk^_gIP zeI^hWBTrtYz^co7Ca)&V=Dt$F-6cHS#xIB}?J1HVjgZezebp~_D_RQ$IYBB zkHM$H5p~6)i?=~OG(;o{YRN(wwdg(_pK_W=ZSvV^!>9{6^*CbgIrIN_-8>Br0HpgF zi;7R{-x{A&Xo5sjBZ7uH`J@2iOm3v{p+!yiCdAAl=-9&J0I&-fUu+IC!z3wscq^kR zf)ucxk1zqxs6M}E>7|j}ur%MEQWO3tk}=`pQsRN{CAXM{7qgI|r55nT)|&?4Gnyi+ zfE024DB(%9C^4)K{VB#1rKBrC{=Z4g3rB6_;0z$P&h)X{($H(+M=(C#ax&Y;AfiFl zuczS|yLr^fxTCM*X5*iT=;AX%L>S3qJQyoBrS%8_1XghgO)A@L?-gm@Tq7p7!57jq z?2Ww>i%ISmv9gZ{9am%iDb{DWk9u^gVq?dZGS{&mkQO>&ugaaiyt!4*h{S)NS60d>4;P{l^pU3kldM$njX^aLMj;GPJs(G8 zb{HrrNeN0>RHx4ADVe*W`S{NEGt&@)*XTS3|c}ncYi;_a^1*V&;HA*J=SvW&mSO zUx}6vtXpIlJUyjGUD{xUXl|~uDf9QfZM;%|qh^N9^bk;hu)Lf-)m zN#)_4Y$3X7x#)quZl{)oi-xVEu>n<-7K}!UluR*Wcoy&&)ICTd)<1T4nS|>0Qp|Zj zP_BDdQ*H{ox&*V(BGeJI(&#%$t{)g4DkZm3);dYnlpCGn_qVekRC|qlnt^^Zd62D! zy>Iz+QCN7paMG(Kj!|X!e&13(8iBqowdeef672tqAL?UzUC)*YY~j+W#o5yYwTWmB z$fAO0$hVXHz?K8BOfb?an?GLh^Gy5En}nij3QEgk%|v`w2#34emgD|7DAaHz?NVW` zdEYX%0zq+8^H_OH!;s9^ix(OZdtebOAqdd?>hz(weHVbcFu5>s?$I7@!AT%9Uh~4; zB))B%Tw*H-w2dlMUORU2-xUImV3en##~tAI56!%KRr*Ff#>0_#cx9gtW`vqYv)OGm z)XJbOUA3XHLDqI_@Pj1J7e}WpVg_11u5Mq)V-{c9ALU{&a@aX1+TIYAYoc=xNi0?gh z)^^I9XPSKsKpR)pd3231;2eMWLm7_K$9hySnz-QTPu0WRQtT5PPYVTHGJu@2(PnfM zq(Oq7%twg>mBTiVB5TcolcP4Ae;y{9ssbB z2LOI0^mTMwi}LT7vUi#H8{zjIon80h3u3AW89zo7G2U+}XYaSWJ-58?`Wb!md|<89 zgXT5=xsvCZ-VXLN0G{LVh{AY3tQ+U96caE!RjS4|^c>t><=In^q2o`{xx}^BhiiPi zWC->RxLXUG`l34x^f`@Py$)P_;0l8|L+#MY-lAG81&+54WP`Cbx^2kJpv)Yim5FXc zo;ndy@vw1zyN&=Wacr~!^Hm16Z5_6W^kHwKQk4?ONA_5n{iL6IM3aL$<^XKNiJ4Ef) z+nOE8zCa#F(}YK2Pe-akL{7`W8I32V9{O3ki5h48#7idIzlmk_?!SgVWLqeA zd2*db%8Vsx$k*j{tcH9w&}x z4AYrXN*E0@K*TaDN-kZHOj+zCsX-J*;P(E9$)Qy0(;PF&60>!zosc~e)=@LmtV}jo zFuo9tEcAQzm{$msUyGctU_^s!Wv)YM3@BLI1cGB3cY}fR8ioC5qyO6q95UDMRit0G4dftJG4@( z;$=J9mb(%jX5AwcjA7JF?6jqV766HYNSQoECu1%*CE`lRjJ=6BrRZfhWvJh z0;s8FfI&KfMYg0tBZ-9#4W1)e>dsrDuf-T+1iovdRGY9+olMo+R#$t~uNFlo`)nZz zZz&_UFGCOHf5g}9+M=|gR*1>3P2G7@M5D3|`jrx`JxHT7zoV11YiMTfGK-^>rR8cc zK(t0jV!DlRRjB!k&g43l0%o>jb)SKJpY+EJS?InrkCmjzzU}#@t4^R&oy9vLYb(uu zt7~mjSP2YK6`MO+TLd55!96dG1GW*muV&$2?__?RS;wL61<)1~vstSc(0kKIzdnln zfMMkxln*AdBDE|wb1RncvIh7Re}OI0yJZM23kZhn_ka6Z@@@Sa4?e7jQ8JY= zoIW%>%O;}hFlGEuzLGI=n=w*oJ1QzMYPLV*&Zc0IQTD|qjJPxg);bPBA%+h>?(1QE zn@l`=X#zG=;;Zk8k0putM@d$;i6|w>LGlSfrQGgJsd@bg9%Cuz2Wi*EP=cNcW)f~Z zaw%f^3T>x*pk)yUW$u?Yot0*mE~WT7Ctf+A`BLL+ZB7rmh6`nIWY(3Feek2l?gGWG#wX2F;~1Qt?0Ea^&Y5P zwyQLdt;#woon-!X#+-V09RF+wPh1{GeF9l$VyS_^*Qc%4*Co~j*)~8`lDBOm--(W) zeG)cHwN*L1n|){)OQK(Slha(QCQ@sZeOnQ;T@y=H6-x*6oaK-5&UKcq{qnAJmhQXq zZU_q);j|M!6O8|F5M9UqFGR2CS7RO6p6hVa9QX&Kdz|)zDu({4rr)uoCbEt~A$s2F z!2eX!StsWIr_jMe1@Q0y zs$cK`a%g9o>Nl#Qqp7u}s;RZDxjnkIsiUK*C?`7)FApy-fED@!z&oHIT=3n)qsf=> z@V@_a&;P^Ci~qyT|HI8McgC_`cXz!!J^Vb`nCkBS{TqP5xak9rZ?ox(L|?M$hsJlf z=?{`)+zPjaQdr+Dp*VvE575vnt(7GW0mwOEw8& z+E1}avfWR$DJtDhb7(r+Pj?w)I>`7iZ+npGwO@LW_4)4TAlnDwzbZH(^ks*65q~N; zF>=gD1qnKKM};X?Wk*FB9>+(;IYG?FB?U=#$E77jWyfU|O~=ROkeWf}lmAC<-n<#~ zU)}S=qVn^$)25U2_RB$*i;kOl`-{$p{ql>h=ev`OZU7?dB^aK-;j#ybq2jU^jsNtr z4UnxKL>bI_JxrVIa6Q6UTyZ_h+I)IF#yQ0LbDU>k+yEeO zQ1Nq8n^3W+24kg7b}?VOgb!0t>?l*k;jGEU7cgP;LLKvzZ zwj-KF1-9@>)*p5gbe(?f*@$BZ4#b(C|2oJCu4>*-S6*#BEGe#PJ1$7ZxH@_XTx&bQ z=$p(w75FYzd-k+N?sHy*Na=BEGKJC6+i`O6bXAQ?!FTnJWa_zRTa23DeQp}@lnqWVh6Y=Qw1KJai(>$6xNzzNewQF?FBEhO)(@jNPBTeL36j}X35EY<1|TF-6b*}w?*3_xi2Be7x33aF%VP@A z;RNAtRsa!QVI~PFL2nQMi3l2&06l$0&T}sBFLMPT!6V++cc(y3N(DFWS}5<7Wol@`V(tdLs)H*C$*|HW50J4E);mGezAPR zEL$LnPD%tIA$=7)3n`!#rE2ZV(5TC9>Y!!kUQ+YvC~@fX@gi-MnlA&1!< z491tq6Ufi!DP_X9$H#q#7#KzgQ{$g;WfH1->Whi6?N6?*0na#)s-%Cc$=>@R{}>k_ zEN)jFBW7734(LU;rHrB6RY8*81cSt4>P;~EO9Z6LG*iR4i?_9MPR8k8*N!N|JiH2k zr;?fsyPTsxA4ihsghmp}xEsi2;z-fM<(ri_vV|-Q01{G@aT5P)>yxs-+6Rx-6#Yp@ zSqCTn!&$P?0{6l&GlPA~M1>Xq*wUo8hfQBQnFX70=2Y5ULy2mo-D{HN^~j`#nI(vA z5Pf;pXz#p0-2lk(yZOorHbXPPGMl&e$=fZ!f>f_)^o7pY>b}r@>$IamN7UQg-8Adg znTaZo<}sr=HQjQ`I;W2{D{I$j_Z^3#%bv)@)K_H|>HppBwn!KD_XGY$1Uw(BbpNkz zx8DmpQUe+a{I{$0cP}V@?`}$?zsORthn0}9W4s>jWV))J{L}3YA+!cqT}}bKwgCVy zN`3X(Nj2u3EI}_n5&xXfZ$)6V?j$*Kh)xU*yjeod6|BLcpEwCKNOBes7Kwfs5HtgWlj2{L($Utye8-Azg)P(8ceMW9Gv>m~EQ~A`!nR)zN*ll9#m>F=(Q#BAwbI}KtnO%|I^fe z#@C;`*T0)O;A+c%8YX~DDxfnj;KDRu$~S#@}HsC zreWoNVQW}n1&d)-UV>$d0ht2qwJl^74`D4S;URCrwFSbrd&8Gvje7+m`t^9s_&>-U zgyU*Pj4wt^ctxD>dQA#M&gmIXBXNKU>6cpQR|J^X4(T>R=(muVcUtK7^ym*3nT|r} zP8jLWN|-M6=&l~>n!HZBc67PTi9gDOtVFD@uA4y7)(buN^( z6++7;$jDvlLR$)ohKuJviWCmD6;+HDw*?i{zu^s~l|^Qh5B(si50YjIR@A3`y~LpL z(Mwqoq#7EbqMvwNl87{vsJ|U2onNpAFvplgD9GW~`kdB0-ni{m^5@^nIeZpRNA4$cb0_8EZ$(7q(IN zinKeniNEz3UrOnK$7C={X>dx6h@(-c#I(rFAavpYOrb!$M;ffrbb_!15`(O#k;q?) zSwX*Y;}>&9dSe9@GwB5d=$Z1WZ1Xsj@@)O`I7;(`^K(+?@?e?s%UZd@*b0TTX5_Yki$0@1?`LCI?1q})wOA8jg3I*fx-i;O- zm*psq7Mg^mnuXC=9Oor`ERstrvLwz|R$_2&%m2VsOsrJwqQs(Img49g0bwmGMBggV zT+X2JE`Cp4@HGt-QkE-JpXDP|;vraQwOyj=T@u7x8fI5)8dlmPSQ;0WZ+y&cOI%pk zR+4MSkak>JfKnb?R_2=)l*eq5H2PUzs6f=btk$5U_OZBLvz#KeT%yS!L8xMIG<(dz zd$b)HAmlKyT(XiDww6}9fx@tq7Ppm_v4@g&V8^^;=X8{oc4k+3 zfs*iJH2&vt{H-0+$tdBEmg;8|BgeREzK_*S%hm92YqD;uuTY|pQL_3bCODi{Oo03_pn{R9GSnF4&Hbtp6SKn5Lr#Absm@@l>`gYPP)b^J2#=7vf;NCVD z*Y;MD4)peRtGDgRz}D%<)(%vfuJZJ;v8pVVictHGx`z%lh*IY;Oh>GJC);et@m8l} zZYPX#N8niJXnIAuP}dMk$LUE86Kt0QRo6j#7nGa7Ja#R9BE42_-hU#xd+L4;>wZyg zacAyKZSVRP14iipqpgB5p1~l}9&C{wT*Dsx&pm`0J;WV7q^msyXx-*8y>_+T@EM%~ zJ3WjUz04iGtgF53&%Mm7y{1%sHj=%5!r;tUZqAOre{u7OUY=(>X$O2hkxqeeA|cX# zmDPT==YI8y9@*!*U+J|o<;BP8q{^iK;^v$p1BO(CR1qCO!`{bFy{ICTXexsSTZ7yV zg9xA7n#u=J#s^W+hV*iWWLSsvM7kjc4nxQhLnz}zI;O)~p9i9s@jyl5IP>DqmJZrJ z+@NVMk)LLGNn$5(_|hE%{;ZUah692uquqN$;T?DaP256F?+E8Sq8LE&q=3ZJ_v}_9 z!r#q}XGZ*<5d$*7Au4#?9eDB?cs#fOz5pvhcxRUbj~bPc15c1Wy%J->SV6`x+UnRh z(70yq1i$_0(F$Hzk}T|&jbXnynx1PdBA`}etSV#jPy`f*4|t{>{~=ZeBnF+-XqO9?;oQ$E{43ekM!|NSoMzQX{624rhfKD8y zNzegncaEWkLohBAm`1}`kq{CbBfJ*}yk~kfh{t5pD);HC84ke&?7|RgB@ue$6jNq{ z_!$YC5gyrr3I)S-Lk2hR3pf86H+AuMTE|%!>``GOKS|Niu;&TGt66w1HDbqUGO~}q zhq%}JM|4$Z=sE{&sT3fVf5~{wx8IikHyPho!PjB~6Y0(T4w+fHdkxF=$(3OKECXaH z|N0&OEK7 zN0xz)yxK6RDT`yzqg6)J;Fpi|+AHy2hV0R8Xd00O>wz2S0P;vNyHHjIfjw0TbYvJ63=COn zGn=`|TB{>!{`KA3a)juY)nMHt0>Fv<6sa*0s`1jks$FCZcT~-~76BmIWGjztalC!Y z%vTSyMGq-=aeQ@68QsTB)fdLZm)U7$_iP(o&F(Og`}l11oDYQN;_T|WMVGwAJh7wi z&}+N4+w!vAmWkLI$=$8G_jAy-Uk0R`#T_%fDhOF+5o<8U7&c-5VGh}ai01>yMM1ot z?{%uUU7hd^*dyK9Q;IrgS#rlrAtP#&4vuVpyf}p;i1)7-7kG1M>3VoRv?tMdn72+C zRdrw$yR!Oa8i{Kwq2?%){eUs^FjDzMNA7J9_Di}wf*pFO?j*(113D5vt)RD#15!QlE&0&tI^o|=%H-ytqqGz^eoMal3 zmjrQq^mAavch1aU&Y5h^UBXXRo=!0$@snb>lWW%Py0~GG0DlVP>OTJ}kc0KI#SVTt zUU-FHyvrJl?z*s!MHYm9KO`@>7_agaue_YDO2i<4D&$kNFi8wV@>36 zCNk&}IcL*Ey!ONlLZMF)_!g6d>mAN_-7lxcV*qt?kv=o=`XvC!eB=JX852-i!CkI0 z*1`&6p;Y=shwF!V7Jzw0$bQop)m8k0Bfsw*Zee*6H3#$6vU$kT7{SU+?kUaLia)`M zgTMv&_463+e~EF4U!oe1gphBKqiP3*6OS=o))9!8%aI@JIZgwuJb_q~5pt78xSLmK ziU|@Qjd@TCzC9>n-M(l%Jd`~CP<|O)w#~)|-W{N{&I7zlHm*iZH#|$^Gs}!N3CNmC^uJ%w8PmNuF!pJAQKX6LL6+zY%KDTb4#iQ zra#PK+XY>z5e66k!zQOpPaDQ$5LpUrZkVq;=~qVCzLW8)a5C{b?|Me)>LMd3k03T2;PPP)20#W#4jTylTfx?#$<@EkrU zBPGCv~F?zM6*h3F4P6o0VgKCM`v!1oguBgYpQ$;T+)2v9Ul#7X^QGfyErS zU^`q802UpM(x37pnzNd=ZX>&z&bz={X4*GDloU}?X^}8)q0}->hKJoK<&A_rr@elplIh>@}JG#xYb#sH)D8&9~0mF=N zM&`)al7j#_LR`s^>p-u{?b=1*@Y!3F zvOIGVmB~vuB7mqqHNN4n!mi)nA2y zU0(E3Yj&zg3_|@Txf`PWwi}O4_-6ObWoR(Ocn9AtSQeP0@n<*y`7<5RD)WFv_LC0a zgvUVJg2T|j8T_gaMq{)B!gv8$5n}v76+T*vb)e@{0+y3K%ufIpY^j_EQKm))pSF?N zq%cb{KOaREAk}xv$$%IhEL(dPneFJqWEuKnq;FWT+0p_QG~ai7d_{P4@sQ(yqK9%H z*FRChp8<(!NF|Nnsr;nF06v(&Q?UTU3R=ky>8 zrgF-0Hyzx3%l`Wj*Qn^5C=@Ee5j0T^ktCR2a-P26eLY1P9UgrO@uf6MBp5`z5Pzb_ zO~jo*>~P?}pHuW>s11e>riB66`^X}jL8t;nc_e_8&{*xZf}#*LypYf*(*clMt*F&$ zkX(Jn5IoZ>-_}_UZRMp=1HQHl*4Weo(lEi9RyF;e*O{joJHlH>8A8T&u6E{cr^^(v z^L}YKDXv&aX57X2T{_x*h0ECd@S*=BUjozh2OF6{GsVzJoIJcnCDC?nu0^T>!>0Fp zl=ma-orM!<0;YJFrCzm;sA;-Z2fCNxBX1MG$P(lWzm>(_GN8($!4vQu`FR_1mXk7g5P22JbYw>M6fiW9=^9;XZcg?7Y)E#0J~oyWht894 zSotejY;H#l{cC+~?WSv`8iyqY>m_E*yX&SVQY*^H)bW%F*RalkHSSM9p)SXI!|$Zl z-&0d3k1NmP7M`ud?w6*%A$-UIirPpKEKdi^eaOS>w2}MHGv#TOm`OE3rue;e)_(1M zKJ@scn&XKW8>wST(j1k6i+ zyXP+%cAkH^`H!B=zuX+l%JVNb=lD7Pmzx_8{EM6WL!~CMrS;U{{Az$wYrtU63wLI_0cP~zT+qx~@ zcrkGP?Z5N;>!b7+2y)lAms{wPC1T6(Cq#+tr|uW%$}cKAP@lTiZ zQ;@{c?-3274k+;_Bk3W=m1=13i39sh4P%kZ{7sI#gvg{6P?PpD?ea3=LXcHlL$FQC z>L!MXNVq)5V?fZ!CrSu<$| zJNRIi0D*!&Nfi-c+z|Z-Gy@mrTBKxlnGlZWYEIgI#a(g51RN2m5Q!Ypd{b=aE#Vje}OlgG&HNt^?d$utXv7(lL^6 z3kJ*zT3K8ic?FLuEKv zPQq1A@&?Mvg_xfE@Kd85KIb|H$aypj<-C`t4VC{eH)vWh^a%p5kjX6*{xsynGi(ko zPogsHZ!!FhL}9{vI0(0MCx1AMRN%ONIATs=BYv25WjGps#JO)chIS;5r#Y(ORlL?n z;!R_$#Yl31qN(%{ z&rG=ml=8=`PE?apQe3Y}*i@LhmE>2E0baJu-n9gui9)^{C4XB=^`S}?geu*> zi8bhfgd2|14u)*o^w>PIol|+=lypD|iP&|y?<|RLOd233&80OBFr3!1t47?ecIJ@y z)WC7^Id=%zXIOEl3%m5gX$sW&-{O`|wB|XZ5KLobei>5>%us)UuYT^YMY#?8Ef_80 zHhzv3@-+V3x+lJFl$1I4QAuetqu5r_}vTt7D)rfbhOAb^@ z=%;7TF!1Bee0*kTLuT|dnesbM7kwm=(_joB`R?^bQz8;gYNCpSEjkLtCmQ=TIo)fy z&dfNW(mm3UL_4M}sw_Z>j}8jKu4D*@L90q&v+CYl#PuA?llF*Y8H7shtKXZr5N5cv zGI)a=1Qe#&=`z43Giop8Hg375YnI{d8>6!yW82y^s5+gyW8e=VVDInb+HAgrtlz;u z-rurty+R*go*zW<8JgAMI@7sBoj-uI%>W21={F0?MJlaTD}8TAHH8Yb3<`Cq)#Fmw z4C?3%4P^YLD*>C8pLkoHCl-pQ_0o?PFPC+Hqb^0NW<*&2muM|$8)34Q7>NH;} z57#HjTuK7!I-%Dm{}@RVeUs6s-!QB1kG!0Fvt&oIoP8FWZ%LIk@VaPEqF8o$(BGg< zbJ==zzJv~38d+YZJrwc7pdt{jDzc%PSG;adw;s5{=`K(^Fj=npmLXA~DUzW3rsR@%`!@>EB$dz$krSEuatr0C#jfy`4c@~U}M*Y^v!$(#I)?D7N zEU|rG{!zOMT;Igw|Gc-hE^4$T3q2XBxXorvDQyJvdA&4#?MLSNVx;j?`}+Pw(Fl z6lnk`QiN2B!p^_@@m(B-ofp`okD#UxcV~zswprk^Idb!EzI-!s!ek}U ztA9-{qIEu{ZMA2BWvbgGqQ@s^h|g|xx1*oLuP?UFjbQbzXw3jB>go5zD#eY@mn`O) ztb&G3@da(zW$l6tEs{j+vt%6a%xve)96a{3;17gutYUWdB}EP@*$$$W4+I^oRml&A zK3Q{R9MqQ`7(t8=RJyD?BdrHltf`>lVe%jn)rOeWX7KD_K={y{&q`bE&;`HN*Fzz6 z-y*DQJFto|VsJG$=y2qVc%+VX)cN5#z%~ZYR=LTBl>I2kz&1zK7T?L%E9|J@lPxIg z=&0<-g#0L^%{I^SFq7{n=nkBPA(3abmOFU_$7fgWZj*y?Y^i29Dr#F?6;*g{Kp1uW ztI@$W>U45eZA6YrRvTuBkQ<{+dhlle%K z-2~(m5?ys_MCJ&-Jx!c&=n!^1eCs&=Y&+d$cW-~zs_MAt5wre`4?qxFNESR0P7bpUCz{}7ugfer7st6 z&@K_gE)m&X>PcMY>@R7RFNHr{QboC>8eP_b^L>=$KD-v7mHY&MBiJm# zM|&gukzb%%gjxK2$j14@dlQL^eVps7-v(FWYB#Ye*HX?-au+s|b_ZL7!*Zmz@_IM2 z?{5$9Znn#v8w;Hknn6nMw`Jbzi`m`cCf??@-?H+#C}!WP>A7sL-Li<^>Z#qT;JT{& zYHF$72~ON16uIbBYs*mys+xXuPY^A z*CgD%Xu%<9exXx4?xDI)q=ZLb#^rj0SuMVpJwdVjZ$5q`m6r_27k^y(dS8RF#6bie zU_v3#K)@nr0-!%+(S8Zqc1MNwsJ7_AjTG!e1mFhs_=Co0!G0Nf_nAZYB^hq6aJMgd zd@C2K4+K_s9t?4V`i2J^0PyOeeFA_*!Qx+PSH=qv{R&SWWmXd892+ZTGJirzW~o)7Nba4;(io12>O%cl@2tcI@;d1|+105hs zRplTNxU>OKxRSB`T2p)48fzrIsWlzcPa?}184cuvRV;bbY*GAUAw&fwq<+VBGMBK$!uBj#-O7h+OB+IC%32gb9H17JGkFYD&qp8kA%_5mv&=0)0PLPXNpF zB;+UHQgeLze@qi`+YM359b5bnGsw!jg5z7s#0|C&!-l;Wh2IZBiPzcnq zJWn{f`u)B;TGF!wf{Xc=k$>N`G842`0QCu0BJ4>C!Xi1__g27pRdpSsuG2)bPh-qV z01~LCCE<>9Fr}Hf6RZJaaDcNxIB%JvwuV7MKMYn8LxjB2+b1WX+fC1y>|LOylh8-D zXZCq4?#u(c4+u9xBZd+|f~8*g4MKqGZdMQ~c?HN1^j_85Wl>Aq=6e3~!8(1kiv*RJ zAce|wA{y+&bRY^sofoD9S`I``>xPG65`m#r03s1|1F4z(-yntwp$GW|BKG$ndtVCIkfanM+(ml{ zongIAckjz7946;xm-qp+{{+~p3V!drP8dr!T#WA!6B3!9fNn7?Dg>d42~{#qoLy=R zU5_QRtdJ6ZiqLob=;=+M<`g>37PSa;9~fwU}~ceVhH8U61b%y}}@J z0~jJRDTow4={Nc=7ZD{!nDlW1d=jLCLI=Xiyo4ErLPv!0_k)AQ^#9X1mJbj09ln4C zmO-TlQB48>01?c_;`|3D2NXGD{R@*TU_i2vIm$!?#TEVEag=WGmMQ124rBZ{V){)J<9ds^dhXufbQqm9=0OfA6-7qnhT}9_d%zxWDiv7g#QP_Su zKj?%M%9N7Yu!_8GHZ-90l`~Efiupfhiv;k@=h0x6#pIW(7zM73&pOuQ)K0(#iSvG! z#RRb5%QZ!*GBC$*lIx_9zzLxTL%HuD=}XuM(UD=GSo=W}9{Gu^@{Azq18ks%{j`5u ztcFKX1Wb}1LxURBti9nQnE2@vC6<@uJD*rvf} zfv(gxoAj-rVy^O7)~RhS>x2UUiKAxV!r332U}_HsU~%(ENp)!*V6gncvyYPH|(;OxN(PB(7ygq6{k$ONrBcfhW^u9 zRA`YRHX(^Tk%>)6lOiU0xpsht?TwT=++IKeh=Rtv1Z*L)dy9Sd8u%wKbPnF`A*3Wpxz#X2d_U^U-`p^uX2^) zqN%wHr7AG^rMM*UW?UC?S5Wzzt#u56ip{C0CXafh65xfjoXtOM3IjCsz^ERlM<1@e zBw~@y7agafWEYxzIt?n}23T|6mC57yC16ug12smPPMKmpE%8i|=5Yo*X6RdQr9>ey zgL5%ZY=c;M08umu1<(rqsI-=|KfZDFN`BcR0Cw{M{i8iEc0;V&TU*~os{rnWB|nbQ z0&WDs-ax->?lB$!qeRsQr%J1kYaYP2B&zyAKJl3t)9>MOu7D)j7!Mmp!70u~cja^2 z0rgJ+jzH8&QI3HWz7@h-iJ_(+n0@~lFUslRvi@09Jg8Z-?!nCy)at`EH zg0TP;D^JUCijYrhXodv%~MJ0sK&K()e)j}x`~$62%|hcoHy^==Hqq!Ar$hkW z3j&mRz~l;OQ<3CpU~8{sbE{|bS7jR2jPAqA*24$g$1k5RU{j_Om-hU00AQW%h4iaf z9YIhw1VRk+W;F9=Wdlit^rTg6ly;fU5r+pX_cz^wfrQoMUHuK~V^lgNoA+ zLm=`!cnj7v7s(?P!%*jhXG88{j#yAGKRTGhR{obbxv3pw)yKb zxr%nK2zt(K2FxWF;r&%Cb}_BNRLB#wzCtoutO4{K>CQXjgUb`gGi1TL~f}A$DDzewm8gA@m9zX z?~VeXK*4ZMmSM1q23e&^(xj!BV;{|9oiV)U#&vI%qj%H;Xe7TW9OMqjea7gAZ;U_~ z(G^7Z7s2WwpIi`Vg1yYZW1cmb72V~b=zpK2$zm9NM??i6iw35BT=*2RWM@_!;H~s2g;Y%h z{bKQAWASrir7(lA4PtQ|VsRCz1j+nGs077!3qskK;P{q4lN4wfQUemuUA-YDA|cZV z{sp3lFk*T6o9|4*K8L)E!jV|qLXk4O=}x-Mq55!6Ayi`wXfb9T++*d;mt~+B(QL}Wu_OafuYhO@ zEG^M>Rtpn$3N<$dM6UKlPm0W>5|ud*g~2p7612`$15S@HE{`x4V*3^l8lB#JVnkZ2 zs8}nH!p{d2*fTU5n>3n;L7G5Q7oG)|!D1m}Gpl7<@2CN<6BwTZTE(+s-z#OmDia=5 zIxpR9e^#@A)wh1A=Dw_-&6w%>V8EW9lYfu?$ams5+80%=tA$82yaPz<2^NO)=OymFRp1*SQ`;hAU zsP_*^)el+kU%5FewOSpu9xIJm9gQ6;ty>+fFDqSW9bGgleR3UrHY-DM9mD^an=}1S zxjCEC|LY?8D-nM!l4raUaqU+k{z}BFyWtqmYWi`k&T5Bg%FpV?IZw~(r^Oh5G|a17 z{b*b^E&tK9?t1#;m59F*@mC`LO2l7@_$v{ACE~9{{Qn0cPDlOX!yhE*f8SF*r%?aF zqlX%yg0`TBJ*IC%alNUUd1(v5 zX~5&OOZfDl-ZXBybVBoVvas~@()50zbkf1}@ZEH{HyJ(@8Hy4apTHSRr5PcH87jLO z&Vv~Q^qJBUnIA1OTaQycA>d5DkxV~e=KWEoFn!j5WY&9&EXlAePhgf}Zx-@y)^K4~ zJun+lD0_@9`%_r9jbV0IX=Z#$wsmhdCPfa(o1As?92cP+#IPKbksPPI90_2q>0yo| zMJ~EzuBl<}MObcWUM^ra_jV+=1egaA%tJ8DBcji9E6w{ol2;gzcXgNtf0CU=mw#iP zk0O=d0M6F|=F<=5?;#W%&=ok8=66XH0Ky6wEenW?3e|{}I3Ngt(XhXHdDQVzo^1dsOa8bS(pM`AJ!mN4W@exmp{2DI!i|czHKL z1y6ptK2LdVVL+$l+mT1Sv9hA}v}C!J3O4e}NWn@E%Zllr<+S0Iq@$Ivj}?;OicKkk z#h2kqhO+OYM5|@?$D^c&nwmd6G()H#c=I4N6FYUzmbLIu^)!O@&Ia`({`E3FHPE^B6g&0yPz?j*4H7-|K*0tQ{|4*a zhMt}V5rYQ6b^}3eDWz6pg-0URrv_Flbft6*6{|-5u|oB+y2{czw)DpIpN$6XO$%I2 z0v1i$5lv~iO}+}vuAa^A>CGPP&0cHGKEIp&2wMU^wFGIkgm|`q(^~@98o7H~Kv0cQ zRv6CZEeTq!FGcc{^wzZY)1}20Z58P)1=4S;rOWcx zYH}j*i`Lp&(%akG+dHINY8l^lt+mvz)i-+LH?Or1r+19Dccc+^u<_>IL^lV-o!`%N=+2`4?C5^wpNVe4e%@wh$y{FR<%HWaB z;JHt4P!*O78tUs1+j~`m<9hyY3|%T1-`qZZbM^ej(9``vuuI?H=u^JY?_fcjLw8_L z7u0qa|DoZZb~e5P>>q?=7i*n;rroVjJ-ULzQ2N5=Ny3+KZnnui&z?T;wWfJNLKKm` zND*wir{DI*`m7oHn{s=#bImoV(4z)LpZff;aXkS!Jw#qT3Qzse(By0ZP5L zNR(n7|8~=yGJS+zgMZz0Lm!P78-GSOsH0oNy2OR3%l=baZQ5Tqttx{KQK}g9Mg9w? zb$SN=>VzSrsABN-(`#%hdBz;pPEdMK}%?61x z*pi;uQqI^Ynnxl#>K&|`5w)99BQcwwFrzZCV`R|3?+sZJ4affS<(-p-MIJ5l?{3Jz z3E0yU10eX5A^iTO2iF5-&w>!70KoQx4t{ykpYAu_88HYOpGh5Rke=l28Tz-IrX5%L zmz#DQuI<1Y)o!+&8GoVE2^s%Ir+0|@kF;y-JZtm3u#H~mG{;CE(EtbUjBmwXI&IrQ z^za1#8`<1kG1zmN&rBeBz(l`_@)9~vTgpWr^Wuao>rXu`erciDZ1yQmkKsOm3rnU@-Vi};zt?FVO#({ zNJYD6#CT^u$_&Uo2d&KK2GxyVpSy7GHYaR7*`NNBLH|pqyLo3WdH)xkZXWQ_X{fK5 z8b_WjSVZ9dj-V{-@)F$k{5q|touKoz5`60y5sZG$+b7aF3g8;Y!UNzStOV!~5I@hn z0Bwb@Y)ale|JKtzOPQ_HW=P9G;F1yf5`_r#7tk!1(QF5w9T7xa2Il7)H}o5Jl+_5{ zHFC@K{PB$(ycKc9wM6eVP(C1l_b;ISR>`((gVUQCu-#dQ{9|K-XDe55Q`Tn1jQTI2 z4zxzkc=tEB&2_zLg0b}hy!Fhpiabd?{0?Wd61{;I-Cgz#tk3p}>=4>{)h^1=X6Bg3 z`c7u;TlHnhpK z4J$tmqHa2s&pN8ymej;N?c|nlrT0?kEW;(6Br}dQYGprh^IfI~>0}8{)jxpx@_V=r z`hU~YZ>l!3pY|zrw;&2x^(I+3sWEJL{P;Q~RkA+r@{?7e{LQ|$|D~sceKI1L56CAg zZDldirtvV&vH#L({pnc6N=9izcE(FTrK_kVZOil_H8rxxIoY1}h`58eyErs$H+7@N+9 zqh>j9JOK6=pPY>L#6@}L4axt7rbSD;__1iRhTZumJ$xp;n6dtarupR-v7=4!C;max zA)_X$!e$}DP-McX@jXd*I1vu*&?L@B)8rS!WYs*X#}%5##eW3DZ9w?TIS zlKGUw?@YSpu4?EKZM z==77wKA#=E2*Lu(!vvQ4^!$-nLSPY}Bw&n_u@t4$s9U7MCMT4ubDIbL+FCogMfn;Z~U2W!Pa55uT6;{`Ni+UbqxI>%PQJZU_nyr?b0+;E`}9E(UeqL9Wi>S?>x{a`#4cn z!XY;V04AYv(kdZnmZV^Cp<0nuGyGrESZIMM4EYss(!q+153G^@N1qC8A(2jh45?{A*61Y zvR&FyGThmnb(F9h2>@Thljoo4uTt_smJOHqyd||o`>h{4i4wHjo7jx{-Y8}wx;|13 zwwDIwrZ62l{I<-F0$Z(DtfHD8pX5wpHFi$L25SI9 zJbvZO0qH;-GFqPRnpV7=k*WZy>I=+T6Qb_g(8qb73j*JUaP4ln>TnIto*f+*3sTBj z>Pd6A8I^%P;8BK>w%J2Rqx~$P1BV9T1q71wyPH#R`J!_}+o>UJW2?hKhRK7lVeVuH zL#f4hsGR@!CCCNNyVIe#eF$(fA+w>Xumr$RNa!V@?Y5CcVIlhEeu0lSS5#$`Yx@Be zje0FAy5rhz+pdwPF6{x`w;Lb>Kh|fdFh#?38CW-M#9||Td!IuF7#IdqLZV{8p)VNv zu!rb!&D`+` zW6Dklp2$D|WDE>w1;AucFw%>OQ51lfXZM+dArDROlpIrrU_kFPxFhYZl*S2bC zTTWpIJ;BOE9G|YZdL*J85o*^#FVAVIbWW+5Y-X$v-=&SR<}&-|OnA0ZyIm)hLCF;u zHwEH+rz>dos|iIM^g#Zfu~S}0&?Ro`@B$ArQ`s23Tc8{9$@clVtX}EE_bd405w17d z1A8UnZ|LP?fkmmq^cIxxsY)Ip&hKx?>7`A|kb*IYM?8xVa%SEt8mM9M}m@K9);4vqbGdMFyb+z%9MscX=ZqTtz zw5e9MB~;o7pK8T7&pD4Q*qSt+=IypYhRY9JDm`yc`N|2F^Jfz+f@BGFG1{rSd!1_{ zOz8E=tw=}eu(RXeB^!Pq%pbgSsh6xgGb6lJpCOp7DV(roRxD?nC8##c)%o$pfN*Va z{H{E?@ZFow=~{R$ca4?%l`J-d>mPv0%`MbbN$lzCd-tl9Y7Aw~(ja_<>h`t}VTDTC~`R&!O-EcN{)L&V9#?tFP6a{^g;k)p-ZP$a`Ep`2Y zwfBSN)d%7(cf*U>2ViT@Tr4gXpe!ESk)P=oeoO9+X?<^w(you{w%kVw=KvPv-ThrD1H7iJj4LB1Voqrb9j2VkUs$xo za)W;m>TxZtOs2ayW!-j|@&9_5aGQ+I_j0Q6Q5OIziO7DGz78uEBP-G=PUGvG%dUk@hWM| zQ}GLrkUy=8YeAq;J=D_}$u;p7|Y{JvVQ^{ff3syYPkg+V&i? z?7`i<46S~*gVE(a_|a!B>V=3?lU|IdZC)kXIv;R!eVNqTyw3K;J`@%3m~DpOzYuXg zBkT*Sj^fSRVmrQMqdy+2YCd;ncb-37x_%>2KHYV|`|S8u@9w~F-Fv?0503ZsI+*f) zxb^nAF3i3=YHog<8}eDM7TEk@w)Ok-1td)EkN1@p|I;#`@56%p^^MV&r_<0syK7VH z4?|lJqG|z$YhPaosn;KlsZPjSP~UHXwiwtE{Xn`Ml7D&cYR@jH1W*fOcPm$SuLOv8 zmjqlAm>%B!21fAYcQ?2P2u=aOJ|X|jfV+c5>HP^c zu;3IT*$PxHV4tG%KrQ1yd^Z4$7ZknRuK*lSn;)o(7>Fwg=5l{o?Eq+Li)uUf>xhVz zpNhsF35}GbX)$H$Xbu_|i2Xzw09y?9x(^yg4qgKLEn$X&eh;dq58AVfUlREdK$YR(gh+qm z;m{xn3gO{IX>lu}Vatf2u!i)=n?WlP&L}MUnEBxXj1g7#mbjOh#KoNkdB;AY9&H0 zsz4a_2O}yV!M;I$!zHMWG4_Q(riLlGcaOSyJYse`Ocv2kE<7$DFX^KPxcDBSl&r9P zIJ{D#B(SCjK!#Kgits;@CPhqXX~Bl{^U^M`%k-$oJbO;Gs>dIwQ_6?G9X%TijG_Ed zk{@WF1VE1tq>H|;86~uc_CF#c442*4np`}iUp%9z8z(3J60c!M{MnK+5HAlvmnYvV z2T;JIvW(+TEu_Z>GaO4rcd#Eh%XM1Ht;S87XC(NSV4Y^jD2&Pmw&WnUP2BE~mA`CA zNF@S5SW7DM(neEv4F$gQFp6N8t5!@C0jMY}+@Zro2gYjlO zgn$nUk;V$Joo!g6@8Gdsd?PcVKz z&L$yGlb6VTR6Jm6L_Zo$R60Z~ddDdcA3ODrIcTLJR*pA%P)TPpg*^tM+XKC zlz}NpmaR$F+=`ah^YZ&lior}Y3shfgCr(8^8?l2G2~y*@QxlG50`&_4_JygX_-hq~ zfN6Zb#?LwfpLgn1`yCZ}z%*T0CCZ(W;Fh9(j7X5-+^wQ&rx$|Vmsh^*u%efG6vHXSk1mUhW~YWCwpQ6RVkkW%8l zG3S9&;QInN#CC6r^K(s5rk-s>TDe1H3PK;(`fF`Ah=1Ti& zsZCa8W?7l+NX6}kn*CL-w_1ak8@gf3`n=b^p-2yit_K-t7o@IZ2WpSCtq=2!kIQOIPG}5q zXihI^r($nF7Rt1(-)-FRY|MCfD9CO|YHcLmYA?DZE>ARp`#099>mv#`GQD+XW;eF6 zH>tmGY&xe@Y^$x?#I}nFJ%w_;t4_U7V_R}-TZcdNDmk{ge{XFP>!-u^ z08MpZ&Q}0%ys(Sf@ONwILHhlf+tXir5Wi_5`)I;JKA|vcp$)Dg`RF|m^P-Ao8z0*d#OXgER$-Dxs z`nO0PO%WoCKlzESN{s;yMC@vqUuWo?VA#I4EC0MZHL%O1yH3L|$tKszf~w2`Sz)gF z#Hp&t1*gj{#?5Uj|4D511C3E^;dk#oqi-AESzV2E&%U3%+XHcG-TwZ*r)gYcy*J>o z$0%l;9&X%QW_-`PCpow#6Vfb=V1u~pFl_iq#O`2(-M10Cc;LWrps;h`F@8OrIw^}9nGl2#YEE?1vsXA)5l9PKX< z*N>i2BHli7UbY{7a76ryjD4F-0$dMs1I)_a9<8w+1x~h|X_;4rn}5hS!j?71=r9ju zZVowb49D4xTs-=7c~rRYJ*G)JMy@S3N-Kf$nD)S2SJ}eF_IS|SBnhWIB}p&?M>&1* zTk@iLCXGz?H`82x^Bf=A`~#z`tm7G_lPuvAf7_G7rpRJlnle?thhXPt=p5fC$jb+lgyMe zRhH9Y#X38%{f0)AKh(7xNJp)2ViAs&-UW7ddSgt+sZIqZfEZXOO1z=MWvBK;xe~UKlq* z*daBjX1hBYLumPztharQhus@v`?YxcUxoImW0xbp?aNN=zirw-p!{rPboedn@TBAL zY~uj&cKGwv0f2gmc(IBhU_>NtP2B8I6L^F#u0U42@ir8XqU$G#fGxQhWQ{=F@%g|( zK=lgf>qzzSYAw?-y4-Pa>}sO(Dr(KK|F@&|o9i}wr=18#%5%r3PuERGo1AV=TJ@_R zlbt?x{p4=G-l^>TwB)q2f6n*oI<(?i0QV+f{95p%bHLfPu$r?c@{Oq5%?zV6_;lbW zzoC@;wUL(7Pg_H20Y|UM8|o-0$zprC>>=q;-E*8gzOEK%ZglVOY?F@^mt0$v+`>KGNaWlcA@FzZxVuhE&60L* zamH?*v}RsigvwkZ+w5e4IYFTVqcb$?0c4&b`?mvGO`{G}mq=UuGryS4c? z05(VfOp14}4#rU>BIp5+#Vy^(%RfZOUqzW^rDTlIl#E2%OO+%@l{HA^AOmx$r1C|i z0444L;^0U$zpur`c2jP#XbU*NNF_x`G~+CR&xEz^hQC<^=!4*S5!$gL z5hNZlTHK4=9+{!tryro?-Ej!G0z&BsAXP)|#>e4`An@4K(*!Aa(#=zL$zgCDPcANR z3VEVl0x76_Ja$H=avL!a5<^j z>0lrpSO*V{ivrfz!Y3RI@lS!AkVenrdbOucD8c$|A?8!_GJCJ@n=~m z?MLwfX^r#jAz+~c=s+{$ywViuqADQJE!O=cX>YXIk&!dgYRPaOpbW(n*E*oT+35`n zu{rXm?I+EGxyz|l&IxFb;~vbkeqcQqPdilIwEohKl`BmI7iG@SFiu}Qs~&)$*>Jdw zd^+kX-QKh|i!wK?Vl?ePj*g0kHq@a>56mRE+Tn!eW+dCIH{ zTrIgWAzUq)0up*F89FpvC%FO?ZYRy0ITC?O4wytyZC7H6gCd@CU2;9;(NT$SE2$Q&k#M|`fo*GF8GCieimI+h!rB{HkPJUl1z?KQ<^6OSPmzI z{H5g3BCJ$c2Pt@O=+ON&LlO$pQ8e%mMV3%-KnAXl*jXS_iJM#y`7AwVMj(O5Q9v-o zr~-lq0!)xh>T&|9C{00LxJ)_w{84@^GvaJUM93q3vOS27JQ&BYBp2kMja4Y4>|+_5 z=MW`j>Bhe250(jQDZvG_T`|N|v)^&gq(L=sGm15`{$^^3=Z>JmVV&p+2gQK9(UafK z_}Ks$*i|Y)OQ!8M4GnUq2bEw)`q0KM*da5(Ae3JQXjHM^0uX~pWzmLSDQyC2KfgPq zYKBL;EvSXM$H%Auju6y{Kr4HF7^K!9D#m5~3&_x^X6Q&OUpd}2ar!04hQvAdvgB=AO{%3H9otpI~D)9nG+C`H4AhZ zrh*fuQ0Y!VL;eSl=llzh4~j6u1L}umX{)~PMk=4Io?yE0)d@>5POz^QllpubZ2H3$ zA>+pK0?4yI3f1+pE(E##MAgz6^jx3e(Y{BQ2i$hdJhguku)!n5M`DQ`YCBE@POuqzriVbuWBy zI{+>E?yXvD#Spi`IBF(IEczT_IJ2(a}pCVuV&kG-fE3FxiO-%U;auEYV#9dTOVD+Cpt=A;_X3YRxegOyaM-&UGq5|`nF4IAQ77R<%Vp=V>l zoeIcf4WJSA#b}vC{NMuv1j+maQ$@NH-g`?B3y=lVE94@owg>?MWOJ!-Iglb`Nk1S? zw;vo!HxwEI!=kZ}9}sUFV4;#BiIVm?F5o)vajy*6iMUux!5qR?XrN-pppu8PQ1t9? zAza5YANXuvg~$GqA@}Qpyky8Neni920H~tcLTeT=r2gLUx;SZztSd{Ax5DShj$X7l z?1^SrxEg@$bE%9AgGxHx=Q2%~8pDNsixJEE`Ld>bty>8T<{ZBBFYjY}fasn2zZjY4 zUq*!0N&hz-AATo7NA~vLa9rjoZTJO_+rPkZ3ylbhJ_hQ#XTfsw1uK z+R_lKNHyXqqmc=wdWDZldz@gYRC@PpsJj~tBx<2Ti|{liIxln$0)L7YB7|cDJ!@?`q;2JSZ!N-I#`6dWCN7w{N8QO;d0K-rY6RA|!)9iS0 z=&$ohS(|BPY@UR`wb-QC%8qD-J*kqNy=8Xz8nGTqr$#pJ!t4x7p`&~d)V4TKB@U&T z2YDB4;P*-GShO+eMjKYk|j^JFuy=VON-wsq2bCbNR&C1!3bOjYYovFN7{Nifl;V6F#)otJps+uArVb7x!+6APjPt$XP_h5PrLt5|# zJ+d4!h*Jzu+{ByK)@s3ap2zY?t<7i-@0T4z-}&>vhrgSc^ZQr62R?eujO%6K>% z8vV!`{=p0ifk5~hMNEx^)(p^qz3w#PTtc1)keJkTx=wsd=NdIfo5fivOzfvfSTGM& z0*a&$KJjC0|BhzR6sq~_1+~(3vpVz%-&;HS=VW|_I*OtAz?Tb9IU>hJ1cjjMoB=Ax z+7Cl+=uxiD03z)PaEf0Vm-3-9vT zfju+H?*^L%Z-@atdP7@K07wfnAM>v|oegqbOoS9w62GM11ieB#?I}P|QDHK%Y{2`u zR8^|GoO8J~RPr}%fcX1_u< z=!bZh@eOUPTrZt)i z>G6-P78@JTF~3H;Ht+FZywVc>#B`%=lA9ueptIh`52UMZyV!yE=>I&QyOC1&-ez|zas)O1}YC!Esh&X+>vLxAm7Pi$iA>9{5DECqxXU{}o&-(oid>N|^ zyxRbZ!CdW=R(>G;1L58p71jH#kqKwGm0YqlGNTvckiC;g+WA%QK2>km0sl8_&P!4X zYEiQ7N95vdzHdoJ7iU$%NVL=YIrg=6%OZb_4Ka|rHoEHw;7*yTcd z$md54reF5Tc(r>)iBNArZ=kyOjZxdQhfs(6(H7L9Fa%Hs1P9Anh>kQpo#P2#ZJ1>`U zCn<=^qGKDUAiw*kp6K!g{h~o&w3m7|h$XAx*{{nOFq*SCRjFUVjaoQkxHO>8YP)*4 zo+m7kL8*y)puJ9|Bt?zbPd%84XlYn*j7*C|K1*#xx0oZ$VnEMtP?T#}Rl17=^*sZM z;#42qy*1~jd!7iQNK}Fb+6=ZRYd;EoB*qc?J4}BWEGU`-BY*wqDB^r>9KGj6OtynG zw%+I`YpR#^dw{ypL&g-XV}7moch;A7IrpA095FY+x|C}!U?6LoeVqro5hnAO zp@IlX3Pmus1*O1(L{4f4ysL@K3wOox+y>kS?1)vxz{*yw55b7E%N*m%reHuzY z2i5PEXc;jhqD4K~kg5AUW6pEqkB@r{ru)I7MV7Apy1Ro`b^UmWGx&(oPn2da+LA|CkqS^EOvCfX*(zS@Ntv#adqi3(m+ zj;y8tE*jM)8jV_-FPsryibSll4wVavB`av9#t+n1O`UaVTsTEE?`X7uv>J$qT1|=$ zlhlr@g`n+yqdGH*R@wm7$bfHVfy_rk9JJQ_bU~wGL8|6BigY0qlfiQ4p|(fP5U&!m zZd!0z@e2{Z$)F2o4GzJSicmd@NRx5p{TqGYiG}1oeRh=v7o;@BG%v?CAsgp}m%J>6 zr0Yk2BnTI>W2a_^YsWShVlWe83e2TJ?0EURV zGS$=*t%8$+-ZJIkvYe{2@B<)pxe(uQi<15$^U;z z#8v*ML_D;fE1Hcvxt=?ljiCP z9~hr4{l7uU|EN*;#%Gn(w{Pt37uL4=C*(wA6mIP7@9ZB3Cg-kg?+s7QFRpL*jZXcz zyo$*wJ^69r5SCa{-*$Tbv$DBsaANNK=k@O4aZ}eoOm5l4{POLu$IGkR&F=?3ahaAu zvEk`O`8CarT?2=w=M~N0+WJPez8@T)UBnlZH+<`#U0zQrstQXh2uaCHE~<)rrQ{5+ zl>FB#C4Z&lueI^l+W2d2{IxdzS{r|@jlb5$|1Z|YUn%)3C4Z&luax|ilD|^&S4#d$ z$zLh?Dfd!O37a-`70%VrR4uJN)Ar}_*)yV4)s2Jsg18LZNAjT zz0X~`UTWi;zq;VRo&U`8*v*EJ_lUpL#=E=@K5jissX;Cy1iZ&cNgtPneC`^%ywBnF z9_Qf&_A0l$uadW(4#fp7x=4NQD1DxeLw%q21^ygXcRl|?d-{Fc^{2X7;OQ-> zbFRw`8ZeP+U(2WFBzQhJvLISRK@R)P+mJw!Kx^J{`IasLNW7dq)7b?zNQ z5<0-|?WGf<-G%&B>a3Q%w0ph75xsc5f0a7r|5obg`R~qpIkh|9Ta*8%Qs>wM!8rHv zV}0Uc&qYZI2-OdstQF$<;2(Mf#n&Lnf72&E&jT_h`NZ;%Q>PIA$Em}J8Fvx}^(zp4 zl+@1pH&t)#^B?YGF%(t|5^bRr-QoT(s?JV?z~MZ==hdx_C03R$I$i3|=l+r=ht=N8 z+?*EDCmJ+Q7{IsgWC;H+txoxmR;LLPv!EJkU=(Yw{j1e&U$pv_2ozwzF=0sUlX!E_ zKVbc6PyusD40-Si1ZFtCe5j!G-)P<2THMD=%olk$w4u#kBuzFUvTS8&)}lZyX!vUe zcUS^mI1_S&wnQWo)z`h@coFXCJ&t&hk)%DY#C47&=aEzqu9SI>)Pj)=uhQA?BUvi! zDApkTn~@hmH8D5B#yDD_GRguig@`p;7&KZUQlGEQUD_~O&JYz7)SwxWCKEVf?n5RXdKISw9V zx`A@5$iQ{Jj13UHz3^Dq!$<^>=oJ|^D8+Tg0ol0{7vvfi3q~cT#!9>8`{_`!7773d z1#}-GjJ@(hKS#vIA*%e0s91;y`Uw948BoiHRF4OLc#{hZj}-4xP&*zwWy%NiR@Y(! zxO6iAvFwRARD=J!WtSTL$Fk?J{~lMRRD!6i`C3tTZWqNph{1bE?s-F|`f01^=RXM^x(9>pEGs4`tN|~ji@=;Qyy)(|rQtlJ8x$v*3ovuOk z6}6Xo!LMJc2@$I-W6we|tFds-cKi#q>!<_5X7FGD427yOol|O4D*r<5WV5quyR!z| z3@XW`Mz=`sR&#mdrx3hVL!g29mCB6KQ$#5L6SZ$8pmTFO%+5`KC+EvKm7t^1xe)<8 z1e&}7%9`TvueP0#I0LcwKW+PO)%s`kxZycp?&+vr7RS@b$U!`XB|KO6=`QEV{}Ar+ zivK0tVJrU%ciV;qn`6!B%Jj^4^s&20TgX7GGzEVd>O|%!TN$D*cq$Ej(p2BE&fB37dV^k>`<%wVG53U*usg5pe`oF$Z5m3u3sun- zoxQbRQHDBJb-LfJWUH_2AnMBX%&R;t^~!%6Oy=%!mjUtf3>U7rY_52EugFHOC_Sx! z$J&yo_=_hR>L+2iXSnq>omYQ%uT;+H8Ah(ob0;p_4+AD-uxFM=?e$jVS2s{tW-Gbo zUbt4@8L%j?>2ny!h#Dx`uI)A?9Nzw1yj@*7 z(Z_w(U*=xFt{lCo9J+Yvcx+gIVir7uS-uZ8Jlk2Hof3S0w*f(8v@yMI__Pito`7bl z1h8ztg>1mbtSNjlf&s@OlF&mXZ=mcMLG&3-m>VIT<)Q6SqnvGENf zw6nn}Y~mLgU+Hd||1`!WVa6+}slM4HW#P<3F(#&&Chy}Ulh~s2sMp^$rmz4TFRE?P zrEHO5ZP9p`EH;?*4{!P`Z!yNyF*&rdgz&Q8ZS|6w+QFETacyx}WO2f-aPhQrTWs&e zo4Qt*w!3bB2&w-h@QaUzS8&esXv?$~%FLN@N2ondnBoz z>AkAiulyaEtU6hNR(Tdf#l0N{NOL+IbGnfo<*`P!v!5ywrs``N8nD9JS$(P@<|5R> zntt25unhV*$~u0Z4EJ^`>R!>Fp)ScD5A0r;-d-c;o>|IAWFHHI^gZJ$i$i;hhF^QS zYZg)BdxOUo>Zq2ogqErydn%)QrHuP0a{I0pm5$(F?ywUc9{W%cX5L^LGoPycu0Tt^ zxqZRseP5a)zqLI-> zxo5^%1|Rc63=67Q3vsyf&koOAj$%!ZKBXV+Rvumcv=NOyDn3i7JZrA-u+G^#nz%kn zWwOnNvYnQ5zuys7m%&g6Sm7ZeQapR>8q@+F=RtJfFz%*UniB<9UXhV~dXCq>W>$ z&w0n=Sy-fFQiWqJ-+9m38O+$ZREA?G`22Sl# zCt!w?q4)_H$0?iU0-m)QF;x;R)*RW>0`=ShT~Y;eofj)r;@!FyM!!Ao_ysG=DN^hu zX67Y}*`@J_bNbTdvdHD;*`>paGYiSp66#e~uyg$<@RgF@)d9m5yWiEAgG-pdD*6$RG~`|BEASFUW=`j~6w z5!b3JSM>I4ZSXa3Yz^Ulx4>5s(XS?-aBnD3Z(>%igTCBkNw^WkxY?zx@q8AsdyUb3c6}*?n%rG z>nrLR?%xUrx{H(E?RL4}MBke3YZ{GfS_)cN6q_1oBmD@%=b#Lgb`O$CP>1(Qu zkENx5D2QI-A*hKvO64I$^TFElAxzWcDDfdeam%3TA?jQvZ2lo8Rwm;9Aud!V3io%y zy>txk?<7+GI5?-kb6!|aFB65!Z+}eF1WnT6KKVV_0z+9-ss}-PzopYW0QX+s`hP>D zUgV=aeqeko5PXc5ea!vyyXf30hxP$E#rs>acV^RLv0+7K$0N+z&4&dWmxgK)bM#yk$)@%X6}{Gzkhk<^PaDKo^5RV{$ zf9*UVjF3ny(-;5)5CK#|LdO9CSoCrNrZs;xjc&*#l>V>ALu zF$Sskb0QKg5PDiSY-M@Ipa^`dGrg;_{fQjWP(S32fD~p5;++yH;evnmdZG_<8sm~7 zI~&1cm;+N;jWAj49?*qA04!grR9JgeX1JHps09kQI?!kWnbjg)OEjWFPh8%ZT1BtjUsC75GfNX zDo6zfYIpzw~aD1p1#c$8a2nZh~L=*yLYw8r0J?{MP zG`Zi4q%kSP0`ZaM*B4RRB9>u65|S{mPDX&oA0O0{LjCHC^2l0R!lZOB zO3X##IH;_}Nua|qA{boe=<;L(J~EUR`q7k?+ACm8W8$<}$J3WbaP`t#Yt<%KAUC8P zsYYFSYvy%0h+B(WhZVqzpoU>X#vy+IDq&GnPELMf*Qc*YD>2cHuU>}SC_KE*Az%13({fV{hY*3d~gbYL#Q4TT@gTNLtzH|V$KW%*}YrOG@JS_** zkgE{F|L9ag!fWY7hk|eGQi32wiL(X#BFUI+>tGqF>4*;7fp3AZE9DSnviwOeF&p7_ zIzW`1!8y)9-EiINIxr*Iv1_9S#o#+d7crVikk&=;NC<7W@vdLe@VUTyvlS4EemAq`lKhMB zrOMT?A2ulP*LZ8b_WWurMd^X~0m9ae`q78ndl^4XAspSbR%nv-p^$4Qo>KIa-}2+J z;MfTIDt_|l#9~sh!iS44sEc1UT47vpjL5#lWIh5G6|Sm&oMReAk`Ts7H7C zJWTzUgDmN1bpWy9iFzVo62K;eTnx|UO8>aGhn!|A)--~3#4m|LPB-uMJ=#`?M>$~O zRe%%?1b_;i#S=vqo{$c`C<43x9fB~KDE5F5*m@ioaYRyLAP)6$AY1`ZgC%;QhCzH% zs`&Lt>K4+e4Zwuvp3;K@FZvCOa)1mo75}98i6sK#U9L3g`k@)%f$M5fY)@3XwU0l_|wXGQ~~a_YlBdgebI9Ju@LxYlrQi zA`A+{Le7LOn#0NJ%SA%jKmrsvK#A}Wg>>sB(#C_z@kzC!HX74uLD0ffB6yH+Ar}zw zojDYqWJHdAae<_6T_~U5Q@*PV>y@K$NmH7re89Ss6a)yu}!AeH5_5 zpn}+a8<1q(HAP^g9H1p-jE15F0UrRsbu$>EI5v~|#7M7D_I+CJJ`q8l1v3cQeHWe| zgGec;c1XdGBPkKz90E?JOlJwxx#y~c(pm$9Ucxnc8kzQk>d&TtvYP~=Y z`yOYu{~_(8#K^(_P3`@?o_*2<7xB4MXy}VLV5}!I<}n;}f|4Per~yV^%1Mp&6(91; zw1X{YX)3uZyF_iHmX4_GY$hr7dgVW2U5x{vZ{i$Y%9}P27m^Wqs)C76)VMz~v{0m^ zMf;wZyhGBa<(R8U$Yg>*E6*7+xid;TWwJWHTAYCOsK4H1vS#&ML`&mopwX?gHC;}f z8`5yEZWp)yUT;A}$YdREWcBUL&-cj*r9`R+7i9%W}lfnHskm*2_ zX?@1`iV;nderwrn}+h${!c;|`es{FWH#)c*;L z3^6Y3=n{9b?J#~bt3kN6Qa*v@=~N~-7ozKic52T#cN}+c)WQ2YeFJ&lL!y4b77sIhaVCVk z>GIl|O{ouHW;Ez|hMZWgvJ0Sc8`Y@2{MLYs%>tFvk8xW4HCS#Z18;Fg3asH0c8FZ4 zm=8U4KU!T0gKT?V^0N=;^2#5pb;I~m^9W{9O)z_gI*;c=PgWIYWAIafrg9iLP8p-* zS(<$GGdqBK=_m&yfIKA1NR;>yy&0nBlf|yid`hxPmh0fYGZbKAS+405QYD5M9FVsi zBF1U&j&)%mgr^bz9)@c)PGSG!m^^`dskM)d#r8sG-yVAk)Wx6%?# zhVI>1Bz!VY@#j$NjOV_vY&=Lhx8+s^&mmPL_UJgwFc5Tw?}s1}eaf#8Im-|ajT5{S z4r#gtEBmOto%5BsL9L$v?*?kp_w+Asx6)O-=cqegqT@^9Rwi)B!OdN`nNE_TwL8eg zH$BG$m-4C^@~sXZKKub=7D07tAq#8F*n$tz4R?GXq)6w!paRUOVoe2#3ir!EMn3 zaD*JTahkzoHNIFB3i`$o2mr#)`9&5KH2X!{9}nsd<8rF%#u$>1%n+!*}SXahT zrJbZzx!p5)%sdI?umFk(3Rdr2N=P8G#MXHOC3T2AsmWHus0krQehD)f0!-(~2cwUe z#?VJZJO*Mg24o^Naj=N1C}!}e&8uFgWCDAXQoDJ`;--iS`4SiFLOLL}k4yMA;p`NY z@5hGsg<*(9@&#omDXpO~4NTc|pc&6{8Sip==koa*zr8mx6Pbx`VqfdHrQi+;yJ!Ji z(vx7==#x-`NN$x|Pk~ZWYNz66K05^p?Sle$`9w#gxHO={!mK~a8{?Hq6Vd}BXCa~= z5!6E>)B;F0m3N4=cF@a=h((at%1AIgzy;^NW?zE}q^R;~)~I|6&Gk2@vS0wV4`#TK zI~p_~cIq?^_C(H7Gw~Zt(PtGl6f9A*y!2F&W7?Z`C@% z#0IihoXeuixYLwpnp3|(T*(5URm6rdJ?gv%@-6bzCQ3}QQ0yz#D5J5(*;NFS*fA8^ zX#ngWBkd!I90X{+4lUd#lH|dgNqX&xW@}`kcC-NOS!L>36>jzLb{fUs*h&cM>MU_m zR9)UIreBI+++zqLc<92fv^}+8yMqrLAz>oQ=v3(6 zshXpC9H~Wt)s#?XWoV!=S4x;94jbk7qh=2yAFagAy5jo8;%hTMb6{&TS#NP$1NaU- z#P`!Ia7seT0&}dZzcG~Vjg|xur1@FNj~<3?9p-yWW)aM0HI`%t6ib|_DIzdL<1mO2 zF^F!^B^B9t=9c~VxdJX@fq#vTyONdEWgXT^*qSIaTGbXekkBofm)E+v5yu`_rUuCz0{oGL4>{R(e7Q$kg)GiRmXd$$9+{N zV=Sk0Ri}GmyG1jnXDsJ;Rp(#_oo_7vLCO6bxQYLvGUnls7QwXkJ2#re^w_cc(ON6#wgq2H_w_a3` zOH8s}Op!}mvtHbgOTw~V!jVhTvtIHmmsDuIR4kWtYQ1zemrQZJOf{EmQ@v~lmt23n z+&Gu~e7*cSm%@I%!a0}XeZArzE+x1IB{Xhj+y-S*ZWY=F6;^Il-Ud}cZZ*jUHAQZ9 z%?5QtZVk%@4M%QG&j!t}+*+XxTCv>PsSVoM+&aY#I@R2|O%1vo_S|~?4SM6;`tuF? z>)ZzW4F>1jhW8DIf4Gg{8ja9+j9-_olJc0)Hkz>VnDRE73i6mqHkv8&m}@qg8}e9K zHd;9HSb8>Ee&w+WZM2Hzu}*EY&gQWxZnUZ9v2AL!?clNNZ?qfdv7c|0frAE+|Aq#T zylw;}|AQoLZ)|BUZ)|C8YKvlNY;SMO&&I;V&Be_PV0t|PUQ_HV@gt=9flYk#Y?zt!5`YVB{e zc9IPlH8z0bTdn=A*8Z7M80xLo{{PonJ8AZ(YSRD9RC}QwI)I!~2nY)RAme>w+eE^H zB~}6Ev616oqB0wRzA0}@#1Ny<+~BF~NG1HM)=oVb^i}Vt9=MMHzIeQ4^vAfWvH z@y*)Re@{_MHM^g#_5M?9r#`%cA^KZu4?dR>d%n*z>7n}y>kdzAOc)r;Z-de~n`a*F z2-^q72-mI?#evc_b7PMa-UUIZjdZ?7+VMe%1jS}Py7vxiB)UVVr+AgUYzVy>m0rKC zrZx%w6=}b!#QPg*51{*3q`mWFi!eHZD0D0%FR%CA>1xNQGWmvbl7&R(McMKoZ!5Igt@^age`L$J8kl4Bf%{A%-PM zBvmD-AjTpbXqCeZr0*-4=$y2fIfx3HaB^yiRFHxXj#QF5fFOdPBPYkwYLybl{2s(1 zL;u0sMTW5&G{p<%D8m#OGbk|4!H-=z=!$FyN%i}GuE(GxgTtJnAdUcmFJVt0JN-+e ztc=Xb-pQSC$O=O}ol?_HLX$-Y&5)^5a`M`;f>Aa&xPz?8BMky|gkk9(jFfCxXTF(oG|-#{>H!U%jP zqJF+)cfZTas`&)--pKw|oE?C}Tt``)c_UU&=SkRh5L0{sGKwPdJLpE?qp3j6C&R=v zfkzE_Aj=Jjc{bic&eJCcY8v5_g`#Ve%r|2GdG~%lRt36hSqcTLLYd1oq7J_*Pbxqs zm`{jD7vk}$G3*eK(I-U~5JnP~%P7vRWm(;E25(u@PxIw9;(oRS%Eo*xv+L>(2W~@+ zkFWxpiHAgD=hFBIjv@n^RVgTAKBsF?U@|}gQ*>QBPt(U)o{sG`Z}2q%RD@x*1kNL(i-qQg~G%dR&$7*7iWiMUAFn%+u05oWHxf6%b zA^Wz6$bXBnOEsRiaQ<7AJ-|UPUh2Q2?D-Jygx~|TY|Z=i_Xp8l@PPn0f*N-nVsV`w zB92mk+K{GHPf`&$Mw0xGKD;Vn8s_{FZRN})(SQTU^<2%S>g&u~vAFna?BVTK6s7>7@zXdU#pP}LQLE8>7 zc#t%3)}qEMMpGA;@!g!CpgQ0v%4 z5tDFhfBWPxl?WwDu_W+82H=*E6f&8=bTrr4^qN8kiAG%l;+opDl_`O;BO4kAaXlzh z&fk2(=@r2r59ur z_#U8NiaEpk(75GbRf<u%f9N5A;QW$t}@+GO!clM#iE$oZ~EMfw8Lo{48n=JcEm|qn;(Vi#~SS18;&`v z)4=o5KFQTI3CD(%p_*NLQ8mFZ2RcZ{nxG}xn&{*V6Y^zHkAeqvax|SO^HWy81CQsI zTP9g*LY*66CFb@H?!R=`?&g|0U>ux+Kk04Z z%s2OoJGg8k=qzbWG>%rT+vN@y?k~M-8tQfMX!xan<}v?keYeuBShnOS#-*z7C=(GE2eYJ|W&HKl>Z{~u^|6XgSxo}&SHH76|=t2u|vb=p#zEN24gYR<+ z;chklTWcrLxCj;JGr>$<0MVW~nhB0fKkF>?vKBE${AaD5S)D!1b;$(pexcv!m-9ch zcE|Vq#1_uMUt7&+cozpR=!^Vv%64cq7l$Y}C3T)|DttM&@KmFxVD-t)f}7jSqn7VRDV?g{%Yiw@df z_?-emwN@E0n(eOjokDo^Mgij|-NXXU5t{g0#mS$0x!W&s4fS#n_CF7ZXYB-T(`*w% z{~l0pcZv4q%cZw`t+i*Vhxho%@ML?9xo1tKWoHDwU-y~_CXq~Ktsjv5TWdGC%H>@> z{7L`O{hwOt$nuLqw#O8J@m`UuE2dGl>V{j zx#tY~miy29)qiU3FoK`EpH|O4OFp;W3QTwNu3g6dt+lV;_t36g?WJ4^BedOv>*4k6SYd4P7&%5g5rz1Vu+1a?%OWz0{r~e`L{F|yB-fNt{ZoU0pzMFnkQkxXG z@Bd5eS?^Zw*M4_{U-m3@6j?ld$xL{;uYJKjXXSj4J=yIuu(U5556s9)Dmzix&*pl0e{rc=RK?SGEb02zYU z<$^cM0?_rHt=EF{bpqqIol6m&5E-426`e>_!o9;n8_S)W*MevTf+}?#m_foI+YZ2v z5WHQN@|P~W8R3fbuCYi#7_qKJtj=o6&T7t1Vlfep<{0!)Yr6wxNQ z2*3s@1P?7tmq#Sm%{tOT&DTW}C3y8DL{X4KUy;r*lFO(T_K}Q&6}snxUJD^-58(+J zlTsK$P4{Mwzo<}9kW>&^g6Kysv6#9ZTD~4SXo_m7FiZdylTJ|30;EVm=hG*U9Egwb zmngzX&a1}{GJ@&1?vY~m4?2L5#TJ&E0crRMY(tU1diIS&caL}4<}c_Pq#mQ=#VAhHqsFd-pyvzs11c#uCH$f8xu3c4RN zNdmFVpI_?L;|JS<(t>L69rb#hf+V4d`X9ps6s7*wH-C#z+`#7fbZx!j^#Rk*d29jq6^N2oXC2_@Y z4HY8yr6PBwn+=s@d?<+GDoh$GPr@vp9;&3`;M?JP+8(OG9xmt^q9q)z6O%=|9+HO| zu6G-5BKlG5#?f3b{PU!`VWz&Zez>sf}FFnBZIRm|jro#a<4(r4?(08a9) zn+oApDVKIAtI)4+a74i+fI2G-P#i$OOko(hem_WotX5I+Xym>IIb#Ar(B#`59wLB( zxbPr1(kVhDEuyR$QTHgK8b0y|9gv(qJSj&>)y-?!Tw>+txFnby4 zzzK>&cq#yV3Sa^?^dRP(Y>bsY)?X=yu1o3j@dQdHM+R3lns0KpKL)#SZir8zsaY;D ze&(?=JboT|AXx(8M{oiaei-%l1R`@zlwD=SDHXYV1q@+qaeR1*t~?$32`m@@Bu5UW zI2po^EQPK-MdxUw!g0alDQ4diVsl0^b2LYY)Dt=Qd~#YE{eA!&fxB@kbsNRBaAu?u z@!a8f176sd?}~X`a{Rrju|KD?9;d)UNjdmoxezn{=xTv%lXF^WMP39VFo4qBw8)yY z06g`|TvgdNIk{0aFG5ZMaWt`9iBa|`;Wi3NluUJfwa?PTUih=~rRpVe_41?Ytk;v5 zTeBNNNiPUMFoK3E3K^HWs(3IuFR|KtUt~BLc=(@FA8$FWqBZo>H3EBNpM)O>l){)A?kn&jd3cdsc+t)i z9T52Ox zth3))7mL(^R>gqN#kJfzpY)gN+i2^f8$*3%Ab@%%HhTTNCByb*jg@slzVAnS^}6(y z_qO!FAFuU7QS|4_^vWaV3%Hj1p;u>iTP6!Dr|j#dS7#TJSCw^EosVZ)ef0NdR##`o zH>q3ZDu*^kmA0u3SPNGdYV~<~^x2PB_lT2@Q1TA+>kd&kPa4)#UA1=X<#uN$_g~gT zObv1$SEaWN*sj;E+gfhK>u%jwd-XMc2OExp4EX}Pcdys~z!(jFG0a?Ae~wnTR%hNu z+JLdxfX(^^;b8z}Pys2iF7CF0)VG05@(JF63o*qg>DoyC)DVSc6BE@4bx#c%yb+7E znL=oc6|#xf$B#|(6USf^Pjz!b#Rz|IlZ1qyKw*Ta-MH}G*67hNrGyEFDi;}viN+7` zCQ$Y-v4_&#qIK9>G~VLN++yC_!v3Pc*luEN-^+By#eup#1-b3Pxh=1|&AC^`CD6o^ z#r45sdpT$O>U7{!m1zTmN#*o5!`U`}BmNvTDdK za;>>-zWIXvu5KfP#@M#ro%scfxp7gGKFMC9kVPb?1=h)~S>L$D9ly0llX-~6r#uVu zx;>`RJ=-i&qnH8vI}0>u%P{PH=k_KOKZ{g7OSisF7n%WA56dxI%kPQ%E8xm~ucFK^ zckF&=YYub!mBaf*LY`=PX0c-UC^9Lp?0R8`&ZnIU?^YqS{%bvt+|0 ztaz`ijJB;hkq=`fUNKusyah+{oq3AIa)Jf_H=aXY3F~;*L%)>6?;$@kLK@P~*t2QO zb2Rj`vUqaa&GKoO3$oY>am~?<-m8swJ3y z(5zO#+IEuJcFEWta39yrF$TxqQM@cc|MYQ0nX6(Z2?VXG8i`+4U0nfQeN z);3j*9N=LbJhSQ7u=}2KlH6dYJ8ZXgYFD&+0?tA`9p?Gax7Iwa zaXd+5Z?195%5$12dO8z*I%;pPnr=VRcA7tQ+U9pUtI@o+Hn_ynu&SW5Mblyg>#*L4 zxxL1|NyEM8pm~tBzSC&Aui@aLVY$Q1ryHkiqGI&xsCvo`mWIp?DFd z>y++r@#N=ojZwJ{Lb3u!|(2%dWvyzx|aA>J`a2 zh}LtHBHKkR!sTeyMS1K>{m$9->}t62YNXdCgwZuq?%G_(73t3vkB#e@z_loeYj2F} z4fv8bb%ZT;|Kp$IPuZ))^RDZe*I{?A1|)7T%s0{kZkzfyV)v;MmV1(t=2Emb&mj^* z61*#+ZKezilMD2h6neh+<=hf8u z5J&sFX5}G4(yRRGp`GQyfBr7|{5To+A@ixnQ?DzAo z`9uHX+*_aVNw?0sUXi2P^GkDwT1v;mH$|(ARLP&3>zVsczmva=fxq-Md|{t^s_uV+ z()$A9eJ&mU(y#g46?)k>|JaFp+KB7Zq4*ra{|tT(v{q%4#7!oBZPN!e2S+sgyR3&< zg?>4~^99ho_`mmcoqrxnt?P|t8i6C!V)G4s@SliQpPGSRyOH0(R@ef;@A=Cw7RWC{0~c|9Bb#4diG6X?v*xw$XkVuFE3U5**TV~g z?F5HBLzE%}6K(*M0b!iTIRHBN9CaW76CE3rT+@XW_^(g4{qpSw(CUGI$}8EhRQtCY6KvTMhk834x+a zrA>p$aH<3V1`|xhUOrr@{~CWiPm0|Nkxu|OrD2)aRn149E6Au>4XO`IoMGUW;jRs`N61$|Cos1#ln9NHI0s;g)fIq}aDvg=~<`70& zs7L)C1*v`fb}}q?+C)C4*M_M$b=J4A)C({RFXIVdK3pin^V94I3CsJ`he#Ox6x*$~Owp+n`(=XE znMUI?16A;dzhiGab|NK#(yJ$t{heu14ij42Z9sO`jggbUIcBw-881Y3JrKI_HLImu~iOR$$Q?c4orTwxR0@6Zd zB`AbmrFdjC<4SkQd%vXW>9zo-+nFZ?0-?gFk2YtqIL;Y1i|=mrc-Ops*|H6gAH+}C zBbb})PT+r!i(nwFq=;V!e&uRjYr9%yS;}WXmh3^3Iv6w(1$F)3O^s z6&D(fusKk9RB;XOD&nk5EON7_Jj&J?=ZQXB&wi-4u}6;xq^Yx2bTj55bL2; zd%hgJkMS;E2rR210ue@5w2VM**ojP7%zOs;!vVY&yDZQBj^?PDGv%cT-K!?Vy2 zy?g$A0(jmDDtm2GCISGMkd~i<@q>%V zeAwkjWaNn2C2+f!!e|aAZD_wO#c)fF04yb)_*s?FK_*6MKR#oSFM%B>Sb}nqUnF~| zRcd_`?dF*TT;KwC$e_U1&?gnD)XZtU5F8LfG+4ER0d7}`cC9r3Iwg(B;y*#N@R|;Eq5a%|<%?sFc)e$8Bm`MIauu(LdU#4kNGV|p^zi8l zs`tm{Qk?Fa_L%hI8{QZ)b!yfqHFUyE1vR0tB>-q)E7=e9+!$^&Vwnlg7BhVxXdc_B zXs{6ig6mzNGoLGI1%(S~J{(F909Akhlw>AL?bq4ATReN>09IzWgq1gE22F3ekfO|B zlt6ePlsf|Y9a$jFh5!3^7+nZSodK{lLI|=(0pfY+(BvCAU`S^+QPStQR-an?>_ayl zndqIVR1Y<);b|!z+JqrM1ty@fz)D)3K_gwaNTUl9rwkWnRu_p-zLx{%N2vV?Cf28gei0sE5PzH*qioHv zO=F$QW`*SoqRxXEPkmB86P%>&QhcsQL)C1gjp3J{3uBRuwZ7S0j$c%kj~bgutScRP zhjp)$c$#BIE1fBkR(3d=sCw+H)UuZ|wnXNmhl#P=%a^B)ZJK_OZ&!I*BCVaq@U}L; zbMP8X*SW3Lq@Gfba3fFxe*c&&#b1vgTw9kJ_pi{rr&i8mw zU~sH)gtHl9!qP77OJ+d3R4!Cp`s&RduhX`stpQg0BJc?^RUxd%{?vlnUuTA$#=X|I zbHiU$l3ZBI@JP6R~DG9AH02@_9^t;W}t%@K9KB zVB+4uZ3;|$L8$LNy)EN4LuhbBM$kl>?ck17`stW($$S3()_w85?YzNIZ390AJ=Ff0 z+5tZApwiWM97f30^^_L`NyZ+b#00=8=UT(64UiuvsT&XVlY}D$b|1HsS;ro45wbq_ zO9}uIn*?pNNcM6w-nXsyQR%1q7@P;MZAX(J?Gl|QD*-a%gjW!bTb7Sugiac?uM0CE zY@lbgq6d9Jci>+ABZ8fYFV)!flHf!dceJ zEg1p(C&rNOSti!`a2B2F^quqy*R^t_|5B)&L<`Euu5`5Sc6$A(CmRR z;F%1-Lx$)#ia3{x6o4W=U<5U>fwYi=&4EE?5Y#PY2vEvSBBvl?$kR?T!tf@AhBd}? ziTS;{iX}mQU1;23P9dqEEbKOZ10=Z%r(k9HbdoQEJ0@ z>}GQd+@(FsJ!%X9#^B~{5wjSR{QQP^K~6vt#Wa>jfnox{-lE;x!eOBRwB}G=Wqp*$ zn?Eq7Rv~06Gv@FkfDBOrbgn?AnWBH(7*(efmm-6~5ku797+(bjZ*(rjG-Gj2#$w0N2koFItEUU%yKA@mgy;_sC}GAakAodmJMVm|YI7z44fE-}bWgdyX)o2^5bT!}Lh$s=&6 zq+bxb0fl^Hs`ijN^QJbSpijZZSkROlgVVW?$g#FW>RN$fLkD+W~_p$$WJ4Eu=S>2uWkHdz#c zG)xM_;CIBZ%>eZVS~OJJMah*VKOyE zye<)H5)2Zst0!LD^tkpO$z|hqDEVe zBwLDP(84K@$MC>@+0qTTDpJG&`4C`ntkOo}9J1UdeAS@=+Ux;22JI~ltiKK)1(+!&2&N}KY6Y7=Z*2##A~Y!eE~OCxN<{mXwkK>xy#Ywa6o zojVTeVr&Pew4Vk4IxBCzJC28E>a5c1s+w!dJM1W8=ptdd;5yM`s_4l&0(on6rnl>?6_E-NSPn9So_c2hK=6WusdeR-1+HZya_(=3&0YNzSk_6Am!JrvCI zBusNUr;&2@t$xhkgHFS}n3p0JmLg7N>Y2ZMw+D5DE4@pZ7t0t|e^$D#o;DAiTJBbc zT%9f;o;5;NttAX?+AwXRI&5__HS$zVi<~+5bRZdP$gJgvWa0^>4iX=#AG$z47`t zUjN4H-+28SuYcq9Z@m7E*T3=lH(vk7>)&|&8?S%k^>4f$KF|(5gBjtC*T3<4QtZsT zH(vk7>)&|&8?S%k^>4iXjo1Hwg4b6E-zOWsYg*`S5_OLH7q9=;!K(2t(z(@?z5C4Nh;(suMznE%IjTH8Zwj^9T$fUv#!FrkQ-TI z7e_4Determo~Eo`9Cb9POWSPS;u&8Y^DJ^#g#0e38ZwY?o^^trB zRms|uc+NNZ)cl8$96Cu!7Rm+eue^SGdJ2x;t@um6wQ}mx%qx&AvGlglC`_BJ4r!1O z)UVNM3Y}@_bFZ@IJ(fMziK)7CuL(Ytmf&<-utB-~@yhE}aDF+A&^XrSzVdoio>|^1 z9zXxgzr4O?xvIDc4a&j!mDh*Rj8sBY{)^XxDR>LE`RzSAme=kzq?L}N_kFjQ*Z)*i z*0X+cw7MtUfRk)4gEPJOz{$6X*3{IFFlHAjy0W#G(%ku?e;MhSv5bHJxmi@eCE*x$ zhx&EFfO`8?TZY~)(JQalKD}x|UEJgC_Zqura?RTQw&yha%IgK(uglx2Z?8dyiI60#~WyH)lv> zFPotq$wi7_-xSiP`i|m@cbQ+F``7nQ3C>N;MU zJ7Dzap~bjh>^hNe=zb1FUvYLOF}9`Yb}TOoZXFAvhzTQZ2?bns9tL(|xzQkjh_#LA zcsem05CN2cAR+W1itbKq=TL`hWSQv_HP+@qGyLJ9p@sW6Mxg#i@9p}8gZiAK`tZ{w&U$hP76OAx0(2%MDx~4l z5hN9$C0y$J{eJv#1@$0B{6p=*f2}<-(Z8(yg|KsLe{j(MV(+ek>d@9j&rjUl-Q9vq zaCZyt?oNON3lJalKz|5Uwt-a3PxBFC`>gu}HRn2%F594vv zsPX&$BIaNJPqpY`zo|VyAqsaeG+*vh zzCx{(LiL9yY9GH%np)oHTRxcW)Rg{^_O(1cBXlscejpWhsL)?fi&diV^-u|_U~VXP zV*XIMv_P3Zclq>C6@(<=4A-D?y;km)pdGH)Qu+#`L~A(Q6sm;5J&Ynf++080mQ>fM z%-y~{+__!V!pZ}8Iov}#0{AgZUiQuA{ZL(!BEQnexB60+Ek*u|Ax=N#0cl}F9uWsx ziT;Pd@E^(}+a<%ajeS}Lp>{!FXuwnW-cj*S_*XYip}oP)D(zHi5Ndzr z^l{@KYLBS)0n)uMAB%oHGBKi>x~M9grhNTBrS{l|54C_twbpaB0`5_4i6?3=3ZeE< z{}*a+_b+M>rNMzSi4{^*X)q`_?pA`)m1 z30Pw)gkiq4))M|p+b_;Iif}{P_3Oj4rRO@U;5(uxZg2kz-b;r8!tHbaQ`^5)r-ypQ zRyXJO*r-uZ5wL=$mw+dsIP3EoeQ!S3L{QJR;=i=L>Z7tinO^iG>!9$DU+Z}=XhCA< z^B!I^o{%2zU)sLrU)tXMkG4;pO9`m^@>$=1M7Ly0Z$)4{7%(o~ke=J2=2VMlpcuom zx!_@uf2WLSY@q?zD*)WmQSQw6RxFnE6}M=YmUVnwy~|k78LQHcbmG!&KBNDm?a8Y; z{x@yU&|IL){mGzpG+Hj8bct)`_>;66YCp zH(^}&pV#ipO}bHe9-O%zS4?TJ*LHW5XQkF*bQQ$W)@y!7?wdkv6w=Xv4NjC6oHZWB;Mn%jgDpoOEHi#QH#{A5uKCTn? zXOohXEVXS=;#+*b*qGhf7`0mM)!L*xc`;!GUZYuUW4LCeFWh97eZdfJk-fALU%SbE zz4^O$lT}ocNpz46zL^@|Qj2RV&T#9a;}#FR4i}#gPxu0VxFuJerSI^TPu|wcSU#zv zEpU>hm}-egp@0;*qBOl#DVbF!%C?%ZRe<)krJt3P^S1nIu>yIcV)BwwzZKMsmHF28 z#?`jkNr^goqekqCCg0Af^-ht$^|x0$I^@lI>@E7}8d`-rt25Td->j*QcZ@p|O;x!p z3g^x6K}?(=87UhFLy(mY&?dIQ*2csRUfn*N*CEr~k=)dfUeNj4#1#Z0?+59^>|U_# zx}U^(dUJY@t-aQ<%?`1B<+%&U+7Vw^c3M#YW$I$6gWAUmtA3 z6$Y{i@8pQ^Rtn{_t4!QecyDJjyZa$lM7(m({sc0wVk_pPIa+ok4u1bN_r5fZy@b;K zC-9b}(S8T6eMz3p~`;JY!^kl)WeAd~G##ym~IsI07I&ArkFAC_b3NtM- z*m;XOElV0%OZhm;@GZ+-SS!NWD@84;KxW1Gyw$PhwaMn;JcnqijjxV^^T{bjw3jSs!NW$kB;WYj=|(d8I951{mejg#}+=Pmq+&PkiXAk4E>@4 zePEVhbmNiErGY}8(L%#uMtm7bvVKUZaNLKJir|!(G$#kdn82z#T`(q*RW7o{% zd2q)PzSTgb^D<~>wUd7q%;UAi11GAG%PZxw7}4c(MFEPHy_CYIPOfdFMv_ZLR|ae#0xl5J*CGal_6j!pB)0!=Gw+oKESuy-YtXX+LG5Jq;Z`Ej&7H zT{*2Nce@0i5|X+v#=0#A9BreY;fj66sj|WMIa6akJ9IhY4nNzeJmU{NB|_LCv9+Z1 zv81{=dr$9SJLbO44)!<_@epzG*bO|V>-tExdqUe}#bkSqC+EoW-I*EVl+o0cRm}Q@ zE+5C54ttz4x2`)8fv4{5d6?D(8-u5!?1i?ACx67gP?xHR>ybc_yC}u!%bz;p95#|- zAVGrHnPZ;P1pH!Ma&qHVvNwG4404LU&&btY6PmnM9)C?)d&z2hp*r`P|KT-G%4-d^ z@>e(3QgX&RV*8qLGel=exF4E+`+bk=Y^M+@7khA2eP}fG59SQ> zs@DMDaUv?pM;ao|N3Vy<@4?cX!Xnbl+_3lrq{&M?q;U-``;&E_oZ$UqO+GuokI&xEZY};rI1X1;aqbo7xg?oea`E~mXy zDqtjp*E{LG5bt~9^&@X;Xa?e`dC{Bg&Z(18P?@v@^dYJ~T%WR;bwG-;Jh}-RJpT%! z>Jua*u<`V&8K?5G#h9HB>dgl~J*oQq7o~$G+Bj3?V0(zF&w`SLRgqWN{Za3LLvDO{ z&9>a^u{(vg*vM}3K};C$N!821A=MbTy@9CuFmhR@<)s_f_4Y(wt_-J^TI=D^KdL_W zJt;Di(O;^bz>@w5I-l}is$RKQ2ab*sQ+|T7ccd3;nM{MiMzpe$)b%{G?*Q>HdX>iW&T(YSXIdF8P@d*5U+f!ClF!hJ?&j>?*HNUCUJ7Fv_EH_8teM>oO^`3NUSsg6TXL6wk9FIeLEB~{W< zqjDnIzE?)%h&U)|{#x7V^L@=Oc@~!HVM6_GX?BI$bh^&`!Mg&Squ<>k5N}wWM%1Xeg(=wMp%Sl%kT2va^&=3gLRwPjo z@NnfP@=YJfj61OI4Ra3r>vwaHyK7QhoZqXX6=%PlibPs*(j4P<9XTr`&vL9LCMcj% zhk@&xh({HbWb=}Fz~8Q#bebuzoKpIMBAy2&?7*12zPX3lPcXX3D<%I;gntER5X}M6 z7x&UYB2~P_QyS8(ACf6!OuAVmxHE2&G+#Stu7v-VaN3I|MtTN>>ywzAAixv3SqYRR zzsu#>KC_VEgznzl=PfjvSVXrc1I)!lj0v1HzI)`tCm8Kfl!%X{q-esM1o#7(8K?au zx)8)5L-6u^m_>@=hd2DHzlHd*0tWHxounfXx_toA-vVBKnbuV^o)~VyeJz>L3s&ES z3#jxvxjR(Dx=-s2bmS}cKa5bWbW@jgWyL+WN@LW-O)2obwFj6*4p_&YqFglK+5jUghk_JHIA5x6En zR@x%P#y#OBEiD33vl@+#Tn2;2Bn!Ga5`b18QxO@M_=Sgt_5-ZEq;o%dCe%keZ0yiz zL~}$^!d?V+Xqd3&VAmQVDfGYzIR5pXXyw<`xZ}H$b`^=AL#Or6Xe|c9_Y&f8NH@92 zN>uU+YUPdP(xhsEST%2S;466~gHi zkfcIRDN9Ht=zYruRU`!m6-}@?Q@0C6?Po^Bi7+EHLk4&Va)FjnoT>B6^zuYRQwdR4 zxyD>fUy@-$MFz5w{P#XeNxMPQRcAx7s`p}lS&wIgl|U3I7AGBrRq09pnYho3$P&a-tp*Z8XiS+dOLQ@-|Z`WkYf_h+@YY-F~#M6_T<=nvs0pMPALz%T2oX7ff?88+?m=AAYP%r>#`%faJWXOWB z<2tVkR3*-Tk%H;1=uKJ%gB=si0M+^QFLJ6CXkS1{YNWK#&&DV$qnO?`HY;$1*Ti&4 zZiU_wbVJiu2b&v_g|RmGV8ot=raPIVI_d%6DW82<3jy))dyG06YT1ffmg^;Rr}0ea zJ}fE)JflxcFx~x#aJ)%4Qizq=a!!tq69J^e3vd2ZQG6a>4bIrKAw< zPdGEZzzJwQf^dJrG&my9aJEs9y;$h%M0;@vaxW#5taPbEKqMJVHI@B=J|#Ny03tO{ z4zfE5z<@@l+&Vzh(KMaA>gz=ll$&kD8$Uz;z=13n%=Cq65TAo1VlGVf-gG%=DIxQ9 zfn|Wr+g*C`Q(cZVr3Mxjde>d0 zy|9(fK=xqpSo*5s5`u$7kr9t=1cW6iY);^MOnPPg60n5t+cb=J6&~uhtnpJ2Fou>B zS`I1Le{oA)Wpn??^eFDu=>w4b^fQ1zf6WUFZjyo)b(0`zpNP=%f=qEem3?V61^1yj z)sX!*eyZV+-r|p$G<_?*$jkT*Hy!C2N{i5-l z8e7g-9`h9jJY^`-hgT9H9)=1%UnCqFLmuXkX!{*Dpg=)<+3{N}S`V`?sqAZ0ug# z&|Y;4L~^r7X9Gk{)EkY^rQobvHrTt=HJfZxK=IoAhDjnJ>cimL{s&4eL0E7>Hq5yx zKrd7L67weM1Bgxy;ILlrPD!PLj!wMZGm|a_*Z`SPNnvj6BvGK!kE3QM{F*`jH7bLE z5B#yWE)z=mD430rOgY=VAz4m2qlZQrl7PyWV{x2gL^y&5FOH7CNerz|Ne_$ZO))-` zMH)*1`kJ-Iwn3O^o|a0rjtIQsi6hoD-&)D4rOcJIqauI~B1l9_+w0MysR- zWarRzZc?UYzF-a|LC%>D%LQY_<_4B@lVwu3`DbcgLTEn~eXj)>yf`8=H5>6J68k0! z-zJK%#YGPFhY|~()IoSiuYQ371A7yfnG)u}^sy%M5DAFbN8Ys3{eE3MYc!phl`x<*Q!qbr|R zUt-Bjo^M!=^^=X3f5@u2CFqnb6UKpzlrEHXQlss-TZT3%vL!!QZz~Eh5gspFIm8N& zFH|IP8zy8z@^T9nY$=XzHHBsEOGu|lo6o{-O<-ZlCA7^dNh>v<`&%SU#w3(Ol3J;d z;3a-I%b@<^BHKnHd(Se)sR}$}Je++&f=CW!O+q6t zt=W`SIAy=eImuav2I*+RoP=5`pg^VBT9&J@kZR{;|CaG)uAa-bq;P>gd#I?Y^#m27 zcrUyTz5;pYjwR8DKJ%}A?ntj%(-Z)RS}KGR5-X%wM$%Y760}6n6x)zd zZ=%)M_QP>Ox4F0}`YX;+TEK{=#Pk%~j;4gLMJg$1jR{n)^3}4E+DgdS8-AB%cH8=% ze0G1^=6-uR*am>O)4mT9(q!061u8a7D^ca?Viq}o3Iwlo)gB>jc)ZK`BFO<6Ea}h;MdT3!Q^|Mw;*~IkZa&q_sq~BQM*Sv+d*Sk&%ixTeCgLV**NEgUbz{I zL^LMX*(UdiKJYkis2SeE2ff9%@g=6WXtmYB-iz2NOwu9w91E+9AEsE7r1V*zA3o@P z>q->-QYiFibu2uOv?b-4X_Xx<`4Bsa$l_R83x8j@DA{7~Lc5O*#R~1kOM`nJd<>&2 zc7W}@ARYU+#!R`bUvtByli8UIKkvP@+rD+%4~bn@2;Fy>4Sj!}q?TF|R%kz4!4%QD zA3-e|6CcmQftJ=9SwYZ7v3LPl;5ca)1M`1`wh`V#b+IQ4HTe%CqrZgON0<3yBp)E(*sjD@iD@}b0| zuf65%szoE=bHmAqLycCWAnmbCz2W5fQF7MdYp39oa$~IHq}-!%=A#Mtif-zPNsE#n zCx=tsdecI>btcEJRVrq=bmu%+M+2QdSXa!K63r#E*9CEJ9=GzbEyn6DpMaB- zXDU`!*;YXnt0!!0*A;7EwsrWE71g43{K^e-_D%ZAO?LJzKIbh__HEh9ZB_Q2R^YP3 ztDS!p>~%3Kcb^LO?EBZpz|VgQ_PHlJkb?c+y#7zYe)V6x{;6R9H?Kd#ulmF5{}k-` zsxF=j_RqZj|1huT|9`^kg`QjVOKY|v&shE$%l}WH{L`LiEKi}<*?xDi_oK{oytCsO z%RgiJ&1Wp%^Ni)6vHUZZf5!69SpFHyKV$i4EdPwl?zhPc8b^go});c3aUK{amYS&ulmmJITX_KP`GZv@gOOi<5ETuj5F_>=ktv zr$#d_3!Yl^Yxolx@Lt6-&Kt^ci_=B2SN38V4myw)y$#z{nYD#;%3iRTBLn#*S=Nnh)QEDK_O}IJ7k{$gL=v~@!Z`I3@=`rt|E;+` z&Hbmj{ze45y@&R)ffSeUDY*{S3vuA9Qj&D_;9f&Z$)LX=IAZUELM~E!FQ;$=>vqcD z5d2h<3HBRJe$P*uZ-Vta+{*;NEg4_mNsa|eL6u7g!Ac9&eRJyh);cN0zb(Za^G)1J zT7yKI1LvFU*DkCdb#lwK@=3tcJmAYZX|``b<(N*3sW>O8W=$R$%J;&}7oD%H`gD%? z)vcp1aFa4>@4*s_=`(Iu5kpJwmzqcw5{qMT$^I|L?zOxL=`93td;WEXT zl_m?9eUBFSn~a;uN0+CEPIm;G$+w>=K*)Hm6I#qaWPD!XLp)&X)gZGpciQX0{%X1C zFN5A+%L7nRhr5w7PHDpJV{-tMQyNj^t%ya8`6b0sWz_|hw^7xE(X{|tU;AhleFf%k zL*-g5U&`5HiItP<6(UKf447h>dPQUB3;B5v*%D*Lp@Ynj0LN~TC%5Pc4~gf5h;UJf zonLFaU`Kl5Wy6`3!Ck^55lYI@K~J@ICVx8k|Gn1!mmtTUOyZhiRXN92UXEwjBBiT_ zMU~b_3O2)KEyZgHRR&N}!gwgdCSo4$s_k30q4nO@;_4C%;d?`mqhDUVLRR{xrWm@%#1b~jTDq>s)n zfHd6=Ax(FOq0otfe%L=vcVrcAwz^l&I-0aG^Z_~-zS`}7vhGRKI$_`ede$%!R}b>N z1oDHy+311H1EbJ_fqhY-%152EmCn(=)ME6Ui)x^e?bDMB z)9SO-<@}`=Z_JKNmN1np6|4uvml z+AzoZSq<3f&Metsl^5gsSjo^>JvP?4 zTbXxWs%HDL;H3}LUOk#IS+ZUgIxtBaHCksgsf9B+?9)G5S-sRYt@^bp;9we$X1c$l z7*M*}-m!YsxAsubdgDw34w&mQi=m-5(Ks-g&^EM{UWWz0c;&Ua8-M|rC4d4i?|;^n z(|&5vLtC27c&(>-t?bjSL9wr6^&6n;RG`Xk;0DU(^KPJbCf?GSu@S8zv72{an5sIN z5xDRXgV#T2Y#^_;ku-8s>1Yuq8+e?18`fIhZwd}? z;(y+x6}3QYw18P{Weeoy5>+F?v8>?ULYp;jEv?}RZ{@Yw;ES!~XJ4lD-gN$CDKu7u zFWV$yq9X>{${ez^fZ6_lw=F?lCr#cYm8>tTV>QIQZSHB68MZCo$Sd4w9$=v3L@AZqH&$LQ+9=`L#I z#?I(L&+Ec2vL!I3UwT`LJs6T9l~NAEYciEM-DW~98OmpcK=ZrpX`g;@aT|^O35Vh45bGw9eoE4Q>Q;H$ zzk0emcItU@D*EdboAj(4*h;}-8Tx79Ce?`bPp(ZCk;G>i`yrg zv!ifzCLgx~x$Ka39g&#Q(-MH)s5q$Ubh&A&xET;cnbepV38Y!N9GMyD*y3a;ZO>Dr zPpNOtIl9o;ZH-tXxVaHTc-2;589XU1E>_4qw*ozD(=O_yF1W@n%3?1-9iAx57sV%@ zKhZ7)D?QPPUrT~7{7o*UbgLwNwD^54Q50X_gk6efzEjDWs! zJ-O6ixRRA~(Ei<^C?>4?b4^oDUw_S3kAO|b$4yJ^>cw|!gCbkQ6f2{jyk=cHd-z_) zRkkJ=A{GqiHm2UDuC_L=9(GyQ4hXjP4Af4po>p08&JmuDbFyw(Hm*$CssX*EIb+O!i1;($+@4j_#eiaBLpT92_Vcge7xD>ehHdpyJ zWgXR}{HnjXryTnAz0gmu&aXJmuRH5k@=rfQ@?QhY56nvbM}=gs^m>Mq{_f2Sb^KRv z9;^m{i+TNU6zLE6@(^6?uVVUer}DU9640=Q(FkeIXZu5%^WPylK0yVd<8zV%eiQ{P zQ9KHnJQA{}2R?kKM;!P#As>4wACIdLV@4hkD*qv09)K7y&=fg^5%lBd_3WBoZAd_M zYBC@`=70>5DSIi38Bs@3t|L{G%J{E3uejih@|%*j&g!&%n#3LY376T#*e7D?{ACKI*RIqyj^nOOg# z@hBAJN6^y$(D;!a9cVhr7m-S4?-@SW=FuvpUvDh6qV>xdAh1t`bwQD$vA=)@#6a^B zZ||M$pX?zxD^P<%{V>n57F_GQb>dl9S@zL5w745SFK|R-BDm_wru`IJCMY?j{>6OYt^aS z*?4p#X^^$3rO8<@d*n;uy3-u12SMiHV5s$GnmCdBfy7ubZy6X4T!{oZb%sPO^Cu!N zr65iGAwS;QORqp#*MbS>9m1qpxcI9W^9dxB987Fv6cMutB9xrqDL*J60pP8nLqSeP z_(rO&sv>dyfTZD(ms$h3CR9I>=iVeih~+Q!Ez3NaP%9qX4U!YKDlU{iT9B{HS6 z{~_{RiG^P+hBgYypovP#m;xNsiBU?-<6%(3f(WeOd21$!85IU65^DOV9m)-eS*D8U zS*O2cdys9H8?+F?Hl?_FeT-nfn|Z-x)=byjq3LA^$YHsqxay3SfR#G!tX&SQN#PP` zh`8V6xw?}tr&vZ=)H}qaa944H#pR<@>{1XXqC;=TcRA&9?O8rdy*DD61Tue%kDmcHJn)n=dADfgpz z`JmG!RziTH0u8|SvP1!NA=F4fB~en-=#u6KLbsTLhpvTA?Og)>)9}#tFbg@MvX!9) zaim{o)AO|;(E(9{&Y-hjj>^uK zig-&bg$jEPjT~i8ML18W@bA@mvm7`$PJk4TJQkb>5bnNOk>Trf`N3%x0Ie8d0#cnP z4iSd0K#-*4Gy`B3i(!`@MVlEBl%DD(5+!cGry|Yyr8w|S0$$U(PH%t=J@GwiIk*Vx zfm;<2pATFY$fg7c|H5iHZgCu5X(0gQH4{E^ax08u|UN2O;#yN^-p9q~-bDoe4zCZjfjy*8@(jH;9jwIZPdW=7N~<=oN!tGZGh^~#0{y8Y7l z^@CZ-Oyx>XFOc-l(m66`uPU!&7G0>rIS-`9m)>MfFR{w>DDb>%dY#J6sSfp`cJN+B zWU!jEL@$ie%hrDVJZ*h2~)k$~`nB<$t2{AtBQwq}!ylP~d;6^WqYqzpL}{_4PB(sXi@A zB?vU2R_s`pP>yyZ~NTVevAwxut>oD8QKMqN7N+sFbkJAgO00x z5#aVf6&~u-z5`d2AT4ZhO}q<4`0&&J&~NP_Rsg^bAM_52)eM@1Z~)1~?LB{*IqSaO zw}dOMFLaI8i>F1Laai(Jkq(%|Ko+ZgPbvacLG1A$S)P1OG>2tnsZcEtSL#Ac8b=Tm z6FemhKgcZ%>oM^fdHdTWGN*f*^7c9*5da%$EQ;=9yf2q@zj$HI$1Z+QGxH+dI-V=e zz;HP=3Q^)Gz8d*>Wz%1q{8LikaQP${;dN*RElORR)0}UtM-3l^IP1>i!~w86R^&5Z z=*%qvyJu~6{q{?ubQx4fi!dV$BZqw6@bJQ0x6+mP>7>;ik`$j zju$ACup+Hrcvsn9JX{mOv2P`=e>7w)J-9rV(h={oom}CylLCOEvb1Q zQE_%c&f^NWoq|nqp0G~q*C;d zWI`U7CkL)_=c6m>ZtWDbvb8&^ zuyd%ODOkV{!u26=*g9f(=nq(N7`trDKI|JNlYJGFQ@HL^Itql=EHrl03;j%a>9xx+ z=__N?R45~W)7lUHY1mBZ+XcnLR0?!-NfJe5aN2=8mjqDUUa|K59 ztzwf_B+7fT&|cW??fC3pck5ev6e#fHs6qIIn{s4nAIXV6ic_MUu>lc;%sX}{5oOUx zX48@QMt@x9;I*t{T~CmK5>R7vD4}z=-%=8@$0!PCk!VtEn^9m9n-lnMgo#*4;>}#( zs^P$!A>eD@>tkSqhvKP@_fLqUb!VZqn>i;~Fogp*5lxvba){1NK@?zYgLOENIXtrk;30=u)ZEQ~oeDo!-iZd8-omc~Kog$J=#j!+nwlc74iF|M zvLWL`rjhSKw4t7)qLGF*C*`uN{+t&Mm4EO-qc(>Ik9wPkUH<(% z+);%|$7m)I87y(hWbJWK6rBmX&bF?2yihF-0D6l#IaGMcQYi`+Iy@BKi(K!R#_l$c z0BXlGhn6Ul8qwbBMJ@Gei-ky(G%Ezl&u&UCThOF!d*^I3CK%47lHh7?vL^#sXHwZV zz=`ZKtHLGNEG^iqHQN}|D)6uqVg}Y$MD)6$lVe2rCPE|%;^`U^yOl0T& z$ZE*2VvjUE$7`H2>I0mG^P@ZRv^$cL(yumYw5Bq&I!Uw>(+py%EgZsn1c`ZNH7x^) zrPM!2Y~uhwgM{4|B?)^(YG?tNJ(9S=O+A!$&;TZljG2T&BO!W)>76$7Ze!3CI}(F* zexi7}CQC=6_>0XVSetGv8|^?)93x24V@E^OMp?FyQ)ekuuTT|x)dpVN)@Q;o^wvqpWt5|}o)RN@2IW9>n;R&`v1;Zn_5F5RB zp{1o`bUVQb%f)s_4s~}a_CSX9^eqH86eUU*F;VSWb>``k!+Ot7vAOR?K?B~v2fews zehXb_R$Al)y=MR}`ecBlqa%~z93~f>ByX)xiY)yBo+hMM_bGY5f_tu2B(GVy04|5qZe8nuY@rHx;s>5sb(#l$7Kk&gQ5{vWTLGJy5JrN5ym$^)dlBFgVu1eI= zLV+btz_E&}?32ZzvfZJR2TQ|hL{nORL!(Z8;Gt4znL1V@XpF=s&!|3|~UVnIMA3gE+K-T`)a$xw;_rS2Bz?`96R$!*naHiE@rIW!TYp5W@ z*g^Qntkcl_(HNio1c)^f-FaBJd=ex-r8zS)MLz)=_(AV9&VJmd>8!!wHkQP0>+?q)x$c25^yK;p%?JM@>i={&qV%-zyD9xGm(EL^5ylj4u=)Zpwh$2_UmUN|4ihmo{9YX zXCnVh6ZvN%|NkE%pCm2k2V{!|Dgc2}WzuYIK;=v6X7OfqTp6lA zI9@}#PwS{j4alSYx=;70TC=_FRp=9u$Fh`JZ0$4N?gJ;vbmjG#;P#t8R2juoK(!aC zjMS=5b6N4oB74Zj__jwzx64@7+4=WJ+cIDETKFgJE&VD68S|mz62`Li_WNWNuF;5G5!^9U&~|v=kUE|faRA$Hf(y0a*2It zGgj{B%`enPTanJbQtv0I_Yr9Uh{=En^oYIKpLPQrOmV^L*^Ed^%-l+~?bRP&bLPUL z{#8u>@40(o&)3>s9_26CiUXP>;Ld-F>Fz_#umEVT>?UbSq?%0Co?JC|wCbZlZko|4 z*e~nT{Pq3<4egPxgQSG0fIKROVJp=<4Fd0yk$T&hsws?h`DqroG) z?bHLPWWVZFpN#w2_#BeDn6xqz$vCuECAv1}Cx|Q z*`Yz%6Avofztl0kN@4I=v1d^Fd2%@4juy774M1dj?dZSBb}*H2up&K{3dWTNxmO`s z1r6mW%9CpknfTka>ree^SNg}bpKed^ZE3QRB?*0`;pjsVl^g=x(r_A2&MN~Y(!LZ| z6UIz_DSIG^$0ADPBx)+p2j~%z;;FBXXuj00QyOIv=|D+B1?cn+xg9 zchdnU=$if#?bsuvY}~?q(=0tRe4AQrPn?}R3Ux-4Y{ndtPPZWctD7#<5bJsHZ<@Vy zMsY?%WpqYkQF{_O$dp#t5UD1`y9qPWCo;7@&k8R-XMP1M*UGQMj|3pU}OIPMrAe->0d*-B{0!RJjm@=l1^P@3W zM&H6ZzyNh~f#5=)j$|?Wu`zt6suHKIC~UF#swIE)N4mB_Zo^`!he65CV&&CheBL6b z8Lx#=TRpp;cD>{}S2)=Y_ ziJIA{vyY?8nYo*6x!-F!>*X?Klo61vsYZpv0=PVa$0?+3G}KWxCc-?5w=ya70zB4W zG)_l9LB~90y)w%t8zf>pO;<4JEIad&Z}IaAU9GY4H{$MHDr~TIIx6HGv12*}3Rtq@RZ;W>?Xm=DHcU(SN!}3~R1?;@i`JfM; zGz_#b>EGG9vKIZZV~Gkfl`S-AY&7>~vj%C{G*()e@Yu3LO7biYCstN`HWD?U=r9|Z zC7W*#pc-Ub-F}c$VYNr+ii>K!`w6^WP?io8Y%3FnT2MCRf57Sl`~t7&2a zxj(||$DZtU8t}&BBPAv?C0BAKn9N(;qZE4Ve=gnk3Ex*&-Pg$3|9Wk#eQmF^x?jI< z|B0_LeReThR5x`tg<0ajUF$%^&mr8>;okkAIC)j3-$A+JAobkt1A0e^Npq=9u`jga z1kNEm`9Wg;8qLI4=zd1WCuPyvA>6;_lj$?q(;pmUUAQC4( zA*V0{ryS%X8~mZp*|vU{{qOLTz{bPD#-o^3r*q&@BfArLG|y@8qf_s-V+Hu|)5#he zpYy2du>;9*D~ogA$q|gK^USPnZ@g1ane&gnWAxaqmCUyJ>(W*D-Gwoy)j;QAZkO5z zrx;3?z$lkulao(@E>)t=*_9`;oi5Q|POO|xpjKRhPEKaLkC(vC;WNjxIxd&0KcmoG zuE|eM8>i1QchB()jxz1;@#P*w8GrRlg2z^G;F-7KogdL1q29^<2D|t=oJRY)y@uIO zon;6bcKzIcaxv=y9pT!V?Y5|6kJ03|r{hKr?`9o+x?XpRq2}^)6&uy(45z38SC^OQ z_YTso{hf(3A^*?oRX6k-y|96wzg^DAD9%uC&K?`V?nZ@f*a&AdYpLXMXA_me#JXFg zKIdWB9(4)l?6xmic5AW6`{?D)2_w$mpLHytyy_xWTyKcC=e8JE7GNlu5 z+X%0+ry5ZTy^<|A_Cmw4_`*mMa>K+$C3)r|cS+FoTsy#091r zszT8PN7L&icn{Lb8fpYD2?{>tT|N?Suew)W`{-WER#z}{Zgdo0=)PAUqpqTtudq(8 zu)$Y2onGZKS31L9r|j3}Hz{Vj@-|f)R=U^HItp`)CJ^D)u>B^8 z;nv^}k=J-4^0)6vZoh}!Mk2JXk9eyK-+WfR$>?|^nP>Rn<~EK&Flzjb(b}7YC{Q9n zeJsM=XWO?Qao#5B>VA>4Pvy`{Bd|$zzWX|N7wvcVDa$9T$l>eST@J&2=8a9d+NGDQ zugI&nxjw#e{JsUh@ABTg@x5x#6S2+a7*6=USem78R2JSk*LZuHY;#ils&)Npitby-{aUFX zf-?ou3Vv0*d*}-AZ<|}`Nb&FDw*-%Ll@Gf<)Xh9}{`OOWeH=11nx?S-w(D2L8HNW` z`nxvIIQ5^k`GL7{^aTXKA_d}7QAXqO!^B*FNy>e8oPTw2*rHD)MbM)jCH_EuDo}lJ zUkrTE6}ZVkvLp9+CN1aX1ns>X86rFoYBUi3)SUkwaP<8hEMOxpAo>LuAP!zYdZ>Z) zp8Rl3rSQ=-EQ%@|J^;%|NrC+x<$P>QA8fc66VL|oDS zN^_Mkn+r6O#_xG@6mO{+m&yJ66j+1sk>&*+>Nd+o_BMbW*_TkJ`f`7|OfC+c4Zz_# z)cyXIH`;ngGTRHXZAy8l!f-TFzSluW-ev@pr0!;jSk^%)9A@xfRAg~$Kr)d3hq0?q zvtQf$wpsg(FO~s-$e)n-Jb+Ek0STCF7~hwo?}xzLO!*$IAI`uIUFb84aw~54Bs=Z= z_en?igx&-ccxq`XIed%aoKTNDc+)8An)zJ$el%QoWeZeVXkBn@4k7@F=FR6Iam)A~ zEFx>hP(wg*Nk5k33)#=vpNKmMt!4Ws-4Ll?&~0KXa~Y@7$r)mALn%{`YLP4MqRA9! zsn_1oe|2|&H`nwqk%r;Wkw}OzGp4S$`eW=R-y94UWl&e_+2mrWEEG#|Axpm}B30oG z7iZ`Wm6TxYz6=t#?GA;PqJ=lJ01!#0Vda&vUly04D6}Ff8@df{h}U~q9e%MU56w?( z>l-?-{zmM_S_?CYq*+_5sxgBNr(h7zG~WBi*n3O>W<7A7>#*1ioSG4P3{L6+`B0yT zp#=f25bN0()Nx)^^u*_AAM2k;RV4fUFZTW_D2@l<`#qb%1_{C4J-EBOL-644P6&Yz zTqfw?Zo%E%-CctR*WePH?El&KZ0&BuFrLyu4Be4(9IN;WQDms!|np&43x*0?zhk$Qm*>E65IfTSBh8DMZ zr$eBb!$HQ?LW7M#-r@npAm^r@CnG1ou4qFD#%Pk}VZ!iePZ9tn)1msl@F~81-r$n? zIoQm(i1ucif8CO(qybQxv(%%aImr5Ni(c1BFBvh{RByuyd^V)Q6zY)jOYJs-1!EStHh=5XNQp<_}EjwI_u!fjHl|q6$zIH#}36 z^PM?uWLPTuo6)7q%CPV*J{)X&9gdY^M9m0YOgGI*dE-aPdJpNg9TXUE!Md&k7on&b z2oOhxM`5ka&k-rzaU8-{R@xvwz&C=U zfg^{SkG@h)9NGt*asoe`DX;07g{z3AQ4+c2E`IIHb2-f$pjs9n(h!TVr`5+PiSCY! zVk5?P17ECy(NKyb|KDclx!x#wV@gpVdnv{r!fvAqajc4{(JCBQ3Kaw=-@e8?45R!Q z5hMdjOvL><1l-(282+ImD>@Nz`=Ulew!9@>YB<6gIUm=`Mn%ppfRV9fNi94MKu8e) zO#KMW0JT`eMo_S+S8+P%r!5ynCcg592CVAw8H;19`hSJLWwC4Q@7~GnN`nZ=SuF;KA6|lO~_UfrP$-5Dk^(K+y22iRr<@`};V9p(2eL zwwc`z3|zK!YV`zsN#bz?lHb>846+ho)LtoNv}YX(pD3Fv${*r%iq0DqVasJ|E$bG+ z^{6C#A+H@pAYhFGBtpJmWEDdY9yV?SH5dVv01`&>YcJ~gbF&xCXNUDl7N(R^-F&B* zU70_Q*mfxWnLu!!J0sYbKQa zlaA`ni&1*#Lyx=CYK(bchp!{-WV=rD1Y^$#tG%CN!|fZUO9PA+qZd7XDTv{454G>j zAihFf;5Kgt3Vv{v2DJ)t*CO8Enpn2E$2ic&Sklxq|D3ye(IrBAI>-J zpUndDJx(MG{mY2AE|mtZP<_;3(H(?@kFA0{r%F*Gt2B>wVd5_ClHZgk^%RuACr#A8J$xzh2Jx40h%AP=Iq@-9q4iPw>(ae(yxd0@craS5#$Pyr!p3sP)mFGDeGw|ko6D+ZFJS;%##dY)lF zTd1ND3T~15=lSH;&@_R|Sm_5f;Lr5-5xHVD(4fAw%&yeVkS)<+2K4XP{oMIk^WRdp z835a&d_3Cufh={6Hq1(ceS>EHSBc`zZxhoWWtE%ihCvQ=Y$5$$BHv*CEbjsJ zrN6VXS}vU5`~C(?6Om98DT$JLl9~~g%}DrF;*}OG;4Aqt?uR+$o(P(hc!|@!c?6;-j z_kt$}l-N4aB?KY>9BdVZ!;UZ1($E4l5REA5d__lrbAOST|G|F47YPwMNrfU6MmecY zn;$qf0#Dz`Xz6uBZIsY+!nAOIBHPkNTFLO`U{vR0Y47~DU6gXsW}?}`>W9gx%TH*8 zZn9A#mOmsnBxo6O847HPaoo}9;zSHXFo7_KG3tr(`liX^1&JF#%C`i?Y^M_D!z`0t2Af;q@Tyuw2SEOoV&!zvlWTgx+lRY+--i!|UxDxA5ZNV)klyN5D+#GhJ+ zIwq{91t_q%W0&c%)2o3U4b(|9DIK#_4nKcnN$w;tnIQO=V=WWDVwk$}t|Zk6OD@f8 zIBmZ|Mx`VJWLgHRNTSTm(nrqzv6l^ERvbU8LYK=$>CgSa3@edXFXnKzH>|{zsciBZ z{o)_#sUZ(_TPY=c^X}uhMV@09zhi|=MI>%`rM6?0*_&#oGewQ6^S|X?BH-pli|)u0 zp4E#F`>c@zRlSts-FbPc)Knm(%Gs!M%Uq*Akz6|;&m zw&Ygx^F90eq}57%&0CAB^epyJ$dyAt&A0gK4GE`jqcB&c0@sxGtMx%w+dcO6bN1~) z@VA%9|9c|;|GFn%`@ikUe{dXYxY{&wo40b?b^5V8d36}bar(dZ_j3LTt$VQ= z{gcM|6aD&E>%`yVx}~Sge=tq}wH|oQg+Nq~K*a@Oss|x@9C6emN^&77)+1?hAsf{H z5{W>zuSap`LWTL(qwb>qTU|p<;6h8UN6Ysx;NwECar)H2*M^T`lcx)h+EEt({-lTe`YhigR)B@$>QX z18n~jMVliFBSt;F{Id8Q6Emc8a(-nQ80#9D6qQ+2*V%t~dU1Ju*E2em{I$v_Cfz1D zKIv;!&&ZTtd}inHgk4Dd`p*8;;+jJkw4rEbt5AEYhHEp;pyeW<4Zwx^UeKZ zL2XM`dBgSX!{zmDd|vs((@Rxr&(+O+_sHbZ`c`Iny>DE`*zD5#m~;YD_Ec=-=6|Ka67y!?lk|M2o3UjEZb1)~4}CcONI zm;dncA71{$%YS(J4=?}W_Ec=-=6|Ka67y!?lk|M2o3UjD<&e|Y&1FaP1?KfL^hm;dncA71|dU$FcqGG8J6 zAw~a#l!;iH3*$TCu+#P{-`oa@U2aOnwY^Et@2$7rTN|YNZz=mcDG>X~Pq=BB8fiK8 zX~^zI$$4b?c&P6^L#26q(a7mJ8yVesm_DVG{pO|!@{(2Jp+LQ(6TD+6(qi=GVQp(< zO~+u#Z)8@yW7FiJG4Nvh-9Wu|$NJpJ`Ohl{vyp>{T?X0+qs!*uz~Eqb&C4aG6? z4fbZ9W2ez1;L+se7HuT6=jHQl5)9(CQ)&{>X=2a5<4^Dws3Q~%;}vad5>1d}iMeAj z_U4|u;|RNB=e!ra=9PSIk{fQ4kPPP@^Wr&Zl8$PW{Gal_nVsrRY>ij^q)CA4K~9xV z_P_E!j91#4SD1`f5%s++(VeV4pK>}MlRKY?FCXXYCb1J98RKTsI0}Pj^DVg#klYP&&&T)`}Rn8p(x+>s30LoR68U= z=u3M0mwch^|X~v5uTM;oP;3++E?kla9P=;r!>0{C~m)sGS9`MGA>J3#mlDGIf6C z6e$wyERqx{R_rX+6e%(2EHM`;weKu-7b)}YEDI7TkLoN>5UEJ-tjHIsEbFYS6RB$J ztm+e~KJk(I4>f?}1_=}M%ex0BsU4_;qV z&#taR)A9!==Z2>iI)=uVzwMk~-OR3h8*)81&6r*O<{FvYJ~+0#u@jP--#a>e z_wc;7wKuo&ZU6Y}V_c?7L{e-2Xzu@1F^wKh;ZBhjvK7OaRU-KZUDy(;J5)CH-O^?aNGcn z8^Cb`IBo#P4dA!|95;aD25{T}jvL4#C9nz#`onPpIBo#P4dA!|95;aD25{T}jvK&n z12}E~#|=m;JHSrV?k|8R(Zqq?Zf5u zZG2w&!_!MuYtPlqefP-Z()w0rdA)C3#@OuA`xOB&i& zHh1kq;kdzZU{bDAcw%&RX;FP!OW(-J#gFQ?-p-+k-Gk$^%j@Lgs^;F|#r3VU(%LUs z#gQ3b(@Se(bIKw!i^k@b zRB}~XDp#ruo1C^MTdLOTEQX>fR9maRH90I*nohOWY_@qEOy;V#)oyovyg%QbYOCAr z3r57CRBNyQJ_NyIHJfg4I2eP{sphG5G#*W5@H+2IcQl>M70AX=s&_V@EtTt3nay;z zT&&ewPvxn1wO(zudtdC#bir{0mb2m%eW$aM47CL$9$uEvZfQJEIBo#P4G`hD0ThlKz;OdOZUDy( z;J5)CH-O^?aNGcn8^Cb`IBo#P4dA!|95;aD21@^iPCG(O;J5)CH-O^?aNGcn8^Cb` zIBo#P4dA!|95;aD2E&Xo1tr5uMN&PQVf_rl^9*fB!Di^e=D5@3>~P!wjvK&n12}E~ z#|_}P0US4g;|6ft0FE2LaRWGR0LKmBxB(nDfa3;m+yIUnz;OdOZUDy(;J5)CH-O^? zaNGcn8^Cb`0HFDa1W^80lhgdeP+? zsqg2#H4AID))1R?*V}K%r8NR0E_kO;o48}*dt2{iUD{y5A5X4sb`YMf1c!nVnP2wM ziD0|mA#~O4L9v2vHwS;^IfMsN?(Kgbf$V#Ck8=<&I|2)$eq5jGqt)L7Nca~02&gpB zU=RjZy%ZuAbujd@c{9H22ckGNAChgVn@C@|K}qKvj*`|q68?kQ01}Ecr}!fXjf(Hq zh9s!FcS5Hn03ZM?29Oc=ViBbA4s$|K$Q=5mXV)>7C1$V3Bqe7bUoT6~QfkFK_eRy- zsM`h{;fxi3P_ z)Y5Xq0Fy>T6azjj_V*I`vg(_FGmKz#ltxfa!yYwz|2Ghl_9&3EK<$XxPg*A=Lxo}y zgM4A7Gup;W)E!KX*-wIrg^QTOEkzxI*-!mSdmJE7ibtTPF;at!eLPEi6R`Xa-9`#3 z(Az-mnN!5HP_DqJuo$08zRr*y+D|eML?e_-t#X25P-&B8ha2Wd@m&DuP61t;dfG~Mp`)( z@AG=A%fy3(3Ee>!U|~9t3{86zE%5-g)L!|lm_Ig)*%I5g6o<|qe)utzH1V7@e z1;47cD6yO9Mc{xe!$ zB`sUMAMhLu>H%q^n5MNKPxiw_Zh)C6Hk*lo{r(@fIe%yIJazX@NoPtg(ccBfGE+SP zG1XeV8OZFXxS1fDeN0B?WwWnD_Qw6!((Uzgz}6m!Iye;Q+>7AMxGR40ruuWJ*cTFj z^ZDGkF2Eeg+}>y1gA65FegN9UWhi8irVCM4kJ%50SYis1A(9X`?uR;Xh5kX7LgoaE zxpQzuEB~wy5ASB9HQ*SQY&gZ74CZ|Uq3L5cQ;Pei+8drhV{h*;o`MRR0oc5$`HLA- zJk$0G_b(%qxV>PXzQwTd2VqS}G%y46&?dgvj!A9G^Dh%Q*o=p2uZ&jj@f;_nSayU* z6fgnYuxYy{fek}9Mv9zIv?u(Bv9ElO-;rT99;scsEP*@`XTf_=4Md9+4>ks8V@!pd zxWt8I{kO$5e;xiTXVH0S$j;91Ip&6te$`!lkizXyBE=vDh8c@#KE?4$a@elA_B_@X ze5P`AmYa2Ne<+N*+7&&zh<-1RePj4z+#WkyJNF{J|8J6_Ck&J zs$T}pX}%gmF8`0suO&_VN3)f`;yUS&4~W>?7WbI1?Ws8Cf!%Gf7nie$$a+cnEZ(F} zQ)=RoOoarm=l&ycgH-pqBbvc6s#EFaPeQf3z6vkH?%VbyL`p7U9*F4ug_r@SVPfiY zI$0a|Wg-M(YX~>mIU^}|*^+l#1F3#bNPWU1QCqjpsR55{LBca@Tle+^e~Ymscb3|G zo~&VdfA3xX32o15zS!~ycA51_9F4(#cBKYR)&@yj1-(3*69nB%_X#~F{QPU28gzXb zB=i@R3L%39v7O={6FG9ZA8I)ZS_TCMnEX{cC5{pco&&|}ab2SF;OjPa0z(Rtbux<6 z&s2siG(r?~?PLru`buAIK-rf#x$13m=4Ccf?}CzV|ip^ovdORLSxB~V^Y7y z((T7Kj>o2e;%H>zSgqo$L*tSd;*7q=S?;Or-mfuK6HP%IfJu@zJ+6uMv+ng124u@8MelJJo^ z(O)Ssz#%aZk{Dc`7&@L9ewr8wPJ%EeMJpx6IwZwIlAz^DN#jW=r%7pGSaJq)a+XqZ zjze-DB)MZ8Dp#KD2THVzV3l%=l2E3T{h1)|$E5g8K>16wdPTJ6MD*LUXdSc|J(4)F zZ*Nrn65o*|7%0bFH>Q4BNzJBB<5o`l`;sd9GqTDm4Rb$D4wN1hk!Dt&=0=-7shFM- znl3$lNd9XlrrtCGWW|e z*#IJr<8ORsIx98*?ce$dS~wBH<~w;gGA z-w?SN<{iH=4D-wV%#-KonfK#op2Y~`rDMSNOp+VF{FiUKXA?n>Ur6pdy#6|dB4j0; zzsr_>laCmkf-I7b+R6CuEC5Y~6c;8ew;I;`U?_^*M#*8xeP@U=Kv&jyVxcpno1xAs!LIo-)E+ z5FuKMCSU1vt5m59J`bW83X`rxd zFi>gujL<;rjPuv2J`uf6&BL;tCpFSfaP}@w`v|gMm48# zeTxb?MHP-XMyX&75jk1226q$2MB|l6Ez@Qr*{yLeoykCxk(UCp&^@p-%DW|RQgbf? zQEA4$Z6dg6aYbkq<~m~H}kY6r^gn3lJ1xN zL~4NTDca^1<6TrG6>e9WG=-hPic`0V+n|bWM2DDF0)MhZd(|Rkj3&k|f@1~jLj0Z& zo4ln}rhOkQEgzgVjJwerx@$4|95;H1E1O3r<0eLxrb@fsSMi?x=DoP!oqZzM>}tAp z=yOPIQvFSEAc}o-(O0J0xhy&WPISw$>3@jnbCQ-T(?bfpK@H~eueHS{yFm$|1|vx! z2y%f90Hi{)x0fub-!W>oUb-V%RY8T`Zw0V>jC(p2C2EmW(VlzJ{}9EU4oJzOo)`}z zNrU5-c_BJ64M z!8U{{VFZH(xIo}wR8B2q_xUz56ERrO`$9 z_Xu1g$429y5{KU&tABy=8exyYmK1cTf%i0hOqP=z3*9D(ADq{;5N@>0Fo!L=y%SJ< z6E-!6Vl8t^Z@B&2L?R%0 ztg|z=X*1S2duu2L${R~P4a~bE%!9|Or===qb+`KWSP8{_K1ro|$9I3~7M%$*=; z`pRaeH)hBRM|W2zgzhKYSY1F3Kv8M+k%-YFW?d? zhmD@g8&5s1q&j3s-tg)QhKHI%2-@aFqn;>?zRJzI=WlcblqLEnl-w+ z^_Kev98TSXY&i?n!cMeUq8A^E^IIHu8G4;Nt0V3%{kL^B278zdO=V_T$aIAxV<}i{ zocYyiUBjZo+XZy#DbRwqmklCP!!m-$(u3}Z=+&&4c=D9Q7P zHc*H6+p~*)Yd=+2QA8Hp3RlsjXOKdW-`wziQP;KmOaAt%3Ug~692?B6j3%sub~wFI zY=G@!fkZyM+Oxwtqp1np`#8S}&r>V$Cxypk3ZsodMQEL#_9tKRMAga~Mv1zxP& zh-;q-HpL0IYfzErQA$ck_Gju2DF|13@bU?aihOqIP1*ozGqGe-$stoj9OEWEv4cB^>?Q+2gHlwMx& z4_oVAkff)nh~A?#j9472?cjGiFrrIDjU#rg@v)vrj2|jsuG}-(zmMeo@O1KU zd7|ew`%mE<)Yh3-tNJ^#2hkD<;6uM=KU3W4`NwWl?Bj1Z)!H4gp`nJ2sbSn2Vcf~^ zy_a9K|4~#rmY0~rUrqYtROO<>dIl$4wLISDm(iM>tRt99FJ{=ft6oP)LAgSCSjsrZ@?@u||@i?F}rK!LN+ z5X|{WRh&>_ok)GVq+sK{2 zC3n7r7HEk_D6K~rs}>97mM^@P)@H}mk(LR@&6jzN#z7NQ*N2{rci$p;Ge$2IUt8)? zy77vi=GrI}(<{EOazmCzEbX@uyx zl~B0!TD#4Er)Qz*NNesc2Z}Kre^#R#1PH zNYG5^K10~E2{xY#mBjuE`$>~7i-cpx*ydijgMZ$OGsM}IK8uGtc9u!?sF(NK1vY2f zEs4$G>-AP&&1QNBi5s!fL#~$d!unH4yP17U-_HUG?7V+}!cc7H$wtRH{+Ln`jLhL; zlihV0cn7{-(x3f__{#N+8bW6Xrq?JkHE%vihV#D>4MLL&aTFR# z;$Ep~Ehc~}3DKgxoK}j}0OS#@g(DyZ>f`wRghFZZ(IjlhQ6exSl7_Ta1rhVe1;66H z1Vlm{j-cm1c7f3NDb^AyeP6(#MaJ}-?C<|9*Z<~#nZW{nJ$^?8DgpzwPYl?EN@uCX zz9u_$0;mDt7_stfaM7$3C=_%O%?0YOr6didp#`9EohYy-P3pfg^bK-22fPdYks|&@ zWyks$X9Mxj`|=84Z@yNlvU*U3^)6UNIuc)*)KiHrL5`=GHrb|8nMqOGed6imw{!w= z#`*z3kSlvbL&9EMs~S=O&_c+VgNraFekqL)TuGo0gwyL=z$_x@Qw*&XR=7k$Y3Kp1 zAp%^pFEX!Dv|j)SrCQ3Jvf_8A6bVuUNEnTECAm9mkBE z1?%aAs9Btb$9q|fhuFD7xq`{CKJlzu&dD20SS{JMZMS?FnKSiE=JVY#zpzbE5Ftjl zULweCc`6l`#rtEm^Wvg zG-c{LK8!>+O+EA{0;kv>`S_t|oU!V%aazFJ`}>>>jI5@4$s(|vKg>c_cqci1cEzSN z|AVegdD-lgW2H{Bh!8C0?zI|+=Hum9!LTk=x}FA8komu#j$1ZNU|Q&?>V$*ax%0YI z)2aJeValy{_kNR;rDj-LRs6Ns?;9>r+9fr<6&qepp`+p@4KaeK2F);7tnpc&q&ug_ zyyBRu`=X|z^84iwozFg%#=hboe8kgxo*qG%lOMJbf@$u z`3C-qd4|CfuKMzW{whE0{+lI`Lb!_yM(#F+!LZlU5IMNsqray2hIu%OcvWO}T=D~@_)+Xos{#lz@48Qiqhy6Xxy$Z2x%e0oiKyjg&MaEF_cWBhi z=J(fehq8w_Zy^HQ`#1~9atyQ4U)0qm@S2F^n6Z?j^{Pn;8k9O&-MA%}YlyJF#Z1Y5#pi?VSK$j8Z;~>W%@-`ZUsgPjAL4m(=HpXqahzj|P zPn1+UDQ&qpmHbRuuTwisfV+e}!cooEe;|E!xm0kZ;>9UTC+}&wta0;9GeSi7s~LN_ zyu6ck>UnJu$4Z4}1WPqFsa~c2O6BLAbG?>Mz1sbTDsyCK!`o-IhP0JxdwB=_g--p} zR-XhXA7_&z5d+Mm)LP#WXR`rRm_g6eN?i~Gt~r9J;ozcYW|X{(6+w2_pulQFkCBTF zgXlX$iPgsRxGan9Z@SYTR;zP-XdJ{vH)^8=B1#!tovNZYa2oYn>P#!0MVXD)S3i_D zmsHrfb{X&7X|$35b#;%(HrmpzZy%DcRY|z$KVn?#pmyZ|75z3jw|d_R>UQ&KxtPB^ zuj|@Gu9NOl?YoU!>xQw_NrZhed#dH{x%lM%>FD?D#h{Fzv%~5tNDE2w4+3^k%yj^A z?Ch@{!M^sQp@&sb3l#Im9s?j632Q5r1b+}4Q+W6Uv}J+i&f9|rprb()nt~9haWEG` zBZ;;w30YgZNueNFT?ASf?gf%Cg9Z4tuFD$X^LouejVuB&E%K0h`*4f}nC`=+HRH2S zcLNa3#)VpgM@ByqwCR!DVls8z3ZV(oN{oBvLliSvrzRP_i*D;a&iIgy;%@;au*0!y zK!^}jwe!wf$TDSqA4-E?Fsw*fv`ag@hZ7FeXFYa1B-y1CN>xA$PzBy_uw*Ty@0|K@ z0x44AHuH#NtflfbD`&GHEKD3ZR55W!E!FwOqDX#Ub5~k=*4HBWwcpMf$(_wkJUUxO zw`<TNm-`o2Lefu#e|pLKALEoA4c_jZu?nf+ zNqF3Gn0!HfrWo#-^w3r5HZ?tbjR^KAVHC1dmG%pjqAU;xLk-{1*pp+6VI#j$3qjYb z2Y~=CucOpIG+?D*5Mh5XGG9Le&$AJLA{7iGE*Q^z6!b{exMepIv%&KH5*V_`ACzly zNG~WnE*grQ#cE4y`WiZez!lPr5COsii)hhOTUK!7_G{U9YJ7*u#$Hc=!rowZII%%V zVx{a5R3`}^e&BGlNAmnX-l8jE(NPO1q43osyz&U9aTr@Rcpru!3|c<(oZH;;Gknep zfrXgU5l&1q|AmH<*kGa|X3QZia)m+quR$asU`!c=0=g5#5~r>c`PaW3y2P`JIk^El zEfiaB=j#T0%v@<&_Ao6~%Y|!jE9O`B*qj36d0GTn73@Djfq5^%WD>6usd)Lg=wHo8 z8`yd1B?g&okvW)c^QN-rI1IPB`4z5`jox#HZ$<-l?^+R+9mYk#$Gw_eNz{e1&$P6jY zM9K4v{vR(`f9}DQe;_yD;M?*6fa^7rzcialKY__tdZfZfYaAlK-sP!*!wVRgY#{N~ zute;Q6!s+;hh7>36PKP(!plg8ajS~Qg^_s}qQVVP%^Z9==wHEu{K5$S9oGA2vkx{T zo&J_U-x6X#(}%As%g4sVl*2BUBGIdw1{e~){O%IYk&G?q1?qdn9>7-^z>iO0H*T=I zpM*zd>;MLhe1MP+->@93oRyVq$U0HjDUs42@JhDaDsKiLMND-G-oOZs@&kvii$^2y z$DjeRXXM|FM|1;ZbYrQRZ8E!M#f7&99UdUrIO#b9m@^*TQNXJ(>{p9iufl{9-tc9u zwL^-f6>M#ac$-UYmPxk?J4LL)+z5b?Tn^GZ>=Uk0e@x;K2ow$Wh3~~X8wk#}W|Q*O zRXng#I5tvBu1aE^NJ=2fc4d=6P!=9jPUd$^mdF`3EzS|?NEWjsleonzRvil`r~B|g zkjmDYEH_c=taKJVA!RiY_(_?wQrToeS&VKtJ6t)uxg=MOw_usE@L|F?Q~6S5QqpKr zmVUD6GQTu-vaDL5f{&&se6qJ;@?}8f;@hNc@nm&)T^;#UeM(tvfJhU*YKM+$gtO`| z+9~^(sg~~c4jWY;Z{^Mh{;ofi%_&s9Hsfu}Q_hIfwybLDBGaI|sR5TSBW&^mCQM`G zgcCN?%qnVw;c6vQQ?`z?OKkLWY=Ubx zGh@rs386Ekg)DxK90f@7EYHeYMGgS}j+c>j_y0gj~)BCzg-vWw`QfAL|i;v&W z_G8vta*(}t^Dr!e3u5y z&&pW*?WlSj*rxN0e>6Mpw0^QJ;QXD!|I3ZTUxBBmNGvW-NWn&;E>HGKorwJnxx6eT zg*b&PAGO}X&dowk@!NiuMMSm5MSSgUa_tf^?Pn*L_Eyd!Q%ekk>kRWFD;u&n$JO+! z8g14R3{HLxcArKrf+akjr8$|USX!OvPdfETOZ@6O*+_LlxeFq$LLvmLV&b%tp9Q5p z&kC>T)Vk<|;x1DiEy>tc%2Jfe@oOuvPhGy(jSgLQ?9$CN(e0dEw!6?}X3$k;&)57* zrOmGMmSRPPL4%N2&&+v6{FR=rEtB4rvVMu)yX|7*qcQ{aVfB%fg>D^FS7tK`eydzv zJnMbabk@Y3{ZC2aut60;N&)d^J zriCoqX-O|$mccfP4J9kj3?F_0YV(H*MmoG{RwiZh+*v0t?4 z%rorF5g45F%U*xhzErQ;bTz!&HlyI#&BHY>0`1b6?)v%dqC1%r#O*4m@8;z0;?(SR zcJG#Lm{0xMwV2#>L$?@Xu|U2wFB91tG_tTK-MP=*LF%nQ*~v#>)Iv8?#xOHQi?lfX zzLz<;cY9?~j%K<2$D)|!JFmFqFB8kJDwaL|-)|T8zUF*?h_&Pi*uxPh-Lb7F>t&^) zlpC!1{)2q~nr;6^Z2wkm|ITFp-UVh!VTML6FwqsUj~-~1mSlxgyU*Kc1$MQ1{$r(G zG|SCseNw;Aqj11YxyxsFa1>A@5NUlRb|6%G;AeawGHU(d(}CFWflu~<1d5GY*MStH z&BVq5l!yKHQC7!W?>fhJt+l!WcKiNz!lrhnrN^dj%a&M2R>#MkDaX<1_K#i1W{L8g@_`WFZUy2Np~m0!4}}j}UqQtA7kvX9j6}4A!_o%C0)un6d}f?ZZy( zaU&1C2=_c&m%V?K{d$ia$U*ukFhagi7Hi>E4IU)+!)crVBtFgD1M4_;Q;6}j9ojFP zdmx;TD3U;(oa)?>9wQ7WoqjSqjl>F$$}@}3WBy`io3sD{Aiz)q^6iaK5J%RJ7bLQE zK#MC3S*jzJ3sOP|DWx1Ni*!h(B*EZ=d<+0LddD~2gKK%o0P3>>fipnrEb-mpFZyQK zuewTJFzl`_3J^UH4$d33j|H3xCFtCbiK+hkoMA77gbNhe&Rf2E681e-s~c?a6GdWEyx?g($lwsku#VX1CrI(J6L8~%0$dcvpTyBz07_hb ze2^WO^9gfD8=(``-f4uJS%o_e72NY$JBAVg#?@p-umgpAmqJmtMFA9uJpu@nQgcL+%(uT+v9tH#?{Q zE_?VmgJd2Viial>;8H;x;r$1UWZ{2Y z2uoLXlnnbQ`4>^*pDF=RFDr(LhK3r=RG_$JcG7^tPj2nvfN*byB zibnzwl>Z=TA46d`ZXpidVIS}5=Ug%JB~dW}@Z}&SiFC-gR0=jgr+A0I>n(ADZ=uup z=KTZDm{;Wd9ns)zTw++k9-`1cFew)@W?NJI`1^wO_u|)g310?|>ai}tGPj04*GgYR zUk8gBJm@I;XgS{!jXe^VNomTyf9iSgLkJ0Y9|yFDC(?hx6++gvfavx^ECnG}k{@PK z+_&>2Ie&YHfFH0Qa4`8GZ1i8=+C#MK9^W-yaI-f3+Y#kia_2i3|1$)BSLVYHb3aKA zsTb5m4)X|)`{R(15fbn^7$E@i=`|n>ynHTuLQhXu_8bZ&f{2TyzNzy{3Vs5hPcqtf z3}d|J;?W-!7THtggDI|TX%C2|{mcE>0690ofVV@{1LoIAe>Ry8I86WD(I%sjKKf_sb3GBb;pA@;6?+j17yzN-vN_yP4~C-?@z@aW zSq?#PnY61RH8fg7$BjMO2Gpg|(>Sq9h( zeXBa~R+93^xx)jqb{KXtk1Huo(NeiKQDA_fwB-t5K=Pp~{$LsogUvmDo>CczDbG>}?Ygo_5)6L1f zdj7V=-#-Q0X=8Q&g3Rs^gs4O2Zw;tJKm26c4n-4LPYE96f1!?0kT;}>+%?Uhi9%Oj z--@D$KK&j->Lx@Ry;Rb^@6XgYZV4G1dD(|>{1BjvgHdc`&?Ri8jvMJCa7h8m>Oz)U zP-^6xaH-eKKWzYP07|cnLy7l1OPN-(2`OR|DWG71}keNA!2IyY)Snm!Kk=4&nOLJ5<97+%^D;UzvLccf`<$*l@Z|&XtKhur> z$MMZ!j2fvBVRm@$AVN|(jEz!0tjh-Epx*?%654JJF zU7~b-8gAX^X2|=`lv((|D3|k=bO_rSJ>?K5g@if?1nb@25kwrl&}6O<7T;dpCYdKz zdK;d_NXwr)#18LQshnelMr zQaxo{^Q?{BExID|axAP+_b>!iYVk-D<>cPq=%e}xN=06nOg*%EEu&pFDfLR3n5oMA z`bbCI=zBw_-(qvm@{D!{`3GrsbDxTfU3b5xMvL_rF(f`cLT8uv)|z!GM%d|AgG)9w zCglj*XP!)AR}~Q7YqxN5w4L<=GVCjN^DibJpU|2sxf}?u&l}xPV?(Nd8#ehWAHfZG zK(aooROb4@QxbEg7p~@e`TnJ|XHRwve6?A|SB;}Dzdq4!@_F=Br{3B3dE%9yJ+8?v zm~Tlh9pyVBKFQjPQngcGIW&@|G_Ln|-482j+~2dfQ&$~v`xrDgv=0{N3JFp~z#Bsr zC_z^iDuHx}t15NOmDE{Zk}+qYxz?Hkn=5Qbt}cEtqj{B**P<{d1l46ip4Lt-NYnqc zc&V*JA!CemPTC!bBsYAkc(Vp`N~hj*ZF^DAGx4tCtb1WAD%QQ5w31Fb2ADljQEb(J z?}hwqVXX4E0Yuj1cN(fNOZtHuaQ1gEr`fzRvL1lFcNVXP+eN?A+M&D6Nm&3{6Fj43 zI&dcclEPd&C{n{xsDgATDZt*IcJ*D+U0*etRcvQYj#{bM&^?OWHhB=C`Y3nHvNgnI zHtO_`m0iB?nd#6^FE{K7c1y(`Lk?!{{&HZ$&NpPAQ}H*a+`6B*_rAXE*_(5?U5f~3#pBX0?fKSLaPQ#GHqJ%s;-^^rpN1y-HVB;eV*UUzno7m zo!fLT=za+8af6lRI(w7ofo-4us5!lqV69E@-OgJp{C$N{w8tJ5(TKmhzRq}Wa?L|t zLUrTMth+86-M52(rZg=C0OYn)73o^<#Qz)#G^jmSlTC`Lc&+9Upl-V_&#Jr9xe!Ip z_4M$H8q0^)C3qc_?C&Wa#{;FR)Y*!?SeRV~4E}ES{kMCoXZ+eHQPZmuBF2o8ZQDG; zhP@MqMw72wn>%J(P_R4p7m>zA5fA2K*F65KD0Qh#`2inF7VgeV_}T&!A0=Nk@_7PN zTtrS`#4MWyrzKYkWy57l~?W+&I1bs&DyyCRHULbZJKB$@* zI>PCwQz5qsvr7~{@Ljjx!SGs>x_H$$M_oB*U3b+T%~*n` zg0Sn(pi#ZI$roy0Py5p@QdpPC#tf*9qE90<;g-qW5M5*hMw9Y1SJx@G@)UbiV{xEw zmHV)@#liYoxc>B+!eT;f!S%TVgt8T zE7c`GB*&b%_-E}Lbg1h7&71F9n!_rrjp@U&q?Cq_7Boobzvgtt9~aCh@wU%*M4n__ ziX|+}xRm%kF8JAfNyGmwT>JV!%#CEmHm5Q_~4;q;NQ$W0YM>hFHPL0{VTKkLS$2uM`Oxy1#K(HgVl`o;<3*l~RVJw4dw)!Xgd@uSOwX53ls{z1F^vcmj) zT0`5*8TvQd$(N$f*U~2!A$^&Ue-I~!A1hHc9ocO9!?2gH+4kAr?tjdDXg8%j-O#^T znaup9k3_p{9V&mg)Tm=Tmcby00L0dZ!Wkud+1Fzpr_vX=1KNFVM4BTT6=Em)Tr}iOn{EU zrEzdMC_ICMXQBu!4&gY;fXyLFQ5G_eMK5ZTdcOX=PAW_$#`D9 z7;ic6cc`^zg12W1L!0N(7BN1{JRc>-7smHRVEy#@ex_J|fbVaG-D}U^OTq?F`2jTS zzTYphaBN^4Kah^ypT^&xgAHQvgP7Q07C)GcJs{v8kYYn*{E%L3sGJ`0*6?FLu}x%KyX+JB+3Mdy}%K<;K&GYbV6`+3ZTym=!-zovLHzbB*TQs z2;4D!;W1O(aX@(73YTIpOd;V?slrqm?nI#QL^v)jPMAi=rKbtgb8s09VFnX-k|jLJ z#+?!fPf2l^GGS&fE=w-V8o^~x2(zbfIrGAtMcnCS;b|o<7beO@;PdoFd8YU?far`B zKHpxHPr?^aMFli`VW6lm9M6aoG3fZBG*M9wzW5_URLsPmWr@zR@#h4hb5eYXOjOc~ zFO`c*NAP76qOvJGb6&(;#FsCN%9Z#En79H#sMHr%ni8r2ag`OJ+Fo2uBGgdDH8jHc zK=Ju-0xM3;q7!P<#I-quI)=E8NvLOu>)C_`fw)0RXq1T?dkGih;tL~$rU`M=6oEZ2 zW-k(&m&MIWLJLgNf*`i)OIl5d96-XcB695|ToRE-mGEdpexQUOP87sR1azV>O(M)8 ziWm|RlPG3M#B8EOAdyIk7iE%*y~H-Tq-})QJ|StJB1-2a(nVs&vSeIc4U~T1jO+Wi z+zRUd^BGrA`hn69lzyP}1En7*{XpplN +// text/plain -> text/html. +package mimetype + +import ( + "io" + "io/ioutil" + "mime" + "os" + "sync/atomic" +) + +// readLimit is the maximum number of bytes from the input used when detecting. +var readLimit uint32 = 3072 + +// Detect returns the MIME type found from the provided byte slice. +// +// The result is always a valid MIME type, with application/octet-stream +// returned when identification failed. +func Detect(in []byte) *MIME { + // Using atomic because readLimit can be written at the same time in other goroutine. + l := atomic.LoadUint32(&readLimit) + if l > 0 && len(in) > int(l) { + in = in[:l] + } + mu.RLock() + defer mu.RUnlock() + return root.match(in, l) +} + +// DetectReader returns the MIME type of the provided reader. +// +// The result is always a valid MIME type, with application/octet-stream +// returned when identification failed with or without an error. +// Any error returned is related to the reading from the input reader. +// +// DetectReader assumes the reader offset is at the start. If the input is an +// io.ReadSeeker you previously read from, it should be rewinded before detection: +// reader.Seek(0, io.SeekStart) +func DetectReader(r io.Reader) (*MIME, error) { + var in []byte + var err error + + // Using atomic because readLimit can be written at the same time in other goroutine. + l := atomic.LoadUint32(&readLimit) + if l == 0 { + in, err = ioutil.ReadAll(r) + if err != nil { + return errMIME, err + } + } else { + var n int + in = make([]byte, l) + // io.UnexpectedEOF means len(r) < len(in). It is not an error in this case, + // it just means the input file is smaller than the allocated bytes slice. + n, err = io.ReadFull(r, in) + if err != nil && err != io.EOF && err != io.ErrUnexpectedEOF { + return errMIME, err + } + in = in[:n] + } + + mu.RLock() + defer mu.RUnlock() + return root.match(in, l), nil +} + +// DetectFile returns the MIME type of the provided file. +// +// The result is always a valid MIME type, with application/octet-stream +// returned when identification failed with or without an error. +// Any error returned is related to the opening and reading from the input file. +func DetectFile(path string) (*MIME, error) { + f, err := os.Open(path) + if err != nil { + return errMIME, err + } + defer f.Close() + + return DetectReader(f) +} + +// EqualsAny reports whether s MIME type is equal to any MIME type in mimes. +// MIME type equality test is done on the "type/subtype" section, ignores +// any optional MIME parameters, ignores any leading and trailing whitespace, +// and is case insensitive. +func EqualsAny(s string, mimes ...string) bool { + s, _, _ = mime.ParseMediaType(s) + for _, m := range mimes { + m, _, _ = mime.ParseMediaType(m) + if s == m { + return true + } + } + + return false +} + +// SetLimit sets the maximum number of bytes read from input when detecting the MIME type. +// Increasing the limit provides better detection for file formats which store +// their magical numbers towards the end of the file: docx, pptx, xlsx, etc. +// A limit of 0 means the whole input file will be used. +func SetLimit(limit uint32) { + // Using atomic because readLimit can be read at the same time in other goroutine. + atomic.StoreUint32(&readLimit, limit) +} + +// Extend adds detection for other file formats. +// It is equivalent to calling Extend() on the root mime type "application/octet-stream". +func Extend(detector func(raw []byte, limit uint32) bool, mime, extension string, aliases ...string) { + root.Extend(detector, mime, extension, aliases...) +} + +// Lookup finds a MIME object by its string representation. +// The representation can be the main mime type, or any of its aliases. +func Lookup(mime string) *MIME { + mu.RLock() + defer mu.RUnlock() + return root.lookup(mime) +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md new file mode 100644 index 0000000000..cdec4e674e --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md @@ -0,0 +1,178 @@ +## 172 Supported MIME types +This file is automatically generated when running tests. Do not edit manually. + +Extension | MIME type | Aliases +--------- | --------- | ------- +**n/a** | application/octet-stream | - +**.xpm** | image/x-xpixmap | - +**.7z** | application/x-7z-compressed | - +**.zip** | application/zip | application/x-zip, application/x-zip-compressed +**.xlsx** | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | - +**.docx** | application/vnd.openxmlformats-officedocument.wordprocessingml.document | - +**.pptx** | application/vnd.openxmlformats-officedocument.presentationml.presentation | - +**.epub** | application/epub+zip | - +**.jar** | application/jar | - +**.odt** | application/vnd.oasis.opendocument.text | application/x-vnd.oasis.opendocument.text +**.ott** | application/vnd.oasis.opendocument.text-template | application/x-vnd.oasis.opendocument.text-template +**.ods** | application/vnd.oasis.opendocument.spreadsheet | application/x-vnd.oasis.opendocument.spreadsheet +**.ots** | application/vnd.oasis.opendocument.spreadsheet-template | application/x-vnd.oasis.opendocument.spreadsheet-template +**.odp** | application/vnd.oasis.opendocument.presentation | application/x-vnd.oasis.opendocument.presentation +**.otp** | application/vnd.oasis.opendocument.presentation-template | application/x-vnd.oasis.opendocument.presentation-template +**.odg** | application/vnd.oasis.opendocument.graphics | application/x-vnd.oasis.opendocument.graphics +**.otg** | application/vnd.oasis.opendocument.graphics-template | application/x-vnd.oasis.opendocument.graphics-template +**.odf** | application/vnd.oasis.opendocument.formula | application/x-vnd.oasis.opendocument.formula +**.odc** | application/vnd.oasis.opendocument.chart | application/x-vnd.oasis.opendocument.chart +**.sxc** | application/vnd.sun.xml.calc | - +**.pdf** | application/pdf | application/x-pdf +**.fdf** | application/vnd.fdf | - +**n/a** | application/x-ole-storage | - +**.msi** | application/x-ms-installer | application/x-windows-installer, application/x-msi +**.aaf** | application/octet-stream | - +**.msg** | application/vnd.ms-outlook | - +**.xls** | application/vnd.ms-excel | application/msexcel +**.pub** | application/vnd.ms-publisher | - +**.ppt** | application/vnd.ms-powerpoint | application/mspowerpoint +**.doc** | application/msword | application/vnd.ms-word +**.ps** | application/postscript | - +**.psd** | image/vnd.adobe.photoshop | image/x-psd, application/photoshop +**.p7s** | application/pkcs7-signature | - +**.ogg** | application/ogg | application/x-ogg +**.oga** | audio/ogg | - +**.ogv** | video/ogg | - +**.png** | image/png | - +**.png** | image/vnd.mozilla.apng | - +**.jpg** | image/jpeg | - +**.jxl** | image/jxl | - +**.jp2** | image/jp2 | - +**.jpf** | image/jpx | - +**.jpm** | image/jpm | video/jpm +**.jxs** | image/jxs | - +**.gif** | image/gif | - +**.webp** | image/webp | - +**.exe** | application/vnd.microsoft.portable-executable | - +**n/a** | application/x-elf | - +**n/a** | application/x-object | - +**n/a** | application/x-executable | - +**.so** | application/x-sharedlib | - +**n/a** | application/x-coredump | - +**.a** | application/x-archive | application/x-unix-archive +**.deb** | application/vnd.debian.binary-package | - +**.tar** | application/x-tar | - +**.xar** | application/x-xar | - +**.bz2** | application/x-bzip2 | - +**.fits** | application/fits | - +**.tiff** | image/tiff | - +**.bmp** | image/bmp | image/x-bmp, image/x-ms-bmp +**.ico** | image/x-icon | - +**.mp3** | audio/mpeg | audio/x-mpeg, audio/mp3 +**.flac** | audio/flac | - +**.midi** | audio/midi | audio/mid, audio/sp-midi, audio/x-mid, audio/x-midi +**.ape** | audio/ape | - +**.mpc** | audio/musepack | - +**.amr** | audio/amr | audio/amr-nb +**.wav** | audio/wav | audio/x-wav, audio/vnd.wave, audio/wave +**.aiff** | audio/aiff | audio/x-aiff +**.au** | audio/basic | - +**.mpeg** | video/mpeg | - +**.mov** | video/quicktime | - +**.mqv** | video/quicktime | - +**.mp4** | video/mp4 | - +**.webm** | video/webm | audio/webm +**.3gp** | video/3gpp | video/3gp, audio/3gpp +**.3g2** | video/3gpp2 | video/3g2, audio/3gpp2 +**.avi** | video/x-msvideo | video/avi, video/msvideo +**.flv** | video/x-flv | - +**.mkv** | video/x-matroska | - +**.asf** | video/x-ms-asf | video/asf, video/x-ms-wmv +**.aac** | audio/aac | - +**.voc** | audio/x-unknown | - +**.mp4** | audio/mp4 | audio/x-m4a, audio/x-mp4a +**.m4a** | audio/x-m4a | - +**.m3u** | application/vnd.apple.mpegurl | audio/mpegurl +**.m4v** | video/x-m4v | - +**.rmvb** | application/vnd.rn-realmedia-vbr | - +**.gz** | application/gzip | application/x-gzip, application/x-gunzip, application/gzipped, application/gzip-compressed, application/x-gzip-compressed, gzip/document +**.class** | application/x-java-applet | - +**.swf** | application/x-shockwave-flash | - +**.crx** | application/x-chrome-extension | - +**.ttf** | font/ttf | font/sfnt, application/x-font-ttf, application/font-sfnt +**.woff** | font/woff | - +**.woff2** | font/woff2 | - +**.otf** | font/otf | - +**.ttc** | font/collection | - +**.eot** | application/vnd.ms-fontobject | - +**.wasm** | application/wasm | - +**.shx** | application/vnd.shx | - +**.shp** | application/vnd.shp | - +**.dbf** | application/x-dbf | - +**.dcm** | application/dicom | - +**.rar** | application/x-rar-compressed | application/x-rar +**.djvu** | image/vnd.djvu | - +**.mobi** | application/x-mobipocket-ebook | - +**.lit** | application/x-ms-reader | - +**.bpg** | image/bpg | - +**.sqlite** | application/vnd.sqlite3 | application/x-sqlite3 +**.dwg** | image/vnd.dwg | image/x-dwg, application/acad, application/x-acad, application/autocad_dwg, application/dwg, application/x-dwg, application/x-autocad, drawing/dwg +**.nes** | application/vnd.nintendo.snes.rom | - +**.lnk** | application/x-ms-shortcut | - +**.macho** | application/x-mach-binary | - +**.qcp** | audio/qcelp | - +**.icns** | image/x-icns | - +**.heic** | image/heic | - +**.heic** | image/heic-sequence | - +**.heif** | image/heif | - +**.heif** | image/heif-sequence | - +**.hdr** | image/vnd.radiance | - +**.mrc** | application/marc | - +**.mdb** | application/x-msaccess | - +**.accdb** | application/x-msaccess | - +**.zst** | application/zstd | - +**.cab** | application/vnd.ms-cab-compressed | - +**.rpm** | application/x-rpm | - +**.xz** | application/x-xz | - +**.lz** | application/lzip | application/x-lzip +**.torrent** | application/x-bittorrent | - +**.cpio** | application/x-cpio | - +**n/a** | application/tzif | - +**.xcf** | image/x-xcf | - +**.pat** | image/x-gimp-pat | - +**.gbr** | image/x-gimp-gbr | - +**.glb** | model/gltf-binary | - +**.avif** | image/avif | - +**.cab** | application/x-installshield | - +**.jxr** | image/jxr | image/vnd.ms-photo +**.txt** | text/plain | - +**.html** | text/html | - +**.svg** | image/svg+xml | - +**.xml** | text/xml | - +**.rss** | application/rss+xml | text/rss +**.atom** | application/atom+xml | - +**.x3d** | model/x3d+xml | - +**.kml** | application/vnd.google-earth.kml+xml | - +**.xlf** | application/x-xliff+xml | - +**.dae** | model/vnd.collada+xml | - +**.gml** | application/gml+xml | - +**.gpx** | application/gpx+xml | - +**.tcx** | application/vnd.garmin.tcx+xml | - +**.amf** | application/x-amf | - +**.3mf** | application/vnd.ms-package.3dmanufacturing-3dmodel+xml | - +**.xfdf** | application/vnd.adobe.xfdf | - +**.owl** | application/owl+xml | - +**.php** | text/x-php | - +**.js** | application/javascript | application/x-javascript, text/javascript +**.lua** | text/x-lua | - +**.pl** | text/x-perl | - +**.py** | text/x-python | text/x-script.python, application/x-python +**.json** | application/json | - +**.geojson** | application/geo+json | - +**.har** | application/json | - +**.ndjson** | application/x-ndjson | - +**.rtf** | text/rtf | - +**.srt** | application/x-subrip | application/x-srt, text/x-srt +**.tcl** | text/x-tcl | application/x-tcl +**.csv** | text/csv | - +**.tsv** | text/tab-separated-values | - +**.vcf** | text/vcard | - +**.ics** | text/calendar | - +**.warc** | application/warc | - +**.vtt** | text/vtt | - diff --git a/vendor/github.com/gabriel-vasile/mimetype/tree.go b/vendor/github.com/gabriel-vasile/mimetype/tree.go new file mode 100644 index 0000000000..253bd00649 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/tree.go @@ -0,0 +1,260 @@ +package mimetype + +import ( + "sync" + + "github.com/gabriel-vasile/mimetype/internal/magic" +) + +// mimetype stores the list of MIME types in a tree structure with +// "application/octet-stream" at the root of the hierarchy. The hierarchy +// approach minimizes the number of checks that need to be done on the input +// and allows for more precise results once the base type of file has been +// identified. +// +// root is a detector which passes for any slice of bytes. +// When a detector passes the check, the children detectors +// are tried in order to find a more accurate MIME type. +var root = newMIME("application/octet-stream", "", + func([]byte, uint32) bool { return true }, + xpm, sevenZ, zip, pdf, fdf, ole, ps, psd, p7s, ogg, png, jpg, jxl, jp2, jpx, + jpm, jxs, gif, webp, exe, elf, ar, tar, xar, bz2, fits, tiff, bmp, ico, mp3, flac, + midi, ape, musePack, amr, wav, aiff, au, mpeg, quickTime, mqv, mp4, webM, + threeGP, threeG2, avi, flv, mkv, asf, aac, voc, aMp4, m4a, m3u, m4v, rmvb, + gzip, class, swf, crx, ttf, woff, woff2, otf, ttc, eot, wasm, shx, dbf, dcm, rar, + djvu, mobi, lit, bpg, sqlite3, dwg, nes, lnk, macho, qcp, icns, heic, + heicSeq, heif, heifSeq, hdr, mrc, mdb, accdb, zstd, cab, rpm, xz, lzip, + torrent, cpio, tzif, xcf, pat, gbr, glb, avif, cabIS, jxr, + // Keep text last because it is the slowest check + text, +) + +// errMIME is returned from Detect functions when err is not nil. +// Detect could return root for erroneous cases, but it needs to lock mu in order to do so. +// errMIME is same as root but it does not require locking. +var errMIME = newMIME("application/octet-stream", "", func([]byte, uint32) bool { return false }) + +// mu guards access to the root MIME tree. Access to root must be synchronized with this lock. +var mu = &sync.RWMutex{} + +// The list of nodes appended to the root node. +var ( + xz = newMIME("application/x-xz", ".xz", magic.Xz) + gzip = newMIME("application/gzip", ".gz", magic.Gzip).alias( + "application/x-gzip", "application/x-gunzip", "application/gzipped", + "application/gzip-compressed", "application/x-gzip-compressed", + "gzip/document") + sevenZ = newMIME("application/x-7z-compressed", ".7z", magic.SevenZ) + zip = newMIME("application/zip", ".zip", magic.Zip, xlsx, docx, pptx, epub, jar, odt, ods, odp, odg, odf, odc, sxc). + alias("application/x-zip", "application/x-zip-compressed") + tar = newMIME("application/x-tar", ".tar", magic.Tar) + xar = newMIME("application/x-xar", ".xar", magic.Xar) + bz2 = newMIME("application/x-bzip2", ".bz2", magic.Bz2) + pdf = newMIME("application/pdf", ".pdf", magic.Pdf). + alias("application/x-pdf") + fdf = newMIME("application/vnd.fdf", ".fdf", magic.Fdf) + xlsx = newMIME("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", ".xlsx", magic.Xlsx) + docx = newMIME("application/vnd.openxmlformats-officedocument.wordprocessingml.document", ".docx", magic.Docx) + pptx = newMIME("application/vnd.openxmlformats-officedocument.presentationml.presentation", ".pptx", magic.Pptx) + epub = newMIME("application/epub+zip", ".epub", magic.Epub) + jar = newMIME("application/jar", ".jar", magic.Jar) + ole = newMIME("application/x-ole-storage", "", magic.Ole, msi, aaf, msg, xls, pub, ppt, doc) + msi = newMIME("application/x-ms-installer", ".msi", magic.Msi). + alias("application/x-windows-installer", "application/x-msi") + aaf = newMIME("application/octet-stream", ".aaf", magic.Aaf) + doc = newMIME("application/msword", ".doc", magic.Doc). + alias("application/vnd.ms-word") + ppt = newMIME("application/vnd.ms-powerpoint", ".ppt", magic.Ppt). + alias("application/mspowerpoint") + pub = newMIME("application/vnd.ms-publisher", ".pub", magic.Pub) + xls = newMIME("application/vnd.ms-excel", ".xls", magic.Xls). + alias("application/msexcel") + msg = newMIME("application/vnd.ms-outlook", ".msg", magic.Msg) + ps = newMIME("application/postscript", ".ps", magic.Ps) + fits = newMIME("application/fits", ".fits", magic.Fits) + ogg = newMIME("application/ogg", ".ogg", magic.Ogg, oggAudio, oggVideo). + alias("application/x-ogg") + oggAudio = newMIME("audio/ogg", ".oga", magic.OggAudio) + oggVideo = newMIME("video/ogg", ".ogv", magic.OggVideo) + text = newMIME("text/plain", ".txt", magic.Text, html, svg, xml, php, js, lua, perl, python, json, ndJSON, rtf, srt, tcl, csv, tsv, vCard, iCalendar, warc, vtt) + xml = newMIME("text/xml", ".xml", magic.XML, rss, atom, x3d, kml, xliff, collada, gml, gpx, tcx, amf, threemf, xfdf, owl2) + json = newMIME("application/json", ".json", magic.JSON, geoJSON, har) + har = newMIME("application/json", ".har", magic.HAR) + csv = newMIME("text/csv", ".csv", magic.Csv) + tsv = newMIME("text/tab-separated-values", ".tsv", magic.Tsv) + geoJSON = newMIME("application/geo+json", ".geojson", magic.GeoJSON) + ndJSON = newMIME("application/x-ndjson", ".ndjson", magic.NdJSON) + html = newMIME("text/html", ".html", magic.HTML) + php = newMIME("text/x-php", ".php", magic.Php) + rtf = newMIME("text/rtf", ".rtf", magic.Rtf) + js = newMIME("application/javascript", ".js", magic.Js). + alias("application/x-javascript", "text/javascript") + srt = newMIME("application/x-subrip", ".srt", magic.Srt). + alias("application/x-srt", "text/x-srt") + vtt = newMIME("text/vtt", ".vtt", magic.Vtt) + lua = newMIME("text/x-lua", ".lua", magic.Lua) + perl = newMIME("text/x-perl", ".pl", magic.Perl) + python = newMIME("text/x-python", ".py", magic.Python). + alias("text/x-script.python", "application/x-python") + tcl = newMIME("text/x-tcl", ".tcl", magic.Tcl). + alias("application/x-tcl") + vCard = newMIME("text/vcard", ".vcf", magic.VCard) + iCalendar = newMIME("text/calendar", ".ics", magic.ICalendar) + svg = newMIME("image/svg+xml", ".svg", magic.Svg) + rss = newMIME("application/rss+xml", ".rss", magic.Rss). + alias("text/rss") + owl2 = newMIME("application/owl+xml", ".owl", magic.Owl2) + atom = newMIME("application/atom+xml", ".atom", magic.Atom) + x3d = newMIME("model/x3d+xml", ".x3d", magic.X3d) + kml = newMIME("application/vnd.google-earth.kml+xml", ".kml", magic.Kml) + xliff = newMIME("application/x-xliff+xml", ".xlf", magic.Xliff) + collada = newMIME("model/vnd.collada+xml", ".dae", magic.Collada) + gml = newMIME("application/gml+xml", ".gml", magic.Gml) + gpx = newMIME("application/gpx+xml", ".gpx", magic.Gpx) + tcx = newMIME("application/vnd.garmin.tcx+xml", ".tcx", magic.Tcx) + amf = newMIME("application/x-amf", ".amf", magic.Amf) + threemf = newMIME("application/vnd.ms-package.3dmanufacturing-3dmodel+xml", ".3mf", magic.Threemf) + png = newMIME("image/png", ".png", magic.Png, apng) + apng = newMIME("image/vnd.mozilla.apng", ".png", magic.Apng) + jpg = newMIME("image/jpeg", ".jpg", magic.Jpg) + jxl = newMIME("image/jxl", ".jxl", magic.Jxl) + jp2 = newMIME("image/jp2", ".jp2", magic.Jp2) + jpx = newMIME("image/jpx", ".jpf", magic.Jpx) + jpm = newMIME("image/jpm", ".jpm", magic.Jpm). + alias("video/jpm") + jxs = newMIME("image/jxs", ".jxs", magic.Jxs) + xpm = newMIME("image/x-xpixmap", ".xpm", magic.Xpm) + bpg = newMIME("image/bpg", ".bpg", magic.Bpg) + gif = newMIME("image/gif", ".gif", magic.Gif) + webp = newMIME("image/webp", ".webp", magic.Webp) + tiff = newMIME("image/tiff", ".tiff", magic.Tiff) + bmp = newMIME("image/bmp", ".bmp", magic.Bmp). + alias("image/x-bmp", "image/x-ms-bmp") + ico = newMIME("image/x-icon", ".ico", magic.Ico) + icns = newMIME("image/x-icns", ".icns", magic.Icns) + psd = newMIME("image/vnd.adobe.photoshop", ".psd", magic.Psd). + alias("image/x-psd", "application/photoshop") + heic = newMIME("image/heic", ".heic", magic.Heic) + heicSeq = newMIME("image/heic-sequence", ".heic", magic.HeicSequence) + heif = newMIME("image/heif", ".heif", magic.Heif) + heifSeq = newMIME("image/heif-sequence", ".heif", magic.HeifSequence) + hdr = newMIME("image/vnd.radiance", ".hdr", magic.Hdr) + avif = newMIME("image/avif", ".avif", magic.AVIF) + mp3 = newMIME("audio/mpeg", ".mp3", magic.Mp3). + alias("audio/x-mpeg", "audio/mp3") + flac = newMIME("audio/flac", ".flac", magic.Flac) + midi = newMIME("audio/midi", ".midi", magic.Midi). + alias("audio/mid", "audio/sp-midi", "audio/x-mid", "audio/x-midi") + ape = newMIME("audio/ape", ".ape", magic.Ape) + musePack = newMIME("audio/musepack", ".mpc", magic.MusePack) + wav = newMIME("audio/wav", ".wav", magic.Wav). + alias("audio/x-wav", "audio/vnd.wave", "audio/wave") + aiff = newMIME("audio/aiff", ".aiff", magic.Aiff).alias("audio/x-aiff") + au = newMIME("audio/basic", ".au", magic.Au) + amr = newMIME("audio/amr", ".amr", magic.Amr). + alias("audio/amr-nb") + aac = newMIME("audio/aac", ".aac", magic.AAC) + voc = newMIME("audio/x-unknown", ".voc", magic.Voc) + aMp4 = newMIME("audio/mp4", ".mp4", magic.AMp4). + alias("audio/x-m4a", "audio/x-mp4a") + m4a = newMIME("audio/x-m4a", ".m4a", magic.M4a) + m3u = newMIME("application/vnd.apple.mpegurl", ".m3u", magic.M3u). + alias("audio/mpegurl") + m4v = newMIME("video/x-m4v", ".m4v", magic.M4v) + mp4 = newMIME("video/mp4", ".mp4", magic.Mp4) + webM = newMIME("video/webm", ".webm", magic.WebM). + alias("audio/webm") + mpeg = newMIME("video/mpeg", ".mpeg", magic.Mpeg) + quickTime = newMIME("video/quicktime", ".mov", magic.QuickTime) + mqv = newMIME("video/quicktime", ".mqv", magic.Mqv) + threeGP = newMIME("video/3gpp", ".3gp", magic.ThreeGP). + alias("video/3gp", "audio/3gpp") + threeG2 = newMIME("video/3gpp2", ".3g2", magic.ThreeG2). + alias("video/3g2", "audio/3gpp2") + avi = newMIME("video/x-msvideo", ".avi", magic.Avi). + alias("video/avi", "video/msvideo") + flv = newMIME("video/x-flv", ".flv", magic.Flv) + mkv = newMIME("video/x-matroska", ".mkv", magic.Mkv) + asf = newMIME("video/x-ms-asf", ".asf", magic.Asf). + alias("video/asf", "video/x-ms-wmv") + rmvb = newMIME("application/vnd.rn-realmedia-vbr", ".rmvb", magic.Rmvb) + class = newMIME("application/x-java-applet", ".class", magic.Class) + swf = newMIME("application/x-shockwave-flash", ".swf", magic.SWF) + crx = newMIME("application/x-chrome-extension", ".crx", magic.CRX) + ttf = newMIME("font/ttf", ".ttf", magic.Ttf). + alias("font/sfnt", "application/x-font-ttf", "application/font-sfnt") + woff = newMIME("font/woff", ".woff", magic.Woff) + woff2 = newMIME("font/woff2", ".woff2", magic.Woff2) + otf = newMIME("font/otf", ".otf", magic.Otf) + ttc = newMIME("font/collection", ".ttc", magic.Ttc) + eot = newMIME("application/vnd.ms-fontobject", ".eot", magic.Eot) + wasm = newMIME("application/wasm", ".wasm", magic.Wasm) + shp = newMIME("application/vnd.shp", ".shp", magic.Shp) + shx = newMIME("application/vnd.shx", ".shx", magic.Shx, shp) + dbf = newMIME("application/x-dbf", ".dbf", magic.Dbf) + exe = newMIME("application/vnd.microsoft.portable-executable", ".exe", magic.Exe) + elf = newMIME("application/x-elf", "", magic.Elf, elfObj, elfExe, elfLib, elfDump) + elfObj = newMIME("application/x-object", "", magic.ElfObj) + elfExe = newMIME("application/x-executable", "", magic.ElfExe) + elfLib = newMIME("application/x-sharedlib", ".so", magic.ElfLib) + elfDump = newMIME("application/x-coredump", "", magic.ElfDump) + ar = newMIME("application/x-archive", ".a", magic.Ar, deb). + alias("application/x-unix-archive") + deb = newMIME("application/vnd.debian.binary-package", ".deb", magic.Deb) + rpm = newMIME("application/x-rpm", ".rpm", magic.RPM) + dcm = newMIME("application/dicom", ".dcm", magic.Dcm) + odt = newMIME("application/vnd.oasis.opendocument.text", ".odt", magic.Odt, ott). + alias("application/x-vnd.oasis.opendocument.text") + ott = newMIME("application/vnd.oasis.opendocument.text-template", ".ott", magic.Ott). + alias("application/x-vnd.oasis.opendocument.text-template") + ods = newMIME("application/vnd.oasis.opendocument.spreadsheet", ".ods", magic.Ods, ots). + alias("application/x-vnd.oasis.opendocument.spreadsheet") + ots = newMIME("application/vnd.oasis.opendocument.spreadsheet-template", ".ots", magic.Ots). + alias("application/x-vnd.oasis.opendocument.spreadsheet-template") + odp = newMIME("application/vnd.oasis.opendocument.presentation", ".odp", magic.Odp, otp). + alias("application/x-vnd.oasis.opendocument.presentation") + otp = newMIME("application/vnd.oasis.opendocument.presentation-template", ".otp", magic.Otp). + alias("application/x-vnd.oasis.opendocument.presentation-template") + odg = newMIME("application/vnd.oasis.opendocument.graphics", ".odg", magic.Odg, otg). + alias("application/x-vnd.oasis.opendocument.graphics") + otg = newMIME("application/vnd.oasis.opendocument.graphics-template", ".otg", magic.Otg). + alias("application/x-vnd.oasis.opendocument.graphics-template") + odf = newMIME("application/vnd.oasis.opendocument.formula", ".odf", magic.Odf). + alias("application/x-vnd.oasis.opendocument.formula") + odc = newMIME("application/vnd.oasis.opendocument.chart", ".odc", magic.Odc). + alias("application/x-vnd.oasis.opendocument.chart") + sxc = newMIME("application/vnd.sun.xml.calc", ".sxc", magic.Sxc) + rar = newMIME("application/x-rar-compressed", ".rar", magic.RAR). + alias("application/x-rar") + djvu = newMIME("image/vnd.djvu", ".djvu", magic.DjVu) + mobi = newMIME("application/x-mobipocket-ebook", ".mobi", magic.Mobi) + lit = newMIME("application/x-ms-reader", ".lit", magic.Lit) + sqlite3 = newMIME("application/vnd.sqlite3", ".sqlite", magic.Sqlite). + alias("application/x-sqlite3") + dwg = newMIME("image/vnd.dwg", ".dwg", magic.Dwg). + alias("image/x-dwg", "application/acad", "application/x-acad", + "application/autocad_dwg", "application/dwg", "application/x-dwg", + "application/x-autocad", "drawing/dwg") + warc = newMIME("application/warc", ".warc", magic.Warc) + nes = newMIME("application/vnd.nintendo.snes.rom", ".nes", magic.Nes) + lnk = newMIME("application/x-ms-shortcut", ".lnk", magic.Lnk) + macho = newMIME("application/x-mach-binary", ".macho", magic.MachO) + qcp = newMIME("audio/qcelp", ".qcp", magic.Qcp) + mrc = newMIME("application/marc", ".mrc", magic.Marc) + mdb = newMIME("application/x-msaccess", ".mdb", magic.MsAccessMdb) + accdb = newMIME("application/x-msaccess", ".accdb", magic.MsAccessAce) + zstd = newMIME("application/zstd", ".zst", magic.Zstd) + cab = newMIME("application/vnd.ms-cab-compressed", ".cab", magic.Cab) + cabIS = newMIME("application/x-installshield", ".cab", magic.InstallShieldCab) + lzip = newMIME("application/lzip", ".lz", magic.Lzip).alias("application/x-lzip") + torrent = newMIME("application/x-bittorrent", ".torrent", magic.Torrent) + cpio = newMIME("application/x-cpio", ".cpio", magic.Cpio) + tzif = newMIME("application/tzif", "", magic.TzIf) + p7s = newMIME("application/pkcs7-signature", ".p7s", magic.P7s) + xcf = newMIME("image/x-xcf", ".xcf", magic.Xcf) + pat = newMIME("image/x-gimp-pat", ".pat", magic.Pat) + gbr = newMIME("image/x-gimp-gbr", ".gbr", magic.Gbr) + xfdf = newMIME("application/vnd.adobe.xfdf", ".xfdf", magic.Xfdf) + glb = newMIME("model/gltf-binary", ".glb", magic.Glb) + jxr = newMIME("image/jxr", ".jxr", magic.Jxr).alias("image/vnd.ms-photo") +) diff --git a/vendor/github.com/go-chi/chi/.gitignore b/vendor/github.com/go-chi/chi/.gitignore new file mode 100644 index 0000000000..ba22c99a99 --- /dev/null +++ b/vendor/github.com/go-chi/chi/.gitignore @@ -0,0 +1,3 @@ +.idea +*.sw? +.vscode diff --git a/vendor/github.com/go-chi/chi/.travis.yml b/vendor/github.com/go-chi/chi/.travis.yml new file mode 100644 index 0000000000..7b8e26bcee --- /dev/null +++ b/vendor/github.com/go-chi/chi/.travis.yml @@ -0,0 +1,20 @@ +language: go + +go: + - 1.10.x + - 1.11.x + - 1.12.x + - 1.13.x + - 1.14.x + +script: + - go get -d -t ./... + - go vet ./... + - go test ./... + - > + go_version=$(go version); + if [ ${go_version:13:4} = "1.12" ]; then + go get -u golang.org/x/tools/cmd/goimports; + goimports -d -e ./ | grep '.*' && { echo; echo "Aborting due to non-empty goimports output."; exit 1; } || :; + fi + diff --git a/vendor/github.com/go-chi/chi/CHANGELOG.md b/vendor/github.com/go-chi/chi/CHANGELOG.md new file mode 100644 index 0000000000..9a64a72eec --- /dev/null +++ b/vendor/github.com/go-chi/chi/CHANGELOG.md @@ -0,0 +1,190 @@ +# Changelog + +## v4.1.2 (2020-06-02) + +- fix that handles MethodNotAllowed with path variables, thank you @caseyhadden for your contribution +- fix to replace nested wildcards correctly in RoutePattern, thank you @@unmultimedio for your contribution +- History of changes: see https://github.com/go-chi/chi/compare/v4.1.1...v4.1.2 + + +## v4.1.1 (2020-04-16) + +- fix for issue https://github.com/go-chi/chi/issues/411 which allows for overlapping regexp + route to the correct handler through a recursive tree search, thanks to @Jahaja for the PR/fix! +- new middleware.RouteHeaders as a simple router for request headers with wildcard support +- History of changes: see https://github.com/go-chi/chi/compare/v4.1.0...v4.1.1 + + +## v4.1.0 (2020-04-1) + +- middleware.LogEntry: Write method on interface now passes the response header + and an extra interface type useful for custom logger implementations. +- middleware.WrapResponseWriter: minor fix +- middleware.Recoverer: a bit prettier +- History of changes: see https://github.com/go-chi/chi/compare/v4.0.4...v4.1.0 + + +## v4.0.4 (2020-03-24) + +- middleware.Recoverer: new pretty stack trace printing (https://github.com/go-chi/chi/pull/496) +- a few minor improvements and fixes +- History of changes: see https://github.com/go-chi/chi/compare/v4.0.3...v4.0.4 + + +## v4.0.3 (2020-01-09) + +- core: fix regexp routing to include default value when param is not matched +- middleware: rewrite of middleware.Compress +- middleware: suppress http.ErrAbortHandler in middleware.Recoverer +- History of changes: see https://github.com/go-chi/chi/compare/v4.0.2...v4.0.3 + + +## v4.0.2 (2019-02-26) + +- Minor fixes +- History of changes: see https://github.com/go-chi/chi/compare/v4.0.1...v4.0.2 + + +## v4.0.1 (2019-01-21) + +- Fixes issue with compress middleware: #382 #385 +- History of changes: see https://github.com/go-chi/chi/compare/v4.0.0...v4.0.1 + + +## v4.0.0 (2019-01-10) + +- chi v4 requires Go 1.10.3+ (or Go 1.9.7+) - we have deprecated support for Go 1.7 and 1.8 +- router: respond with 404 on router with no routes (#362) +- router: additional check to ensure wildcard is at the end of a url pattern (#333) +- middleware: deprecate use of http.CloseNotifier (#347) +- middleware: fix RedirectSlashes to include query params on redirect (#334) +- History of changes: see https://github.com/go-chi/chi/compare/v3.3.4...v4.0.0 + + +## v3.3.4 (2019-01-07) + +- Minor middleware improvements. No changes to core library/router. Moving v3 into its +- own branch as a version of chi for Go 1.7, 1.8, 1.9, 1.10, 1.11 +- History of changes: see https://github.com/go-chi/chi/compare/v3.3.3...v3.3.4 + + +## v3.3.3 (2018-08-27) + +- Minor release +- See https://github.com/go-chi/chi/compare/v3.3.2...v3.3.3 + + +## v3.3.2 (2017-12-22) + +- Support to route trailing slashes on mounted sub-routers (#281) +- middleware: new `ContentCharset` to check matching charsets. Thank you + @csucu for your community contribution! + + +## v3.3.1 (2017-11-20) + +- middleware: new `AllowContentType` handler for explicit whitelist of accepted request Content-Types +- middleware: new `SetHeader` handler for short-hand middleware to set a response header key/value +- Minor bug fixes + + +## v3.3.0 (2017-10-10) + +- New chi.RegisterMethod(method) to add support for custom HTTP methods, see _examples/custom-method for usage +- Deprecated LINK and UNLINK methods from the default list, please use `chi.RegisterMethod("LINK")` and `chi.RegisterMethod("UNLINK")` in an `init()` function + + +## v3.2.1 (2017-08-31) + +- Add new `Match(rctx *Context, method, path string) bool` method to `Routes` interface + and `Mux`. Match searches the mux's routing tree for a handler that matches the method/path +- Add new `RouteMethod` to `*Context` +- Add new `Routes` pointer to `*Context` +- Add new `middleware.GetHead` to route missing HEAD requests to GET handler +- Updated benchmarks (see README) + + +## v3.1.5 (2017-08-02) + +- Setup golint and go vet for the project +- As per golint, we've redefined `func ServerBaseContext(h http.Handler, baseCtx context.Context) http.Handler` + to `func ServerBaseContext(baseCtx context.Context, h http.Handler) http.Handler` + + +## v3.1.0 (2017-07-10) + +- Fix a few minor issues after v3 release +- Move `docgen` sub-pkg to https://github.com/go-chi/docgen +- Move `render` sub-pkg to https://github.com/go-chi/render +- Add new `URLFormat` handler to chi/middleware sub-pkg to make working with url mime + suffixes easier, ie. parsing `/articles/1.json` and `/articles/1.xml`. See comments in + https://github.com/go-chi/chi/blob/master/middleware/url_format.go for example usage. + + +## v3.0.0 (2017-06-21) + +- Major update to chi library with many exciting updates, but also some *breaking changes* +- URL parameter syntax changed from `/:id` to `/{id}` for even more flexible routing, such as + `/articles/{month}-{day}-{year}-{slug}`, `/articles/{id}`, and `/articles/{id}.{ext}` on the + same router +- Support for regexp for routing patterns, in the form of `/{paramKey:regExp}` for example: + `r.Get("/articles/{name:[a-z]+}", h)` and `chi.URLParam(r, "name")` +- Add `Method` and `MethodFunc` to `chi.Router` to allow routing definitions such as + `r.Method("GET", "/", h)` which provides a cleaner interface for custom handlers like + in `_examples/custom-handler` +- Deprecating `mux#FileServer` helper function. Instead, we encourage users to create their + own using file handler with the stdlib, see `_examples/fileserver` for an example +- Add support for LINK/UNLINK http methods via `r.Method()` and `r.MethodFunc()` +- Moved the chi project to its own organization, to allow chi-related community packages to + be easily discovered and supported, at: https://github.com/go-chi +- *NOTE:* please update your import paths to `"github.com/go-chi/chi"` +- *NOTE:* chi v2 is still available at https://github.com/go-chi/chi/tree/v2 + + +## v2.1.0 (2017-03-30) + +- Minor improvements and update to the chi core library +- Introduced a brand new `chi/render` sub-package to complete the story of building + APIs to offer a pattern for managing well-defined request / response payloads. Please + check out the updated `_examples/rest` example for how it works. +- Added `MethodNotAllowed(h http.HandlerFunc)` to chi.Router interface + + +## v2.0.0 (2017-01-06) + +- After many months of v2 being in an RC state with many companies and users running it in + production, the inclusion of some improvements to the middlewares, we are very pleased to + announce v2.0.0 of chi. + + +## v2.0.0-rc1 (2016-07-26) + +- Huge update! chi v2 is a large refactor targetting Go 1.7+. As of Go 1.7, the popular + community `"net/context"` package has been included in the standard library as `"context"` and + utilized by `"net/http"` and `http.Request` to managing deadlines, cancelation signals and other + request-scoped values. We're very excited about the new context addition and are proud to + introduce chi v2, a minimal and powerful routing package for building large HTTP services, + with zero external dependencies. Chi focuses on idiomatic design and encourages the use of + stdlib HTTP handlers and middlwares. +- chi v2 deprecates its `chi.Handler` interface and requires `http.Handler` or `http.HandlerFunc` +- chi v2 stores URL routing parameters and patterns in the standard request context: `r.Context()` +- chi v2 lower-level routing context is accessible by `chi.RouteContext(r.Context()) *chi.Context`, + which provides direct access to URL routing parameters, the routing path and the matching + routing patterns. +- Users upgrading from chi v1 to v2, need to: + 1. Update the old chi.Handler signature, `func(ctx context.Context, w http.ResponseWriter, r *http.Request)` to + the standard http.Handler: `func(w http.ResponseWriter, r *http.Request)` + 2. Use `chi.URLParam(r *http.Request, paramKey string) string` + or `URLParamFromCtx(ctx context.Context, paramKey string) string` to access a url parameter value + + +## v1.0.0 (2016-07-01) + +- Released chi v1 stable https://github.com/go-chi/chi/tree/v1.0.0 for Go 1.6 and older. + + +## v0.9.0 (2016-03-31) + +- Reuse context objects via sync.Pool for zero-allocation routing [#33](https://github.com/go-chi/chi/pull/33) +- BREAKING NOTE: due to subtle API changes, previously `chi.URLParams(ctx)["id"]` used to access url parameters + has changed to: `chi.URLParam(ctx, "id")` diff --git a/vendor/github.com/go-chi/chi/CONTRIBUTING.md b/vendor/github.com/go-chi/chi/CONTRIBUTING.md new file mode 100644 index 0000000000..c0ac2dfe85 --- /dev/null +++ b/vendor/github.com/go-chi/chi/CONTRIBUTING.md @@ -0,0 +1,31 @@ +# Contributing + +## Prerequisites + +1. [Install Go][go-install]. +2. Download the sources and switch the working directory: + + ```bash + go get -u -d github.com/go-chi/chi + cd $GOPATH/src/github.com/go-chi/chi + ``` + +## Submitting a Pull Request + +A typical workflow is: + +1. [Fork the repository.][fork] [This tip maybe also helpful.][go-fork-tip] +2. [Create a topic branch.][branch] +3. Add tests for your change. +4. Run `go test`. If your tests pass, return to the step 3. +5. Implement the change and ensure the steps from the previous step pass. +6. Run `goimports -w .`, to ensure the new code conforms to Go formatting guideline. +7. [Add, commit and push your changes.][git-help] +8. [Submit a pull request.][pull-req] + +[go-install]: https://golang.org/doc/install +[go-fork-tip]: http://blog.campoy.cat/2014/03/github-and-go-forking-pull-requests-and.html +[fork]: https://help.github.com/articles/fork-a-repo +[branch]: http://learn.github.com/p/branching.html +[git-help]: https://guides.github.com +[pull-req]: https://help.github.com/articles/using-pull-requests diff --git a/vendor/github.com/go-chi/chi/LICENSE b/vendor/github.com/go-chi/chi/LICENSE new file mode 100644 index 0000000000..d99f02ffac --- /dev/null +++ b/vendor/github.com/go-chi/chi/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2015-present Peter Kieltyka (https://github.com/pkieltyka), Google Inc. + +MIT License + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/go-chi/chi/README.md b/vendor/github.com/go-chi/chi/README.md new file mode 100644 index 0000000000..5a8fc9d096 --- /dev/null +++ b/vendor/github.com/go-chi/chi/README.md @@ -0,0 +1,441 @@ +# chi + + +[![GoDoc Widget]][GoDoc] [![Travis Widget]][Travis] + +`chi` is a lightweight, idiomatic and composable router for building Go HTTP services. It's +especially good at helping you write large REST API services that are kept maintainable as your +project grows and changes. `chi` is built on the new `context` package introduced in Go 1.7 to +handle signaling, cancelation and request-scoped values across a handler chain. + +The focus of the project has been to seek out an elegant and comfortable design for writing +REST API servers, written during the development of the Pressly API service that powers our +public API service, which in turn powers all of our client-side applications. + +The key considerations of chi's design are: project structure, maintainability, standard http +handlers (stdlib-only), developer productivity, and deconstructing a large system into many small +parts. The core router `github.com/go-chi/chi` is quite small (less than 1000 LOC), but we've also +included some useful/optional subpackages: [middleware](/middleware), [render](https://github.com/go-chi/render) and [docgen](https://github.com/go-chi/docgen). We hope you enjoy it too! + +## Install + +`go get -u github.com/go-chi/chi` + + +## Features + +* **Lightweight** - cloc'd in ~1000 LOC for the chi router +* **Fast** - yes, see [benchmarks](#benchmarks) +* **100% compatible with net/http** - use any http or middleware pkg in the ecosystem that is also compatible with `net/http` +* **Designed for modular/composable APIs** - middlewares, inline middlewares, route groups and subrouter mounting +* **Context control** - built on new `context` package, providing value chaining, cancellations and timeouts +* **Robust** - in production at Pressly, CloudFlare, Heroku, 99Designs, and many others (see [discussion](https://github.com/go-chi/chi/issues/91)) +* **Doc generation** - `docgen` auto-generates routing documentation from your source to JSON or Markdown +* **No external dependencies** - plain ol' Go stdlib + net/http + + +## Examples + +See [_examples/](https://github.com/go-chi/chi/blob/master/_examples/) for a variety of examples. + + +**As easy as:** + +```go +package main + +import ( + "net/http" + + "github.com/go-chi/chi" + "github.com/go-chi/chi/middleware" +) + +func main() { + r := chi.NewRouter() + r.Use(middleware.Logger) + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("welcome")) + }) + http.ListenAndServe(":3000", r) +} +``` + +**REST Preview:** + +Here is a little preview of how routing looks like with chi. Also take a look at the generated routing docs +in JSON ([routes.json](https://github.com/go-chi/chi/blob/master/_examples/rest/routes.json)) and in +Markdown ([routes.md](https://github.com/go-chi/chi/blob/master/_examples/rest/routes.md)). + +I highly recommend reading the source of the [examples](https://github.com/go-chi/chi/blob/master/_examples/) listed +above, they will show you all the features of chi and serve as a good form of documentation. + +```go +import ( + //... + "context" + "github.com/go-chi/chi" + "github.com/go-chi/chi/middleware" +) + +func main() { + r := chi.NewRouter() + + // A good base middleware stack + r.Use(middleware.RequestID) + r.Use(middleware.RealIP) + r.Use(middleware.Logger) + r.Use(middleware.Recoverer) + + // Set a timeout value on the request context (ctx), that will signal + // through ctx.Done() that the request has timed out and further + // processing should be stopped. + r.Use(middleware.Timeout(60 * time.Second)) + + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("hi")) + }) + + // RESTy routes for "articles" resource + r.Route("/articles", func(r chi.Router) { + r.With(paginate).Get("/", listArticles) // GET /articles + r.With(paginate).Get("/{month}-{day}-{year}", listArticlesByDate) // GET /articles/01-16-2017 + + r.Post("/", createArticle) // POST /articles + r.Get("/search", searchArticles) // GET /articles/search + + // Regexp url parameters: + r.Get("/{articleSlug:[a-z-]+}", getArticleBySlug) // GET /articles/home-is-toronto + + // Subrouters: + r.Route("/{articleID}", func(r chi.Router) { + r.Use(ArticleCtx) + r.Get("/", getArticle) // GET /articles/123 + r.Put("/", updateArticle) // PUT /articles/123 + r.Delete("/", deleteArticle) // DELETE /articles/123 + }) + }) + + // Mount the admin sub-router + r.Mount("/admin", adminRouter()) + + http.ListenAndServe(":3333", r) +} + +func ArticleCtx(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + articleID := chi.URLParam(r, "articleID") + article, err := dbGetArticle(articleID) + if err != nil { + http.Error(w, http.StatusText(404), 404) + return + } + ctx := context.WithValue(r.Context(), "article", article) + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} + +func getArticle(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + article, ok := ctx.Value("article").(*Article) + if !ok { + http.Error(w, http.StatusText(422), 422) + return + } + w.Write([]byte(fmt.Sprintf("title:%s", article.Title))) +} + +// A completely separate router for administrator routes +func adminRouter() http.Handler { + r := chi.NewRouter() + r.Use(AdminOnly) + r.Get("/", adminIndex) + r.Get("/accounts", adminListAccounts) + return r +} + +func AdminOnly(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + perm, ok := ctx.Value("acl.permission").(YourPermissionType) + if !ok || !perm.IsAdmin() { + http.Error(w, http.StatusText(403), 403) + return + } + next.ServeHTTP(w, r) + }) +} +``` + + +## Router design + +chi's router is based on a kind of [Patricia Radix trie](https://en.wikipedia.org/wiki/Radix_tree). +The router is fully compatible with `net/http`. + +Built on top of the tree is the `Router` interface: + +```go +// Router consisting of the core routing methods used by chi's Mux, +// using only the standard net/http. +type Router interface { + http.Handler + Routes + + // Use appends one or more middlewares onto the Router stack. + Use(middlewares ...func(http.Handler) http.Handler) + + // With adds inline middlewares for an endpoint handler. + With(middlewares ...func(http.Handler) http.Handler) Router + + // Group adds a new inline-Router along the current routing + // path, with a fresh middleware stack for the inline-Router. + Group(fn func(r Router)) Router + + // Route mounts a sub-Router along a `pattern`` string. + Route(pattern string, fn func(r Router)) Router + + // Mount attaches another http.Handler along ./pattern/* + Mount(pattern string, h http.Handler) + + // Handle and HandleFunc adds routes for `pattern` that matches + // all HTTP methods. + Handle(pattern string, h http.Handler) + HandleFunc(pattern string, h http.HandlerFunc) + + // Method and MethodFunc adds routes for `pattern` that matches + // the `method` HTTP method. + Method(method, pattern string, h http.Handler) + MethodFunc(method, pattern string, h http.HandlerFunc) + + // HTTP-method routing along `pattern` + Connect(pattern string, h http.HandlerFunc) + Delete(pattern string, h http.HandlerFunc) + Get(pattern string, h http.HandlerFunc) + Head(pattern string, h http.HandlerFunc) + Options(pattern string, h http.HandlerFunc) + Patch(pattern string, h http.HandlerFunc) + Post(pattern string, h http.HandlerFunc) + Put(pattern string, h http.HandlerFunc) + Trace(pattern string, h http.HandlerFunc) + + // NotFound defines a handler to respond whenever a route could + // not be found. + NotFound(h http.HandlerFunc) + + // MethodNotAllowed defines a handler to respond whenever a method is + // not allowed. + MethodNotAllowed(h http.HandlerFunc) +} + +// Routes interface adds two methods for router traversal, which is also +// used by the github.com/go-chi/docgen package to generate documentation for Routers. +type Routes interface { + // Routes returns the routing tree in an easily traversable structure. + Routes() []Route + + // Middlewares returns the list of middlewares in use by the router. + Middlewares() Middlewares + + // Match searches the routing tree for a handler that matches + // the method/path - similar to routing a http request, but without + // executing the handler thereafter. + Match(rctx *Context, method, path string) bool +} +``` + +Each routing method accepts a URL `pattern` and chain of `handlers`. The URL pattern +supports named params (ie. `/users/{userID}`) and wildcards (ie. `/admin/*`). URL parameters +can be fetched at runtime by calling `chi.URLParam(r, "userID")` for named parameters +and `chi.URLParam(r, "*")` for a wildcard parameter. + + +### Middleware handlers + +chi's middlewares are just stdlib net/http middleware handlers. There is nothing special +about them, which means the router and all the tooling is designed to be compatible and +friendly with any middleware in the community. This offers much better extensibility and reuse +of packages and is at the heart of chi's purpose. + +Here is an example of a standard net/http middleware handler using the new request context +available in Go. This middleware sets a hypothetical user identifier on the request +context and calls the next handler in the chain. + +```go +// HTTP middleware setting a value on the request context +func MyMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ctx := context.WithValue(r.Context(), "user", "123") + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} +``` + + +### Request handlers + +chi uses standard net/http request handlers. This little snippet is an example of a http.Handler +func that reads a user identifier from the request context - hypothetically, identifying +the user sending an authenticated request, validated+set by a previous middleware handler. + +```go +// HTTP handler accessing data from the request context. +func MyRequestHandler(w http.ResponseWriter, r *http.Request) { + user := r.Context().Value("user").(string) + w.Write([]byte(fmt.Sprintf("hi %s", user))) +} +``` + + +### URL parameters + +chi's router parses and stores URL parameters right onto the request context. Here is +an example of how to access URL params in your net/http handlers. And of course, middlewares +are able to access the same information. + +```go +// HTTP handler accessing the url routing parameters. +func MyRequestHandler(w http.ResponseWriter, r *http.Request) { + userID := chi.URLParam(r, "userID") // from a route like /users/{userID} + + ctx := r.Context() + key := ctx.Value("key").(string) + + w.Write([]byte(fmt.Sprintf("hi %v, %v", userID, key))) +} +``` + + +## Middlewares + +chi comes equipped with an optional `middleware` package, providing a suite of standard +`net/http` middlewares. Please note, any middleware in the ecosystem that is also compatible +with `net/http` can be used with chi's mux. + +### Core middlewares + +----------------------------------------------------------------------------------------------------------- +| chi/middleware Handler | description | +|:----------------------|:--------------------------------------------------------------------------------- +| AllowContentType | Explicit whitelist of accepted request Content-Types | +| BasicAuth | Basic HTTP authentication | +| Compress | Gzip compression for clients that accept compressed responses | +| GetHead | Automatically route undefined HEAD requests to GET handlers | +| Heartbeat | Monitoring endpoint to check the servers pulse | +| Logger | Logs the start and end of each request with the elapsed processing time | +| NoCache | Sets response headers to prevent clients from caching | +| Profiler | Easily attach net/http/pprof to your routers | +| RealIP | Sets a http.Request's RemoteAddr to either X-Forwarded-For or X-Real-IP | +| Recoverer | Gracefully absorb panics and prints the stack trace | +| RequestID | Injects a request ID into the context of each request | +| RedirectSlashes | Redirect slashes on routing paths | +| SetHeader | Short-hand middleware to set a response header key/value | +| StripSlashes | Strip slashes on routing paths | +| Throttle | Puts a ceiling on the number of concurrent requests | +| Timeout | Signals to the request context when the timeout deadline is reached | +| URLFormat | Parse extension from url and put it on request context | +| WithValue | Short-hand middleware to set a key/value on the request context | +----------------------------------------------------------------------------------------------------------- + +### Extra middlewares & packages + +Please see https://github.com/go-chi for additional packages. + +-------------------------------------------------------------------------------------------------------------------- +| package | description | +|:---------------------------------------------------|:------------------------------------------------------------- +| [cors](https://github.com/go-chi/cors) | Cross-origin resource sharing (CORS) | +| [docgen](https://github.com/go-chi/docgen) | Print chi.Router routes at runtime | +| [jwtauth](https://github.com/go-chi/jwtauth) | JWT authentication | +| [hostrouter](https://github.com/go-chi/hostrouter) | Domain/host based request routing | +| [httplog](https://github.com/go-chi/httplog) | Small but powerful structured HTTP request logging | +| [httprate](https://github.com/go-chi/httprate) | HTTP request rate limiter | +| [httptracer](https://github.com/go-chi/httptracer) | HTTP request performance tracing library | +| [httpvcr](https://github.com/go-chi/httpvcr) | Write deterministic tests for external sources | +| [stampede](https://github.com/go-chi/stampede) | HTTP request coalescer | +-------------------------------------------------------------------------------------------------------------------- + +please [submit a PR](./CONTRIBUTING.md) if you'd like to include a link to a chi-compatible middleware + + +## context? + +`context` is a tiny pkg that provides simple interface to signal context across call stacks +and goroutines. It was originally written by [Sameer Ajmani](https://github.com/Sajmani) +and is available in stdlib since go1.7. + +Learn more at https://blog.golang.org/context + +and.. +* Docs: https://golang.org/pkg/context +* Source: https://github.com/golang/go/tree/master/src/context + + +## Benchmarks + +The benchmark suite: https://github.com/pkieltyka/go-http-routing-benchmark + +Results as of Jan 9, 2019 with Go 1.11.4 on Linux X1 Carbon laptop + +```shell +BenchmarkChi_Param 3000000 475 ns/op 432 B/op 3 allocs/op +BenchmarkChi_Param5 2000000 696 ns/op 432 B/op 3 allocs/op +BenchmarkChi_Param20 1000000 1275 ns/op 432 B/op 3 allocs/op +BenchmarkChi_ParamWrite 3000000 505 ns/op 432 B/op 3 allocs/op +BenchmarkChi_GithubStatic 3000000 508 ns/op 432 B/op 3 allocs/op +BenchmarkChi_GithubParam 2000000 669 ns/op 432 B/op 3 allocs/op +BenchmarkChi_GithubAll 10000 134627 ns/op 87699 B/op 609 allocs/op +BenchmarkChi_GPlusStatic 3000000 402 ns/op 432 B/op 3 allocs/op +BenchmarkChi_GPlusParam 3000000 500 ns/op 432 B/op 3 allocs/op +BenchmarkChi_GPlus2Params 3000000 586 ns/op 432 B/op 3 allocs/op +BenchmarkChi_GPlusAll 200000 7237 ns/op 5616 B/op 39 allocs/op +BenchmarkChi_ParseStatic 3000000 408 ns/op 432 B/op 3 allocs/op +BenchmarkChi_ParseParam 3000000 488 ns/op 432 B/op 3 allocs/op +BenchmarkChi_Parse2Params 3000000 551 ns/op 432 B/op 3 allocs/op +BenchmarkChi_ParseAll 100000 13508 ns/op 11232 B/op 78 allocs/op +BenchmarkChi_StaticAll 20000 81933 ns/op 67826 B/op 471 allocs/op +``` + +Comparison with other routers: https://gist.github.com/pkieltyka/123032f12052520aaccab752bd3e78cc + +NOTE: the allocs in the benchmark above are from the calls to http.Request's +`WithContext(context.Context)` method that clones the http.Request, sets the `Context()` +on the duplicated (alloc'd) request and returns it the new request object. This is just +how setting context on a request in Go works. + + +## Credits + +* Carl Jackson for https://github.com/zenazn/goji + * Parts of chi's thinking comes from goji, and chi's middleware package + sources from goji. +* Armon Dadgar for https://github.com/armon/go-radix +* Contributions: [@VojtechVitek](https://github.com/VojtechVitek) + +We'll be more than happy to see [your contributions](./CONTRIBUTING.md)! + + +## Beyond REST + +chi is just a http router that lets you decompose request handling into many smaller layers. +Many companies use chi to write REST services for their public APIs. But, REST is just a convention +for managing state via HTTP, and there's a lot of other pieces required to write a complete client-server +system or network of microservices. + +Looking beyond REST, I also recommend some newer works in the field: +* [webrpc](https://github.com/webrpc/webrpc) - Web-focused RPC client+server framework with code-gen +* [gRPC](https://github.com/grpc/grpc-go) - Google's RPC framework via protobufs +* [graphql](https://github.com/99designs/gqlgen) - Declarative query language +* [NATS](https://nats.io) - lightweight pub-sub + + +## License + +Copyright (c) 2015-present [Peter Kieltyka](https://github.com/pkieltyka) + +Licensed under [MIT License](./LICENSE) + +[GoDoc]: https://godoc.org/github.com/go-chi/chi +[GoDoc Widget]: https://godoc.org/github.com/go-chi/chi?status.svg +[Travis]: https://travis-ci.org/go-chi/chi +[Travis Widget]: https://travis-ci.org/go-chi/chi.svg?branch=master diff --git a/vendor/github.com/go-chi/chi/chain.go b/vendor/github.com/go-chi/chi/chain.go new file mode 100644 index 0000000000..88e6846138 --- /dev/null +++ b/vendor/github.com/go-chi/chi/chain.go @@ -0,0 +1,49 @@ +package chi + +import "net/http" + +// Chain returns a Middlewares type from a slice of middleware handlers. +func Chain(middlewares ...func(http.Handler) http.Handler) Middlewares { + return Middlewares(middlewares) +} + +// Handler builds and returns a http.Handler from the chain of middlewares, +// with `h http.Handler` as the final handler. +func (mws Middlewares) Handler(h http.Handler) http.Handler { + return &ChainHandler{mws, h, chain(mws, h)} +} + +// HandlerFunc builds and returns a http.Handler from the chain of middlewares, +// with `h http.Handler` as the final handler. +func (mws Middlewares) HandlerFunc(h http.HandlerFunc) http.Handler { + return &ChainHandler{mws, h, chain(mws, h)} +} + +// ChainHandler is a http.Handler with support for handler composition and +// execution. +type ChainHandler struct { + Middlewares Middlewares + Endpoint http.Handler + chain http.Handler +} + +func (c *ChainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + c.chain.ServeHTTP(w, r) +} + +// chain builds a http.Handler composed of an inline middleware stack and endpoint +// handler in the order they are passed. +func chain(middlewares []func(http.Handler) http.Handler, endpoint http.Handler) http.Handler { + // Return ahead of time if there aren't any middlewares for the chain + if len(middlewares) == 0 { + return endpoint + } + + // Wrap the end handler with the middleware chain + h := middlewares[len(middlewares)-1](endpoint) + for i := len(middlewares) - 2; i >= 0; i-- { + h = middlewares[i](h) + } + + return h +} diff --git a/vendor/github.com/go-chi/chi/chi.go b/vendor/github.com/go-chi/chi/chi.go new file mode 100644 index 0000000000..b7063dc297 --- /dev/null +++ b/vendor/github.com/go-chi/chi/chi.go @@ -0,0 +1,134 @@ +// +// Package chi is a small, idiomatic and composable router for building HTTP services. +// +// chi requires Go 1.10 or newer. +// +// Example: +// package main +// +// import ( +// "net/http" +// +// "github.com/go-chi/chi" +// "github.com/go-chi/chi/middleware" +// ) +// +// func main() { +// r := chi.NewRouter() +// r.Use(middleware.Logger) +// r.Use(middleware.Recoverer) +// +// r.Get("/", func(w http.ResponseWriter, r *http.Request) { +// w.Write([]byte("root.")) +// }) +// +// http.ListenAndServe(":3333", r) +// } +// +// See github.com/go-chi/chi/_examples/ for more in-depth examples. +// +// URL patterns allow for easy matching of path components in HTTP +// requests. The matching components can then be accessed using +// chi.URLParam(). All patterns must begin with a slash. +// +// A simple named placeholder {name} matches any sequence of characters +// up to the next / or the end of the URL. Trailing slashes on paths must +// be handled explicitly. +// +// A placeholder with a name followed by a colon allows a regular +// expression match, for example {number:\\d+}. The regular expression +// syntax is Go's normal regexp RE2 syntax, except that regular expressions +// including { or } are not supported, and / will never be +// matched. An anonymous regexp pattern is allowed, using an empty string +// before the colon in the placeholder, such as {:\\d+} +// +// The special placeholder of asterisk matches the rest of the requested +// URL. Any trailing characters in the pattern are ignored. This is the only +// placeholder which will match / characters. +// +// Examples: +// "/user/{name}" matches "/user/jsmith" but not "/user/jsmith/info" or "/user/jsmith/" +// "/user/{name}/info" matches "/user/jsmith/info" +// "/page/*" matches "/page/intro/latest" +// "/page/*/index" also matches "/page/intro/latest" +// "/date/{yyyy:\\d\\d\\d\\d}/{mm:\\d\\d}/{dd:\\d\\d}" matches "/date/2017/04/01" +// +package chi + +import "net/http" + +// NewRouter returns a new Mux object that implements the Router interface. +func NewRouter() *Mux { + return NewMux() +} + +// Router consisting of the core routing methods used by chi's Mux, +// using only the standard net/http. +type Router interface { + http.Handler + Routes + + // Use appends one or more middlewares onto the Router stack. + Use(middlewares ...func(http.Handler) http.Handler) + + // With adds inline middlewares for an endpoint handler. + With(middlewares ...func(http.Handler) http.Handler) Router + + // Group adds a new inline-Router along the current routing + // path, with a fresh middleware stack for the inline-Router. + Group(fn func(r Router)) Router + + // Route mounts a sub-Router along a `pattern`` string. + Route(pattern string, fn func(r Router)) Router + + // Mount attaches another http.Handler along ./pattern/* + Mount(pattern string, h http.Handler) + + // Handle and HandleFunc adds routes for `pattern` that matches + // all HTTP methods. + Handle(pattern string, h http.Handler) + HandleFunc(pattern string, h http.HandlerFunc) + + // Method and MethodFunc adds routes for `pattern` that matches + // the `method` HTTP method. + Method(method, pattern string, h http.Handler) + MethodFunc(method, pattern string, h http.HandlerFunc) + + // HTTP-method routing along `pattern` + Connect(pattern string, h http.HandlerFunc) + Delete(pattern string, h http.HandlerFunc) + Get(pattern string, h http.HandlerFunc) + Head(pattern string, h http.HandlerFunc) + Options(pattern string, h http.HandlerFunc) + Patch(pattern string, h http.HandlerFunc) + Post(pattern string, h http.HandlerFunc) + Put(pattern string, h http.HandlerFunc) + Trace(pattern string, h http.HandlerFunc) + + // NotFound defines a handler to respond whenever a route could + // not be found. + NotFound(h http.HandlerFunc) + + // MethodNotAllowed defines a handler to respond whenever a method is + // not allowed. + MethodNotAllowed(h http.HandlerFunc) +} + +// Routes interface adds two methods for router traversal, which is also +// used by the `docgen` subpackage to generation documentation for Routers. +type Routes interface { + // Routes returns the routing tree in an easily traversable structure. + Routes() []Route + + // Middlewares returns the list of middlewares in use by the router. + Middlewares() Middlewares + + // Match searches the routing tree for a handler that matches + // the method/path - similar to routing a http request, but without + // executing the handler thereafter. + Match(rctx *Context, method, path string) bool +} + +// Middlewares type is a slice of standard middleware handlers with methods +// to compose middleware chains and http.Handler's. +type Middlewares []func(http.Handler) http.Handler diff --git a/vendor/github.com/go-chi/chi/context.go b/vendor/github.com/go-chi/chi/context.go new file mode 100644 index 0000000000..26c609ea2c --- /dev/null +++ b/vendor/github.com/go-chi/chi/context.go @@ -0,0 +1,172 @@ +package chi + +import ( + "context" + "net" + "net/http" + "strings" +) + +// URLParam returns the url parameter from a http.Request object. +func URLParam(r *http.Request, key string) string { + if rctx := RouteContext(r.Context()); rctx != nil { + return rctx.URLParam(key) + } + return "" +} + +// URLParamFromCtx returns the url parameter from a http.Request Context. +func URLParamFromCtx(ctx context.Context, key string) string { + if rctx := RouteContext(ctx); rctx != nil { + return rctx.URLParam(key) + } + return "" +} + +// RouteContext returns chi's routing Context object from a +// http.Request Context. +func RouteContext(ctx context.Context) *Context { + val, _ := ctx.Value(RouteCtxKey).(*Context) + return val +} + +// ServerBaseContext wraps an http.Handler to set the request context to the +// `baseCtx`. +func ServerBaseContext(baseCtx context.Context, h http.Handler) http.Handler { + fn := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + baseCtx := baseCtx + + // Copy over default net/http server context keys + if v, ok := ctx.Value(http.ServerContextKey).(*http.Server); ok { + baseCtx = context.WithValue(baseCtx, http.ServerContextKey, v) + } + if v, ok := ctx.Value(http.LocalAddrContextKey).(net.Addr); ok { + baseCtx = context.WithValue(baseCtx, http.LocalAddrContextKey, v) + } + + h.ServeHTTP(w, r.WithContext(baseCtx)) + }) + return fn +} + +// NewRouteContext returns a new routing Context object. +func NewRouteContext() *Context { + return &Context{} +} + +var ( + // RouteCtxKey is the context.Context key to store the request context. + RouteCtxKey = &contextKey{"RouteContext"} +) + +// Context is the default routing context set on the root node of a +// request context to track route patterns, URL parameters and +// an optional routing path. +type Context struct { + Routes Routes + + // Routing path/method override used during the route search. + // See Mux#routeHTTP method. + RoutePath string + RouteMethod string + + // Routing pattern stack throughout the lifecycle of the request, + // across all connected routers. It is a record of all matching + // patterns across a stack of sub-routers. + RoutePatterns []string + + // URLParams are the stack of routeParams captured during the + // routing lifecycle across a stack of sub-routers. + URLParams RouteParams + + // The endpoint routing pattern that matched the request URI path + // or `RoutePath` of the current sub-router. This value will update + // during the lifecycle of a request passing through a stack of + // sub-routers. + routePattern string + + // Route parameters matched for the current sub-router. It is + // intentionally unexported so it cant be tampered. + routeParams RouteParams + + // methodNotAllowed hint + methodNotAllowed bool +} + +// Reset a routing context to its initial state. +func (x *Context) Reset() { + x.Routes = nil + x.RoutePath = "" + x.RouteMethod = "" + x.RoutePatterns = x.RoutePatterns[:0] + x.URLParams.Keys = x.URLParams.Keys[:0] + x.URLParams.Values = x.URLParams.Values[:0] + + x.routePattern = "" + x.routeParams.Keys = x.routeParams.Keys[:0] + x.routeParams.Values = x.routeParams.Values[:0] + x.methodNotAllowed = false +} + +// URLParam returns the corresponding URL parameter value from the request +// routing context. +func (x *Context) URLParam(key string) string { + for k := len(x.URLParams.Keys) - 1; k >= 0; k-- { + if x.URLParams.Keys[k] == key { + return x.URLParams.Values[k] + } + } + return "" +} + +// RoutePattern builds the routing pattern string for the particular +// request, at the particular point during routing. This means, the value +// will change throughout the execution of a request in a router. That is +// why its advised to only use this value after calling the next handler. +// +// For example, +// +// func Instrument(next http.Handler) http.Handler { +// return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { +// next.ServeHTTP(w, r) +// routePattern := chi.RouteContext(r.Context()).RoutePattern() +// measure(w, r, routePattern) +// }) +// } +func (x *Context) RoutePattern() string { + routePattern := strings.Join(x.RoutePatterns, "") + return replaceWildcards(routePattern) +} + +// replaceWildcards takes a route pattern and recursively replaces all +// occurrences of "/*/" to "/". +func replaceWildcards(p string) string { + if strings.Contains(p, "/*/") { + return replaceWildcards(strings.Replace(p, "/*/", "/", -1)) + } + + return p +} + +// RouteParams is a structure to track URL routing parameters efficiently. +type RouteParams struct { + Keys, Values []string +} + +// Add will append a URL parameter to the end of the route param +func (s *RouteParams) Add(key, value string) { + s.Keys = append(s.Keys, key) + s.Values = append(s.Values, value) +} + +// contextKey is a value for use with context.WithValue. It's used as +// a pointer so it fits in an interface{} without allocation. This technique +// for defining context keys was copied from Go 1.7's new use of context in net/http. +type contextKey struct { + name string +} + +func (k *contextKey) String() string { + return "chi context value " + k.name +} diff --git a/vendor/github.com/go-chi/chi/middleware/basic_auth.go b/vendor/github.com/go-chi/chi/middleware/basic_auth.go new file mode 100644 index 0000000000..87b2641a6a --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/basic_auth.go @@ -0,0 +1,32 @@ +package middleware + +import ( + "fmt" + "net/http" +) + +// BasicAuth implements a simple middleware handler for adding basic http auth to a route. +func BasicAuth(realm string, creds map[string]string) func(next http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + user, pass, ok := r.BasicAuth() + if !ok { + basicAuthFailed(w, realm) + return + } + + credPass, credUserOk := creds[user] + if !credUserOk || pass != credPass { + basicAuthFailed(w, realm) + return + } + + next.ServeHTTP(w, r) + }) + } +} + +func basicAuthFailed(w http.ResponseWriter, realm string) { + w.Header().Add("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, realm)) + w.WriteHeader(http.StatusUnauthorized) +} diff --git a/vendor/github.com/go-chi/chi/middleware/compress.go b/vendor/github.com/go-chi/chi/middleware/compress.go new file mode 100644 index 0000000000..2f40cc15af --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/compress.go @@ -0,0 +1,399 @@ +package middleware + +import ( + "bufio" + "compress/flate" + "compress/gzip" + "errors" + "fmt" + "io" + "io/ioutil" + "net" + "net/http" + "strings" + "sync" +) + +var defaultCompressibleContentTypes = []string{ + "text/html", + "text/css", + "text/plain", + "text/javascript", + "application/javascript", + "application/x-javascript", + "application/json", + "application/atom+xml", + "application/rss+xml", + "image/svg+xml", +} + +// Compress is a middleware that compresses response +// body of a given content types to a data format based +// on Accept-Encoding request header. It uses a given +// compression level. +// +// NOTE: make sure to set the Content-Type header on your response +// otherwise this middleware will not compress the response body. For ex, in +// your handler you should set w.Header().Set("Content-Type", http.DetectContentType(yourBody)) +// or set it manually. +// +// Passing a compression level of 5 is sensible value +func Compress(level int, types ...string) func(next http.Handler) http.Handler { + compressor := NewCompressor(level, types...) + return compressor.Handler +} + +// Compressor represents a set of encoding configurations. +type Compressor struct { + level int // The compression level. + // The mapping of encoder names to encoder functions. + encoders map[string]EncoderFunc + // The mapping of pooled encoders to pools. + pooledEncoders map[string]*sync.Pool + // The set of content types allowed to be compressed. + allowedTypes map[string]struct{} + allowedWildcards map[string]struct{} + // The list of encoders in order of decreasing precedence. + encodingPrecedence []string +} + +// NewCompressor creates a new Compressor that will handle encoding responses. +// +// The level should be one of the ones defined in the flate package. +// The types are the content types that are allowed to be compressed. +func NewCompressor(level int, types ...string) *Compressor { + // If types are provided, set those as the allowed types. If none are + // provided, use the default list. + allowedTypes := make(map[string]struct{}) + allowedWildcards := make(map[string]struct{}) + if len(types) > 0 { + for _, t := range types { + if strings.Contains(strings.TrimSuffix(t, "/*"), "*") { + panic(fmt.Sprintf("middleware/compress: Unsupported content-type wildcard pattern '%s'. Only '/*' supported", t)) + } + if strings.HasSuffix(t, "/*") { + allowedWildcards[strings.TrimSuffix(t, "/*")] = struct{}{} + } else { + allowedTypes[t] = struct{}{} + } + } + } else { + for _, t := range defaultCompressibleContentTypes { + allowedTypes[t] = struct{}{} + } + } + + c := &Compressor{ + level: level, + encoders: make(map[string]EncoderFunc), + pooledEncoders: make(map[string]*sync.Pool), + allowedTypes: allowedTypes, + allowedWildcards: allowedWildcards, + } + + // Set the default encoders. The precedence order uses the reverse + // ordering that the encoders were added. This means adding new encoders + // will move them to the front of the order. + // + // TODO: + // lzma: Opera. + // sdch: Chrome, Android. Gzip output + dictionary header. + // br: Brotli, see https://github.com/go-chi/chi/pull/326 + + // HTTP 1.1 "deflate" (RFC 2616) stands for DEFLATE data (RFC 1951) + // wrapped with zlib (RFC 1950). The zlib wrapper uses Adler-32 + // checksum compared to CRC-32 used in "gzip" and thus is faster. + // + // But.. some old browsers (MSIE, Safari 5.1) incorrectly expect + // raw DEFLATE data only, without the mentioned zlib wrapper. + // Because of this major confusion, most modern browsers try it + // both ways, first looking for zlib headers. + // Quote by Mark Adler: http://stackoverflow.com/a/9186091/385548 + // + // The list of browsers having problems is quite big, see: + // http://zoompf.com/blog/2012/02/lose-the-wait-http-compression + // https://web.archive.org/web/20120321182910/http://www.vervestudios.co/projects/compression-tests/results + // + // That's why we prefer gzip over deflate. It's just more reliable + // and not significantly slower than gzip. + c.SetEncoder("deflate", encoderDeflate) + + // TODO: Exception for old MSIE browsers that can't handle non-HTML? + // https://zoompf.com/blog/2012/02/lose-the-wait-http-compression + c.SetEncoder("gzip", encoderGzip) + + // NOTE: Not implemented, intentionally: + // case "compress": // LZW. Deprecated. + // case "bzip2": // Too slow on-the-fly. + // case "zopfli": // Too slow on-the-fly. + // case "xz": // Too slow on-the-fly. + return c +} + +// SetEncoder can be used to set the implementation of a compression algorithm. +// +// The encoding should be a standardised identifier. See: +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding +// +// For example, add the Brotli algortithm: +// +// import brotli_enc "gopkg.in/kothar/brotli-go.v0/enc" +// +// compressor := middleware.NewCompressor(5, "text/html") +// compressor.SetEncoder("br", func(w http.ResponseWriter, level int) io.Writer { +// params := brotli_enc.NewBrotliParams() +// params.SetQuality(level) +// return brotli_enc.NewBrotliWriter(params, w) +// }) +func (c *Compressor) SetEncoder(encoding string, fn EncoderFunc) { + encoding = strings.ToLower(encoding) + if encoding == "" { + panic("the encoding can not be empty") + } + if fn == nil { + panic("attempted to set a nil encoder function") + } + + // If we are adding a new encoder that is already registered, we have to + // clear that one out first. + if _, ok := c.pooledEncoders[encoding]; ok { + delete(c.pooledEncoders, encoding) + } + if _, ok := c.encoders[encoding]; ok { + delete(c.encoders, encoding) + } + + // If the encoder supports Resetting (IoReseterWriter), then it can be pooled. + encoder := fn(ioutil.Discard, c.level) + if encoder != nil { + if _, ok := encoder.(ioResetterWriter); ok { + pool := &sync.Pool{ + New: func() interface{} { + return fn(ioutil.Discard, c.level) + }, + } + c.pooledEncoders[encoding] = pool + } + } + // If the encoder is not in the pooledEncoders, add it to the normal encoders. + if _, ok := c.pooledEncoders[encoding]; !ok { + c.encoders[encoding] = fn + } + + for i, v := range c.encodingPrecedence { + if v == encoding { + c.encodingPrecedence = append(c.encodingPrecedence[:i], c.encodingPrecedence[i+1:]...) + } + } + + c.encodingPrecedence = append([]string{encoding}, c.encodingPrecedence...) +} + +// Handler returns a new middleware that will compress the response based on the +// current Compressor. +func (c *Compressor) Handler(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + encoder, encoding, cleanup := c.selectEncoder(r.Header, w) + + cw := &compressResponseWriter{ + ResponseWriter: w, + w: w, + contentTypes: c.allowedTypes, + contentWildcards: c.allowedWildcards, + encoding: encoding, + compressable: false, // determined in post-handler + } + if encoder != nil { + cw.w = encoder + } + // Re-add the encoder to the pool if applicable. + defer cleanup() + defer cw.Close() + + next.ServeHTTP(cw, r) + }) +} + +// selectEncoder returns the encoder, the name of the encoder, and a closer function. +func (c *Compressor) selectEncoder(h http.Header, w io.Writer) (io.Writer, string, func()) { + header := h.Get("Accept-Encoding") + + // Parse the names of all accepted algorithms from the header. + accepted := strings.Split(strings.ToLower(header), ",") + + // Find supported encoder by accepted list by precedence + for _, name := range c.encodingPrecedence { + if matchAcceptEncoding(accepted, name) { + if pool, ok := c.pooledEncoders[name]; ok { + encoder := pool.Get().(ioResetterWriter) + cleanup := func() { + pool.Put(encoder) + } + encoder.Reset(w) + return encoder, name, cleanup + + } + if fn, ok := c.encoders[name]; ok { + return fn(w, c.level), name, func() {} + } + } + + } + + // No encoder found to match the accepted encoding + return nil, "", func() {} +} + +func matchAcceptEncoding(accepted []string, encoding string) bool { + for _, v := range accepted { + if strings.Contains(v, encoding) { + return true + } + } + return false +} + +// An EncoderFunc is a function that wraps the provided io.Writer with a +// streaming compression algorithm and returns it. +// +// In case of failure, the function should return nil. +type EncoderFunc func(w io.Writer, level int) io.Writer + +// Interface for types that allow resetting io.Writers. +type ioResetterWriter interface { + io.Writer + Reset(w io.Writer) +} + +type compressResponseWriter struct { + http.ResponseWriter + + // The streaming encoder writer to be used if there is one. Otherwise, + // this is just the normal writer. + w io.Writer + encoding string + contentTypes map[string]struct{} + contentWildcards map[string]struct{} + wroteHeader bool + compressable bool +} + +func (cw *compressResponseWriter) isCompressable() bool { + // Parse the first part of the Content-Type response header. + contentType := cw.Header().Get("Content-Type") + if idx := strings.Index(contentType, ";"); idx >= 0 { + contentType = contentType[0:idx] + } + + // Is the content type compressable? + if _, ok := cw.contentTypes[contentType]; ok { + return true + } + if idx := strings.Index(contentType, "/"); idx > 0 { + contentType = contentType[0:idx] + _, ok := cw.contentWildcards[contentType] + return ok + } + return false +} + +func (cw *compressResponseWriter) WriteHeader(code int) { + if cw.wroteHeader { + cw.ResponseWriter.WriteHeader(code) // Allow multiple calls to propagate. + return + } + cw.wroteHeader = true + defer cw.ResponseWriter.WriteHeader(code) + + // Already compressed data? + if cw.Header().Get("Content-Encoding") != "" { + return + } + + if !cw.isCompressable() { + cw.compressable = false + return + } + + if cw.encoding != "" { + cw.compressable = true + cw.Header().Set("Content-Encoding", cw.encoding) + cw.Header().Set("Vary", "Accept-Encoding") + + // The content-length after compression is unknown + cw.Header().Del("Content-Length") + } +} + +func (cw *compressResponseWriter) Write(p []byte) (int, error) { + if !cw.wroteHeader { + cw.WriteHeader(http.StatusOK) + } + + return cw.writer().Write(p) +} + +func (cw *compressResponseWriter) writer() io.Writer { + if cw.compressable { + return cw.w + } else { + return cw.ResponseWriter + } +} + +type compressFlusher interface { + Flush() error +} + +func (cw *compressResponseWriter) Flush() { + if f, ok := cw.writer().(http.Flusher); ok { + f.Flush() + } + // If the underlying writer has a compression flush signature, + // call this Flush() method instead + if f, ok := cw.writer().(compressFlusher); ok { + f.Flush() + + // Also flush the underlying response writer + if f, ok := cw.ResponseWriter.(http.Flusher); ok { + f.Flush() + } + } +} + +func (cw *compressResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { + if hj, ok := cw.writer().(http.Hijacker); ok { + return hj.Hijack() + } + return nil, nil, errors.New("chi/middleware: http.Hijacker is unavailable on the writer") +} + +func (cw *compressResponseWriter) Push(target string, opts *http.PushOptions) error { + if ps, ok := cw.writer().(http.Pusher); ok { + return ps.Push(target, opts) + } + return errors.New("chi/middleware: http.Pusher is unavailable on the writer") +} + +func (cw *compressResponseWriter) Close() error { + if c, ok := cw.writer().(io.WriteCloser); ok { + return c.Close() + } + return errors.New("chi/middleware: io.WriteCloser is unavailable on the writer") +} + +func encoderGzip(w io.Writer, level int) io.Writer { + gw, err := gzip.NewWriterLevel(w, level) + if err != nil { + return nil + } + return gw +} + +func encoderDeflate(w io.Writer, level int) io.Writer { + dw, err := flate.NewWriter(w, level) + if err != nil { + return nil + } + return dw +} diff --git a/vendor/github.com/go-chi/chi/middleware/content_charset.go b/vendor/github.com/go-chi/chi/middleware/content_charset.go new file mode 100644 index 0000000000..07b5ce6f66 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/content_charset.go @@ -0,0 +1,51 @@ +package middleware + +import ( + "net/http" + "strings" +) + +// ContentCharset generates a handler that writes a 415 Unsupported Media Type response if none of the charsets match. +// An empty charset will allow requests with no Content-Type header or no specified charset. +func ContentCharset(charsets ...string) func(next http.Handler) http.Handler { + for i, c := range charsets { + charsets[i] = strings.ToLower(c) + } + + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if !contentEncoding(r.Header.Get("Content-Type"), charsets...) { + w.WriteHeader(http.StatusUnsupportedMediaType) + return + } + + next.ServeHTTP(w, r) + }) + } +} + +// Check the content encoding against a list of acceptable values. +func contentEncoding(ce string, charsets ...string) bool { + _, ce = split(strings.ToLower(ce), ";") + _, ce = split(ce, "charset=") + ce, _ = split(ce, ";") + for _, c := range charsets { + if ce == c { + return true + } + } + + return false +} + +// Split a string in two parts, cleaning any whitespace. +func split(str, sep string) (string, string) { + var a, b string + var parts = strings.SplitN(str, sep, 2) + a = strings.TrimSpace(parts[0]) + if len(parts) == 2 { + b = strings.TrimSpace(parts[1]) + } + + return a, b +} diff --git a/vendor/github.com/go-chi/chi/middleware/content_encoding.go b/vendor/github.com/go-chi/chi/middleware/content_encoding.go new file mode 100644 index 0000000000..e0b9ccc08a --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/content_encoding.go @@ -0,0 +1,34 @@ +package middleware + +import ( + "net/http" + "strings" +) + +// AllowContentEncoding enforces a whitelist of request Content-Encoding otherwise responds +// with a 415 Unsupported Media Type status. +func AllowContentEncoding(contentEncoding ...string) func(next http.Handler) http.Handler { + allowedEncodings := make(map[string]struct{}, len(contentEncoding)) + for _, encoding := range contentEncoding { + allowedEncodings[strings.TrimSpace(strings.ToLower(encoding))] = struct{}{} + } + return func(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + requestEncodings := r.Header["Content-Encoding"] + // skip check for empty content body or no Content-Encoding + if r.ContentLength == 0 { + next.ServeHTTP(w, r) + return + } + // All encodings in the request must be allowed + for _, encoding := range requestEncodings { + if _, ok := allowedEncodings[strings.TrimSpace(strings.ToLower(encoding))]; !ok { + w.WriteHeader(http.StatusUnsupportedMediaType) + return + } + } + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) + } +} diff --git a/vendor/github.com/go-chi/chi/middleware/content_type.go b/vendor/github.com/go-chi/chi/middleware/content_type.go new file mode 100644 index 0000000000..ee4957874f --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/content_type.go @@ -0,0 +1,51 @@ +package middleware + +import ( + "net/http" + "strings" +) + +// SetHeader is a convenience handler to set a response header key/value +func SetHeader(key, value string) func(next http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(key, value) + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) + } +} + +// AllowContentType enforces a whitelist of request Content-Types otherwise responds +// with a 415 Unsupported Media Type status. +func AllowContentType(contentTypes ...string) func(next http.Handler) http.Handler { + cT := []string{} + for _, t := range contentTypes { + cT = append(cT, strings.ToLower(t)) + } + + return func(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + if r.ContentLength == 0 { + // skip check for empty content body + next.ServeHTTP(w, r) + return + } + + s := strings.ToLower(strings.TrimSpace(r.Header.Get("Content-Type"))) + if i := strings.Index(s, ";"); i > -1 { + s = s[0:i] + } + + for _, t := range cT { + if t == s { + next.ServeHTTP(w, r) + return + } + } + + w.WriteHeader(http.StatusUnsupportedMediaType) + } + return http.HandlerFunc(fn) + } +} diff --git a/vendor/github.com/go-chi/chi/middleware/get_head.go b/vendor/github.com/go-chi/chi/middleware/get_head.go new file mode 100644 index 0000000000..86068a96db --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/get_head.go @@ -0,0 +1,39 @@ +package middleware + +import ( + "net/http" + + "github.com/go-chi/chi" +) + +// GetHead automatically route undefined HEAD requests to GET handlers. +func GetHead(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == "HEAD" { + rctx := chi.RouteContext(r.Context()) + routePath := rctx.RoutePath + if routePath == "" { + if r.URL.RawPath != "" { + routePath = r.URL.RawPath + } else { + routePath = r.URL.Path + } + } + + // Temporary routing context to look-ahead before routing the request + tctx := chi.NewRouteContext() + + // Attempt to find a HEAD handler for the routing path, if not found, traverse + // the router as through its a GET route, but proceed with the request + // with the HEAD method. + if !rctx.Routes.Match(tctx, "HEAD", routePath) { + rctx.RouteMethod = "GET" + rctx.RoutePath = routePath + next.ServeHTTP(w, r) + return + } + } + + next.ServeHTTP(w, r) + }) +} diff --git a/vendor/github.com/go-chi/chi/middleware/heartbeat.go b/vendor/github.com/go-chi/chi/middleware/heartbeat.go new file mode 100644 index 0000000000..fe822fb536 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/heartbeat.go @@ -0,0 +1,26 @@ +package middleware + +import ( + "net/http" + "strings" +) + +// Heartbeat endpoint middleware useful to setting up a path like +// `/ping` that load balancers or uptime testing external services +// can make a request before hitting any routes. It's also convenient +// to place this above ACL middlewares as well. +func Heartbeat(endpoint string) func(http.Handler) http.Handler { + f := func(h http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + if r.Method == "GET" && strings.EqualFold(r.URL.Path, endpoint) { + w.Header().Set("Content-Type", "text/plain") + w.WriteHeader(http.StatusOK) + w.Write([]byte(".")) + return + } + h.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) + } + return f +} diff --git a/vendor/github.com/go-chi/chi/middleware/logger.go b/vendor/github.com/go-chi/chi/middleware/logger.go new file mode 100644 index 0000000000..158a6a3905 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/logger.go @@ -0,0 +1,155 @@ +package middleware + +import ( + "bytes" + "context" + "log" + "net/http" + "os" + "time" +) + +var ( + // LogEntryCtxKey is the context.Context key to store the request log entry. + LogEntryCtxKey = &contextKey{"LogEntry"} + + // DefaultLogger is called by the Logger middleware handler to log each request. + // Its made a package-level variable so that it can be reconfigured for custom + // logging configurations. + DefaultLogger = RequestLogger(&DefaultLogFormatter{Logger: log.New(os.Stdout, "", log.LstdFlags), NoColor: false}) +) + +// Logger is a middleware that logs the start and end of each request, along +// with some useful data about what was requested, what the response status was, +// and how long it took to return. When standard output is a TTY, Logger will +// print in color, otherwise it will print in black and white. Logger prints a +// request ID if one is provided. +// +// Alternatively, look at https://github.com/goware/httplog for a more in-depth +// http logger with structured logging support. +func Logger(next http.Handler) http.Handler { + return DefaultLogger(next) +} + +// RequestLogger returns a logger handler using a custom LogFormatter. +func RequestLogger(f LogFormatter) func(next http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + entry := f.NewLogEntry(r) + ww := NewWrapResponseWriter(w, r.ProtoMajor) + + t1 := time.Now() + defer func() { + entry.Write(ww.Status(), ww.BytesWritten(), ww.Header(), time.Since(t1), nil) + }() + + next.ServeHTTP(ww, WithLogEntry(r, entry)) + } + return http.HandlerFunc(fn) + } +} + +// LogFormatter initiates the beginning of a new LogEntry per request. +// See DefaultLogFormatter for an example implementation. +type LogFormatter interface { + NewLogEntry(r *http.Request) LogEntry +} + +// LogEntry records the final log when a request completes. +// See defaultLogEntry for an example implementation. +type LogEntry interface { + Write(status, bytes int, header http.Header, elapsed time.Duration, extra interface{}) + Panic(v interface{}, stack []byte) +} + +// GetLogEntry returns the in-context LogEntry for a request. +func GetLogEntry(r *http.Request) LogEntry { + entry, _ := r.Context().Value(LogEntryCtxKey).(LogEntry) + return entry +} + +// WithLogEntry sets the in-context LogEntry for a request. +func WithLogEntry(r *http.Request, entry LogEntry) *http.Request { + r = r.WithContext(context.WithValue(r.Context(), LogEntryCtxKey, entry)) + return r +} + +// LoggerInterface accepts printing to stdlib logger or compatible logger. +type LoggerInterface interface { + Print(v ...interface{}) +} + +// DefaultLogFormatter is a simple logger that implements a LogFormatter. +type DefaultLogFormatter struct { + Logger LoggerInterface + NoColor bool +} + +// NewLogEntry creates a new LogEntry for the request. +func (l *DefaultLogFormatter) NewLogEntry(r *http.Request) LogEntry { + useColor := !l.NoColor + entry := &defaultLogEntry{ + DefaultLogFormatter: l, + request: r, + buf: &bytes.Buffer{}, + useColor: useColor, + } + + reqID := GetReqID(r.Context()) + if reqID != "" { + cW(entry.buf, useColor, nYellow, "[%s] ", reqID) + } + cW(entry.buf, useColor, nCyan, "\"") + cW(entry.buf, useColor, bMagenta, "%s ", r.Method) + + scheme := "http" + if r.TLS != nil { + scheme = "https" + } + cW(entry.buf, useColor, nCyan, "%s://%s%s %s\" ", scheme, r.Host, r.RequestURI, r.Proto) + + entry.buf.WriteString("from ") + entry.buf.WriteString(r.RemoteAddr) + entry.buf.WriteString(" - ") + + return entry +} + +type defaultLogEntry struct { + *DefaultLogFormatter + request *http.Request + buf *bytes.Buffer + useColor bool +} + +func (l *defaultLogEntry) Write(status, bytes int, header http.Header, elapsed time.Duration, extra interface{}) { + switch { + case status < 200: + cW(l.buf, l.useColor, bBlue, "%03d", status) + case status < 300: + cW(l.buf, l.useColor, bGreen, "%03d", status) + case status < 400: + cW(l.buf, l.useColor, bCyan, "%03d", status) + case status < 500: + cW(l.buf, l.useColor, bYellow, "%03d", status) + default: + cW(l.buf, l.useColor, bRed, "%03d", status) + } + + cW(l.buf, l.useColor, bBlue, " %dB", bytes) + + l.buf.WriteString(" in ") + if elapsed < 500*time.Millisecond { + cW(l.buf, l.useColor, nGreen, "%s", elapsed) + } else if elapsed < 5*time.Second { + cW(l.buf, l.useColor, nYellow, "%s", elapsed) + } else { + cW(l.buf, l.useColor, nRed, "%s", elapsed) + } + + l.Logger.Print(l.buf.String()) +} + +func (l *defaultLogEntry) Panic(v interface{}, stack []byte) { + PrintPrettyStack(v) +} diff --git a/vendor/github.com/go-chi/chi/middleware/middleware.go b/vendor/github.com/go-chi/chi/middleware/middleware.go new file mode 100644 index 0000000000..cc371e00a8 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/middleware.go @@ -0,0 +1,23 @@ +package middleware + +import "net/http" + +// New will create a new middleware handler from a http.Handler. +func New(h http.Handler) func(next http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + h.ServeHTTP(w, r) + }) + } +} + +// contextKey is a value for use with context.WithValue. It's used as +// a pointer so it fits in an interface{} without allocation. This technique +// for defining context keys was copied from Go 1.7's new use of context in net/http. +type contextKey struct { + name string +} + +func (k *contextKey) String() string { + return "chi/middleware context value " + k.name +} diff --git a/vendor/github.com/go-chi/chi/middleware/nocache.go b/vendor/github.com/go-chi/chi/middleware/nocache.go new file mode 100644 index 0000000000..2412829e1b --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/nocache.go @@ -0,0 +1,58 @@ +package middleware + +// Ported from Goji's middleware, source: +// https://github.com/zenazn/goji/tree/master/web/middleware + +import ( + "net/http" + "time" +) + +// Unix epoch time +var epoch = time.Unix(0, 0).Format(time.RFC1123) + +// Taken from https://github.com/mytrile/nocache +var noCacheHeaders = map[string]string{ + "Expires": epoch, + "Cache-Control": "no-cache, no-store, no-transform, must-revalidate, private, max-age=0", + "Pragma": "no-cache", + "X-Accel-Expires": "0", +} + +var etagHeaders = []string{ + "ETag", + "If-Modified-Since", + "If-Match", + "If-None-Match", + "If-Range", + "If-Unmodified-Since", +} + +// NoCache is a simple piece of middleware that sets a number of HTTP headers to prevent +// a router (or subrouter) from being cached by an upstream proxy and/or client. +// +// As per http://wiki.nginx.org/HttpProxyModule - NoCache sets: +// Expires: Thu, 01 Jan 1970 00:00:00 UTC +// Cache-Control: no-cache, private, max-age=0 +// X-Accel-Expires: 0 +// Pragma: no-cache (for HTTP/1.0 proxies/clients) +func NoCache(h http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + + // Delete any ETag headers that may have been set + for _, v := range etagHeaders { + if r.Header.Get(v) != "" { + r.Header.Del(v) + } + } + + // Set our NoCache headers + for k, v := range noCacheHeaders { + w.Header().Set(k, v) + } + + h.ServeHTTP(w, r) + } + + return http.HandlerFunc(fn) +} diff --git a/vendor/github.com/go-chi/chi/middleware/profiler.go b/vendor/github.com/go-chi/chi/middleware/profiler.go new file mode 100644 index 0000000000..1d44b8259a --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/profiler.go @@ -0,0 +1,55 @@ +package middleware + +import ( + "expvar" + "fmt" + "net/http" + "net/http/pprof" + + "github.com/go-chi/chi" +) + +// Profiler is a convenient subrouter used for mounting net/http/pprof. ie. +// +// func MyService() http.Handler { +// r := chi.NewRouter() +// // ..middlewares +// r.Mount("/debug", middleware.Profiler()) +// // ..routes +// return r +// } +func Profiler() http.Handler { + r := chi.NewRouter() + r.Use(NoCache) + + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, r.RequestURI+"/pprof/", 301) + }) + r.HandleFunc("/pprof", func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, r.RequestURI+"/", 301) + }) + + r.HandleFunc("/pprof/*", pprof.Index) + r.HandleFunc("/pprof/cmdline", pprof.Cmdline) + r.HandleFunc("/pprof/profile", pprof.Profile) + r.HandleFunc("/pprof/symbol", pprof.Symbol) + r.HandleFunc("/pprof/trace", pprof.Trace) + r.HandleFunc("/vars", expVars) + + return r +} + +// Replicated from expvar.go as not public. +func expVars(w http.ResponseWriter, r *http.Request) { + first := true + w.Header().Set("Content-Type", "application/json") + fmt.Fprintf(w, "{\n") + expvar.Do(func(kv expvar.KeyValue) { + if !first { + fmt.Fprintf(w, ",\n") + } + first = false + fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value) + }) + fmt.Fprintf(w, "\n}\n") +} diff --git a/vendor/github.com/go-chi/chi/middleware/realip.go b/vendor/github.com/go-chi/chi/middleware/realip.go new file mode 100644 index 0000000000..72db6ca9f5 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/realip.go @@ -0,0 +1,54 @@ +package middleware + +// Ported from Goji's middleware, source: +// https://github.com/zenazn/goji/tree/master/web/middleware + +import ( + "net/http" + "strings" +) + +var xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For") +var xRealIP = http.CanonicalHeaderKey("X-Real-IP") + +// RealIP is a middleware that sets a http.Request's RemoteAddr to the results +// of parsing either the X-Forwarded-For header or the X-Real-IP header (in that +// order). +// +// This middleware should be inserted fairly early in the middleware stack to +// ensure that subsequent layers (e.g., request loggers) which examine the +// RemoteAddr will see the intended value. +// +// You should only use this middleware if you can trust the headers passed to +// you (in particular, the two headers this middleware uses), for example +// because you have placed a reverse proxy like HAProxy or nginx in front of +// chi. If your reverse proxies are configured to pass along arbitrary header +// values from the client, or if you use this middleware without a reverse +// proxy, malicious clients will be able to make you very sad (or, depending on +// how you're using RemoteAddr, vulnerable to an attack of some sort). +func RealIP(h http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + if rip := realIP(r); rip != "" { + r.RemoteAddr = rip + } + h.ServeHTTP(w, r) + } + + return http.HandlerFunc(fn) +} + +func realIP(r *http.Request) string { + var ip string + + if xrip := r.Header.Get(xRealIP); xrip != "" { + ip = xrip + } else if xff := r.Header.Get(xForwardedFor); xff != "" { + i := strings.Index(xff, ", ") + if i == -1 { + i = len(xff) + } + ip = xff[:i] + } + + return ip +} diff --git a/vendor/github.com/go-chi/chi/middleware/recoverer.go b/vendor/github.com/go-chi/chi/middleware/recoverer.go new file mode 100644 index 0000000000..785b18c52b --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/recoverer.go @@ -0,0 +1,192 @@ +package middleware + +// The original work was derived from Goji's middleware, source: +// https://github.com/zenazn/goji/tree/master/web/middleware + +import ( + "bytes" + "errors" + "fmt" + "net/http" + "os" + "runtime/debug" + "strings" +) + +// Recoverer is a middleware that recovers from panics, logs the panic (and a +// backtrace), and returns a HTTP 500 (Internal Server Error) status if +// possible. Recoverer prints a request ID if one is provided. +// +// Alternatively, look at https://github.com/pressly/lg middleware pkgs. +func Recoverer(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + defer func() { + if rvr := recover(); rvr != nil && rvr != http.ErrAbortHandler { + + logEntry := GetLogEntry(r) + if logEntry != nil { + logEntry.Panic(rvr, debug.Stack()) + } else { + PrintPrettyStack(rvr) + } + + w.WriteHeader(http.StatusInternalServerError) + } + }() + + next.ServeHTTP(w, r) + } + + return http.HandlerFunc(fn) +} + +func PrintPrettyStack(rvr interface{}) { + debugStack := debug.Stack() + s := prettyStack{} + out, err := s.parse(debugStack, rvr) + if err == nil { + os.Stderr.Write(out) + } else { + // print stdlib output as a fallback + os.Stderr.Write(debugStack) + } +} + +type prettyStack struct { +} + +func (s prettyStack) parse(debugStack []byte, rvr interface{}) ([]byte, error) { + var err error + useColor := true + buf := &bytes.Buffer{} + + cW(buf, false, bRed, "\n") + cW(buf, useColor, bCyan, " panic: ") + cW(buf, useColor, bBlue, "%v", rvr) + cW(buf, false, bWhite, "\n \n") + + // process debug stack info + stack := strings.Split(string(debugStack), "\n") + lines := []string{} + + // locate panic line, as we may have nested panics + for i := len(stack) - 1; i > 0; i-- { + lines = append(lines, stack[i]) + if strings.HasPrefix(stack[i], "panic(0x") { + lines = lines[0 : len(lines)-2] // remove boilerplate + break + } + } + + // reverse + for i := len(lines)/2 - 1; i >= 0; i-- { + opp := len(lines) - 1 - i + lines[i], lines[opp] = lines[opp], lines[i] + } + + // decorate + for i, line := range lines { + lines[i], err = s.decorateLine(line, useColor, i) + if err != nil { + return nil, err + } + } + + for _, l := range lines { + fmt.Fprintf(buf, "%s", l) + } + return buf.Bytes(), nil +} + +func (s prettyStack) decorateLine(line string, useColor bool, num int) (string, error) { + line = strings.TrimSpace(line) + if strings.HasPrefix(line, "\t") || strings.Contains(line, ".go:") { + return s.decorateSourceLine(line, useColor, num) + } else if strings.HasSuffix(line, ")") { + return s.decorateFuncCallLine(line, useColor, num) + } else { + if strings.HasPrefix(line, "\t") { + return strings.Replace(line, "\t", " ", 1), nil + } else { + return fmt.Sprintf(" %s\n", line), nil + } + } +} + +func (s prettyStack) decorateFuncCallLine(line string, useColor bool, num int) (string, error) { + idx := strings.LastIndex(line, "(") + if idx < 0 { + return "", errors.New("not a func call line") + } + + buf := &bytes.Buffer{} + pkg := line[0:idx] + // addr := line[idx:] + method := "" + + idx = strings.LastIndex(pkg, string(os.PathSeparator)) + if idx < 0 { + idx = strings.Index(pkg, ".") + method = pkg[idx:] + pkg = pkg[0:idx] + } else { + method = pkg[idx+1:] + pkg = pkg[0 : idx+1] + idx = strings.Index(method, ".") + pkg += method[0:idx] + method = method[idx:] + } + pkgColor := nYellow + methodColor := bGreen + + if num == 0 { + cW(buf, useColor, bRed, " -> ") + pkgColor = bMagenta + methodColor = bRed + } else { + cW(buf, useColor, bWhite, " ") + } + cW(buf, useColor, pkgColor, "%s", pkg) + cW(buf, useColor, methodColor, "%s\n", method) + // cW(buf, useColor, nBlack, "%s", addr) + return buf.String(), nil +} + +func (s prettyStack) decorateSourceLine(line string, useColor bool, num int) (string, error) { + idx := strings.LastIndex(line, ".go:") + if idx < 0 { + return "", errors.New("not a source line") + } + + buf := &bytes.Buffer{} + path := line[0 : idx+3] + lineno := line[idx+3:] + + idx = strings.LastIndex(path, string(os.PathSeparator)) + dir := path[0 : idx+1] + file := path[idx+1:] + + idx = strings.Index(lineno, " ") + if idx > 0 { + lineno = lineno[0:idx] + } + fileColor := bCyan + lineColor := bGreen + + if num == 1 { + cW(buf, useColor, bRed, " -> ") + fileColor = bRed + lineColor = bMagenta + } else { + cW(buf, false, bWhite, " ") + } + cW(buf, useColor, bWhite, "%s", dir) + cW(buf, useColor, fileColor, "%s", file) + cW(buf, useColor, lineColor, "%s", lineno) + if num == 1 { + cW(buf, false, bWhite, "\n") + } + cW(buf, false, bWhite, "\n") + + return buf.String(), nil +} diff --git a/vendor/github.com/go-chi/chi/middleware/request_id.go b/vendor/github.com/go-chi/chi/middleware/request_id.go new file mode 100644 index 0000000000..4903ecc214 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/request_id.go @@ -0,0 +1,96 @@ +package middleware + +// Ported from Goji's middleware, source: +// https://github.com/zenazn/goji/tree/master/web/middleware + +import ( + "context" + "crypto/rand" + "encoding/base64" + "fmt" + "net/http" + "os" + "strings" + "sync/atomic" +) + +// Key to use when setting the request ID. +type ctxKeyRequestID int + +// RequestIDKey is the key that holds the unique request ID in a request context. +const RequestIDKey ctxKeyRequestID = 0 + +// RequestIDHeader is the name of the HTTP Header which contains the request id. +// Exported so that it can be changed by developers +var RequestIDHeader = "X-Request-Id" + +var prefix string +var reqid uint64 + +// A quick note on the statistics here: we're trying to calculate the chance that +// two randomly generated base62 prefixes will collide. We use the formula from +// http://en.wikipedia.org/wiki/Birthday_problem +// +// P[m, n] \approx 1 - e^{-m^2/2n} +// +// We ballpark an upper bound for $m$ by imagining (for whatever reason) a server +// that restarts every second over 10 years, for $m = 86400 * 365 * 10 = 315360000$ +// +// For a $k$ character base-62 identifier, we have $n(k) = 62^k$ +// +// Plugging this in, we find $P[m, n(10)] \approx 5.75%$, which is good enough for +// our purposes, and is surely more than anyone would ever need in practice -- a +// process that is rebooted a handful of times a day for a hundred years has less +// than a millionth of a percent chance of generating two colliding IDs. + +func init() { + hostname, err := os.Hostname() + if hostname == "" || err != nil { + hostname = "localhost" + } + var buf [12]byte + var b64 string + for len(b64) < 10 { + rand.Read(buf[:]) + b64 = base64.StdEncoding.EncodeToString(buf[:]) + b64 = strings.NewReplacer("+", "", "/", "").Replace(b64) + } + + prefix = fmt.Sprintf("%s/%s", hostname, b64[0:10]) +} + +// RequestID is a middleware that injects a request ID into the context of each +// request. A request ID is a string of the form "host.example.com/random-0001", +// where "random" is a base62 random string that uniquely identifies this go +// process, and where the last number is an atomically incremented request +// counter. +func RequestID(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + requestID := r.Header.Get(RequestIDHeader) + if requestID == "" { + myid := atomic.AddUint64(&reqid, 1) + requestID = fmt.Sprintf("%s-%06d", prefix, myid) + } + ctx = context.WithValue(ctx, RequestIDKey, requestID) + next.ServeHTTP(w, r.WithContext(ctx)) + } + return http.HandlerFunc(fn) +} + +// GetReqID returns a request ID from the given context if one is present. +// Returns the empty string if a request ID cannot be found. +func GetReqID(ctx context.Context) string { + if ctx == nil { + return "" + } + if reqID, ok := ctx.Value(RequestIDKey).(string); ok { + return reqID + } + return "" +} + +// NextRequestID generates the next request ID in the sequence. +func NextRequestID() uint64 { + return atomic.AddUint64(&reqid, 1) +} diff --git a/vendor/github.com/go-chi/chi/middleware/route_headers.go b/vendor/github.com/go-chi/chi/middleware/route_headers.go new file mode 100644 index 0000000000..7ee30c8773 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/route_headers.go @@ -0,0 +1,160 @@ +package middleware + +import ( + "net/http" + "strings" +) + +// RouteHeaders is a neat little header-based router that allows you to direct +// the flow of a request through a middleware stack based on a request header. +// +// For example, lets say you'd like to setup multiple routers depending on the +// request Host header, you could then do something as so: +// +// r := chi.NewRouter() +// rSubdomain := chi.NewRouter() +// +// r.Use(middleware.RouteHeaders(). +// Route("Host", "example.com", middleware.New(r)). +// Route("Host", "*.example.com", middleware.New(rSubdomain)). +// Handler) +// +// r.Get("/", h) +// rSubdomain.Get("/", h2) +// +// +// Another example, imagine you want to setup multiple CORS handlers, where for +// your origin servers you allow authorized requests, but for third-party public +// requests, authorization is disabled. +// +// r := chi.NewRouter() +// +// r.Use(middleware.RouteHeaders(). +// Route("Origin", "https://app.skyweaver.net", cors.Handler(cors.Options{ +// AllowedOrigins: []string{"https://api.skyweaver.net"}, +// AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}, +// AllowedHeaders: []string{"Accept", "Authorization", "Content-Type"}, +// AllowCredentials: true, // <----------<<< allow credentials +// })). +// Route("Origin", "*", cors.Handler(cors.Options{ +// AllowedOrigins: []string{"*"}, +// AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}, +// AllowedHeaders: []string{"Accept", "Content-Type"}, +// AllowCredentials: false, // <----------<<< do not allow credentials +// })). +// Handler) +// +func RouteHeaders() HeaderRouter { + return HeaderRouter{} +} + +type HeaderRouter map[string][]HeaderRoute + +func (hr HeaderRouter) Route(header string, match string, middlewareHandler func(next http.Handler) http.Handler) HeaderRouter { + header = strings.ToLower(header) + k := hr[header] + if k == nil { + hr[header] = []HeaderRoute{} + } + hr[header] = append(hr[header], HeaderRoute{MatchOne: NewPattern(match), Middleware: middlewareHandler}) + return hr +} + +func (hr HeaderRouter) RouteAny(header string, match []string, middlewareHandler func(next http.Handler) http.Handler) HeaderRouter { + header = strings.ToLower(header) + k := hr[header] + if k == nil { + hr[header] = []HeaderRoute{} + } + patterns := []Pattern{} + for _, m := range match { + patterns = append(patterns, NewPattern(m)) + } + hr[header] = append(hr[header], HeaderRoute{MatchAny: patterns, Middleware: middlewareHandler}) + return hr +} + +func (hr HeaderRouter) RouteDefault(handler func(next http.Handler) http.Handler) HeaderRouter { + hr["*"] = []HeaderRoute{{Middleware: handler}} + return hr +} + +func (hr HeaderRouter) Handler(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if len(hr) == 0 { + // skip if no routes set + next.ServeHTTP(w, r) + } + + // find first matching header route, and continue + for header, matchers := range hr { + headerValue := r.Header.Get(header) + if headerValue == "" { + continue + } + headerValue = strings.ToLower(headerValue) + for _, matcher := range matchers { + if matcher.IsMatch(headerValue) { + matcher.Middleware(next).ServeHTTP(w, r) + return + } + } + } + + // if no match, check for "*" default route + matcher, ok := hr["*"] + if !ok || matcher[0].Middleware == nil { + next.ServeHTTP(w, r) + return + } + matcher[0].Middleware(next).ServeHTTP(w, r) + }) +} + +type HeaderRoute struct { + MatchAny []Pattern + MatchOne Pattern + Middleware func(next http.Handler) http.Handler +} + +func (r HeaderRoute) IsMatch(value string) bool { + if len(r.MatchAny) > 0 { + for _, m := range r.MatchAny { + if m.Match(value) { + return true + } + } + } else if r.MatchOne.Match(value) { + return true + } + return false +} + +type Pattern struct { + prefix string + suffix string + wildcard bool +} + +func NewPattern(value string) Pattern { + p := Pattern{} + if i := strings.IndexByte(value, '*'); i >= 0 { + p.wildcard = true + p.prefix = value[0:i] + p.suffix = value[i+1:] + } else { + p.prefix = value + } + return p +} + +func (p Pattern) Match(v string) bool { + if !p.wildcard { + if p.prefix == v { + return true + } else { + return false + } + } + return len(v) >= len(p.prefix+p.suffix) && strings.HasPrefix(v, p.prefix) && strings.HasSuffix(v, p.suffix) +} diff --git a/vendor/github.com/go-chi/chi/middleware/strip.go b/vendor/github.com/go-chi/chi/middleware/strip.go new file mode 100644 index 0000000000..2b8b1842ab --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/strip.go @@ -0,0 +1,56 @@ +package middleware + +import ( + "fmt" + "net/http" + + "github.com/go-chi/chi" +) + +// StripSlashes is a middleware that will match request paths with a trailing +// slash, strip it from the path and continue routing through the mux, if a route +// matches, then it will serve the handler. +func StripSlashes(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + var path string + rctx := chi.RouteContext(r.Context()) + if rctx.RoutePath != "" { + path = rctx.RoutePath + } else { + path = r.URL.Path + } + if len(path) > 1 && path[len(path)-1] == '/' { + rctx.RoutePath = path[:len(path)-1] + } + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) +} + +// RedirectSlashes is a middleware that will match request paths with a trailing +// slash and redirect to the same path, less the trailing slash. +// +// NOTE: RedirectSlashes middleware is *incompatible* with http.FileServer, +// see https://github.com/go-chi/chi/issues/343 +func RedirectSlashes(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + var path string + rctx := chi.RouteContext(r.Context()) + if rctx.RoutePath != "" { + path = rctx.RoutePath + } else { + path = r.URL.Path + } + if len(path) > 1 && path[len(path)-1] == '/' { + if r.URL.RawQuery != "" { + path = fmt.Sprintf("%s?%s", path[:len(path)-1], r.URL.RawQuery) + } else { + path = path[:len(path)-1] + } + http.Redirect(w, r, path, 301) + return + } + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) +} diff --git a/vendor/github.com/go-chi/chi/middleware/terminal.go b/vendor/github.com/go-chi/chi/middleware/terminal.go new file mode 100644 index 0000000000..5ead7b9243 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/terminal.go @@ -0,0 +1,63 @@ +package middleware + +// Ported from Goji's middleware, source: +// https://github.com/zenazn/goji/tree/master/web/middleware + +import ( + "fmt" + "io" + "os" +) + +var ( + // Normal colors + nBlack = []byte{'\033', '[', '3', '0', 'm'} + nRed = []byte{'\033', '[', '3', '1', 'm'} + nGreen = []byte{'\033', '[', '3', '2', 'm'} + nYellow = []byte{'\033', '[', '3', '3', 'm'} + nBlue = []byte{'\033', '[', '3', '4', 'm'} + nMagenta = []byte{'\033', '[', '3', '5', 'm'} + nCyan = []byte{'\033', '[', '3', '6', 'm'} + nWhite = []byte{'\033', '[', '3', '7', 'm'} + // Bright colors + bBlack = []byte{'\033', '[', '3', '0', ';', '1', 'm'} + bRed = []byte{'\033', '[', '3', '1', ';', '1', 'm'} + bGreen = []byte{'\033', '[', '3', '2', ';', '1', 'm'} + bYellow = []byte{'\033', '[', '3', '3', ';', '1', 'm'} + bBlue = []byte{'\033', '[', '3', '4', ';', '1', 'm'} + bMagenta = []byte{'\033', '[', '3', '5', ';', '1', 'm'} + bCyan = []byte{'\033', '[', '3', '6', ';', '1', 'm'} + bWhite = []byte{'\033', '[', '3', '7', ';', '1', 'm'} + + reset = []byte{'\033', '[', '0', 'm'} +) + +var IsTTY bool + +func init() { + // This is sort of cheating: if stdout is a character device, we assume + // that means it's a TTY. Unfortunately, there are many non-TTY + // character devices, but fortunately stdout is rarely set to any of + // them. + // + // We could solve this properly by pulling in a dependency on + // code.google.com/p/go.crypto/ssh/terminal, for instance, but as a + // heuristic for whether to print in color or in black-and-white, I'd + // really rather not. + fi, err := os.Stdout.Stat() + if err == nil { + m := os.ModeDevice | os.ModeCharDevice + IsTTY = fi.Mode()&m == m + } +} + +// colorWrite +func cW(w io.Writer, useColor bool, color []byte, s string, args ...interface{}) { + if IsTTY && useColor { + w.Write(color) + } + fmt.Fprintf(w, s, args...) + if IsTTY && useColor { + w.Write(reset) + } +} diff --git a/vendor/github.com/go-chi/chi/middleware/throttle.go b/vendor/github.com/go-chi/chi/middleware/throttle.go new file mode 100644 index 0000000000..fdedd3c127 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/throttle.go @@ -0,0 +1,132 @@ +package middleware + +import ( + "net/http" + "strconv" + "time" +) + +const ( + errCapacityExceeded = "Server capacity exceeded." + errTimedOut = "Timed out while waiting for a pending request to complete." + errContextCanceled = "Context was canceled." +) + +var ( + defaultBacklogTimeout = time.Second * 60 +) + +// ThrottleOpts represents a set of throttling options. +type ThrottleOpts struct { + Limit int + BacklogLimit int + BacklogTimeout time.Duration + RetryAfterFn func(ctxDone bool) time.Duration +} + +// Throttle is a middleware that limits number of currently processed requests +// at a time across all users. Note: Throttle is not a rate-limiter per user, +// instead it just puts a ceiling on the number of currentl in-flight requests +// being processed from the point from where the Throttle middleware is mounted. +func Throttle(limit int) func(http.Handler) http.Handler { + return ThrottleWithOpts(ThrottleOpts{Limit: limit, BacklogTimeout: defaultBacklogTimeout}) +} + +// ThrottleBacklog is a middleware that limits number of currently processed +// requests at a time and provides a backlog for holding a finite number of +// pending requests. +func ThrottleBacklog(limit int, backlogLimit int, backlogTimeout time.Duration) func(http.Handler) http.Handler { + return ThrottleWithOpts(ThrottleOpts{Limit: limit, BacklogLimit: backlogLimit, BacklogTimeout: backlogTimeout}) +} + +// ThrottleWithOpts is a middleware that limits number of currently processed requests using passed ThrottleOpts. +func ThrottleWithOpts(opts ThrottleOpts) func(http.Handler) http.Handler { + if opts.Limit < 1 { + panic("chi/middleware: Throttle expects limit > 0") + } + + if opts.BacklogLimit < 0 { + panic("chi/middleware: Throttle expects backlogLimit to be positive") + } + + t := throttler{ + tokens: make(chan token, opts.Limit), + backlogTokens: make(chan token, opts.Limit+opts.BacklogLimit), + backlogTimeout: opts.BacklogTimeout, + retryAfterFn: opts.RetryAfterFn, + } + + // Filling tokens. + for i := 0; i < opts.Limit+opts.BacklogLimit; i++ { + if i < opts.Limit { + t.tokens <- token{} + } + t.backlogTokens <- token{} + } + + return func(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + + select { + + case <-ctx.Done(): + t.setRetryAfterHeaderIfNeeded(w, true) + http.Error(w, errContextCanceled, http.StatusServiceUnavailable) + return + + case btok := <-t.backlogTokens: + timer := time.NewTimer(t.backlogTimeout) + + defer func() { + t.backlogTokens <- btok + }() + + select { + case <-timer.C: + t.setRetryAfterHeaderIfNeeded(w, false) + http.Error(w, errTimedOut, http.StatusServiceUnavailable) + return + case <-ctx.Done(): + timer.Stop() + t.setRetryAfterHeaderIfNeeded(w, true) + http.Error(w, errContextCanceled, http.StatusServiceUnavailable) + return + case tok := <-t.tokens: + defer func() { + timer.Stop() + t.tokens <- tok + }() + next.ServeHTTP(w, r) + } + return + + default: + t.setRetryAfterHeaderIfNeeded(w, false) + http.Error(w, errCapacityExceeded, http.StatusServiceUnavailable) + return + } + } + + return http.HandlerFunc(fn) + } +} + +// token represents a request that is being processed. +type token struct{} + +// throttler limits number of currently processed requests at a time. +type throttler struct { + tokens chan token + backlogTokens chan token + backlogTimeout time.Duration + retryAfterFn func(ctxDone bool) time.Duration +} + +// setRetryAfterHeaderIfNeeded sets Retry-After HTTP header if corresponding retryAfterFn option of throttler is initialized. +func (t throttler) setRetryAfterHeaderIfNeeded(w http.ResponseWriter, ctxDone bool) { + if t.retryAfterFn == nil { + return + } + w.Header().Set("Retry-After", strconv.Itoa(int(t.retryAfterFn(ctxDone).Seconds()))) +} diff --git a/vendor/github.com/go-chi/chi/middleware/timeout.go b/vendor/github.com/go-chi/chi/middleware/timeout.go new file mode 100644 index 0000000000..8e373536cf --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/timeout.go @@ -0,0 +1,49 @@ +package middleware + +import ( + "context" + "net/http" + "time" +) + +// Timeout is a middleware that cancels ctx after a given timeout and return +// a 504 Gateway Timeout error to the client. +// +// It's required that you select the ctx.Done() channel to check for the signal +// if the context has reached its deadline and return, otherwise the timeout +// signal will be just ignored. +// +// ie. a route/handler may look like: +// +// r.Get("/long", func(w http.ResponseWriter, r *http.Request) { +// ctx := r.Context() +// processTime := time.Duration(rand.Intn(4)+1) * time.Second +// +// select { +// case <-ctx.Done(): +// return +// +// case <-time.After(processTime): +// // The above channel simulates some hard work. +// } +// +// w.Write([]byte("done")) +// }) +// +func Timeout(timeout time.Duration) func(next http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + ctx, cancel := context.WithTimeout(r.Context(), timeout) + defer func() { + cancel() + if ctx.Err() == context.DeadlineExceeded { + w.WriteHeader(http.StatusGatewayTimeout) + } + }() + + r = r.WithContext(ctx) + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) + } +} diff --git a/vendor/github.com/go-chi/chi/middleware/url_format.go b/vendor/github.com/go-chi/chi/middleware/url_format.go new file mode 100644 index 0000000000..5749e4f32b --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/url_format.go @@ -0,0 +1,72 @@ +package middleware + +import ( + "context" + "net/http" + "strings" + + "github.com/go-chi/chi" +) + +var ( + // URLFormatCtxKey is the context.Context key to store the URL format data + // for a request. + URLFormatCtxKey = &contextKey{"URLFormat"} +) + +// URLFormat is a middleware that parses the url extension from a request path and stores it +// on the context as a string under the key `middleware.URLFormatCtxKey`. The middleware will +// trim the suffix from the routing path and continue routing. +// +// Routers should not include a url parameter for the suffix when using this middleware. +// +// Sample usage.. for url paths: `/articles/1`, `/articles/1.json` and `/articles/1.xml` +// +// func routes() http.Handler { +// r := chi.NewRouter() +// r.Use(middleware.URLFormat) +// +// r.Get("/articles/{id}", ListArticles) +// +// return r +// } +// +// func ListArticles(w http.ResponseWriter, r *http.Request) { +// urlFormat, _ := r.Context().Value(middleware.URLFormatCtxKey).(string) +// +// switch urlFormat { +// case "json": +// render.JSON(w, r, articles) +// case "xml:" +// render.XML(w, r, articles) +// default: +// render.JSON(w, r, articles) +// } +// } +// +func URLFormat(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + + var format string + path := r.URL.Path + + if strings.Index(path, ".") > 0 { + base := strings.LastIndex(path, "/") + idx := strings.Index(path[base:], ".") + + if idx > 0 { + idx += base + format = path[idx+1:] + + rctx := chi.RouteContext(r.Context()) + rctx.RoutePath = path[:idx] + } + } + + r = r.WithContext(context.WithValue(ctx, URLFormatCtxKey, format)) + + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) +} diff --git a/vendor/github.com/go-chi/chi/middleware/value.go b/vendor/github.com/go-chi/chi/middleware/value.go new file mode 100644 index 0000000000..fbbd0393fb --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/value.go @@ -0,0 +1,17 @@ +package middleware + +import ( + "context" + "net/http" +) + +// WithValue is a middleware that sets a given key/value in a context chain. +func WithValue(key interface{}, val interface{}) func(next http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + fn := func(w http.ResponseWriter, r *http.Request) { + r = r.WithContext(context.WithValue(r.Context(), key, val)) + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) + } +} diff --git a/vendor/github.com/go-chi/chi/middleware/wrap_writer.go b/vendor/github.com/go-chi/chi/middleware/wrap_writer.go new file mode 100644 index 0000000000..382a523e48 --- /dev/null +++ b/vendor/github.com/go-chi/chi/middleware/wrap_writer.go @@ -0,0 +1,180 @@ +package middleware + +// The original work was derived from Goji's middleware, source: +// https://github.com/zenazn/goji/tree/master/web/middleware + +import ( + "bufio" + "io" + "net" + "net/http" +) + +// NewWrapResponseWriter wraps an http.ResponseWriter, returning a proxy that allows you to +// hook into various parts of the response process. +func NewWrapResponseWriter(w http.ResponseWriter, protoMajor int) WrapResponseWriter { + _, fl := w.(http.Flusher) + + bw := basicWriter{ResponseWriter: w} + + if protoMajor == 2 { + _, ps := w.(http.Pusher) + if fl && ps { + return &http2FancyWriter{bw} + } + } else { + _, hj := w.(http.Hijacker) + _, rf := w.(io.ReaderFrom) + if fl && hj && rf { + return &httpFancyWriter{bw} + } + } + if fl { + return &flushWriter{bw} + } + + return &bw +} + +// WrapResponseWriter is a proxy around an http.ResponseWriter that allows you to hook +// into various parts of the response process. +type WrapResponseWriter interface { + http.ResponseWriter + // Status returns the HTTP status of the request, or 0 if one has not + // yet been sent. + Status() int + // BytesWritten returns the total number of bytes sent to the client. + BytesWritten() int + // Tee causes the response body to be written to the given io.Writer in + // addition to proxying the writes through. Only one io.Writer can be + // tee'd to at once: setting a second one will overwrite the first. + // Writes will be sent to the proxy before being written to this + // io.Writer. It is illegal for the tee'd writer to be modified + // concurrently with writes. + Tee(io.Writer) + // Unwrap returns the original proxied target. + Unwrap() http.ResponseWriter +} + +// basicWriter wraps a http.ResponseWriter that implements the minimal +// http.ResponseWriter interface. +type basicWriter struct { + http.ResponseWriter + wroteHeader bool + code int + bytes int + tee io.Writer +} + +func (b *basicWriter) WriteHeader(code int) { + if !b.wroteHeader { + b.code = code + b.wroteHeader = true + b.ResponseWriter.WriteHeader(code) + } +} + +func (b *basicWriter) Write(buf []byte) (int, error) { + b.maybeWriteHeader() + n, err := b.ResponseWriter.Write(buf) + if b.tee != nil { + _, err2 := b.tee.Write(buf[:n]) + // Prefer errors generated by the proxied writer. + if err == nil { + err = err2 + } + } + b.bytes += n + return n, err +} + +func (b *basicWriter) maybeWriteHeader() { + if !b.wroteHeader { + b.WriteHeader(http.StatusOK) + } +} + +func (b *basicWriter) Status() int { + return b.code +} + +func (b *basicWriter) BytesWritten() int { + return b.bytes +} + +func (b *basicWriter) Tee(w io.Writer) { + b.tee = w +} + +func (b *basicWriter) Unwrap() http.ResponseWriter { + return b.ResponseWriter +} + +type flushWriter struct { + basicWriter +} + +func (f *flushWriter) Flush() { + f.wroteHeader = true + fl := f.basicWriter.ResponseWriter.(http.Flusher) + fl.Flush() +} + +var _ http.Flusher = &flushWriter{} + +// httpFancyWriter is a HTTP writer that additionally satisfies +// http.Flusher, http.Hijacker, and io.ReaderFrom. It exists for the common case +// of wrapping the http.ResponseWriter that package http gives you, in order to +// make the proxied object support the full method set of the proxied object. +type httpFancyWriter struct { + basicWriter +} + +func (f *httpFancyWriter) Flush() { + f.wroteHeader = true + fl := f.basicWriter.ResponseWriter.(http.Flusher) + fl.Flush() +} + +func (f *httpFancyWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { + hj := f.basicWriter.ResponseWriter.(http.Hijacker) + return hj.Hijack() +} + +func (f *http2FancyWriter) Push(target string, opts *http.PushOptions) error { + return f.basicWriter.ResponseWriter.(http.Pusher).Push(target, opts) +} + +func (f *httpFancyWriter) ReadFrom(r io.Reader) (int64, error) { + if f.basicWriter.tee != nil { + n, err := io.Copy(&f.basicWriter, r) + f.basicWriter.bytes += int(n) + return n, err + } + rf := f.basicWriter.ResponseWriter.(io.ReaderFrom) + f.basicWriter.maybeWriteHeader() + n, err := rf.ReadFrom(r) + f.basicWriter.bytes += int(n) + return n, err +} + +var _ http.Flusher = &httpFancyWriter{} +var _ http.Hijacker = &httpFancyWriter{} +var _ http.Pusher = &http2FancyWriter{} +var _ io.ReaderFrom = &httpFancyWriter{} + +// http2FancyWriter is a HTTP2 writer that additionally satisfies +// http.Flusher, and io.ReaderFrom. It exists for the common case +// of wrapping the http.ResponseWriter that package http gives you, in order to +// make the proxied object support the full method set of the proxied object. +type http2FancyWriter struct { + basicWriter +} + +func (f *http2FancyWriter) Flush() { + f.wroteHeader = true + fl := f.basicWriter.ResponseWriter.(http.Flusher) + fl.Flush() +} + +var _ http.Flusher = &http2FancyWriter{} diff --git a/vendor/github.com/go-chi/chi/mux.go b/vendor/github.com/go-chi/chi/mux.go new file mode 100644 index 0000000000..52950e97b5 --- /dev/null +++ b/vendor/github.com/go-chi/chi/mux.go @@ -0,0 +1,466 @@ +package chi + +import ( + "context" + "fmt" + "net/http" + "strings" + "sync" +) + +var _ Router = &Mux{} + +// Mux is a simple HTTP route multiplexer that parses a request path, +// records any URL params, and executes an end handler. It implements +// the http.Handler interface and is friendly with the standard library. +// +// Mux is designed to be fast, minimal and offer a powerful API for building +// modular and composable HTTP services with a large set of handlers. It's +// particularly useful for writing large REST API services that break a handler +// into many smaller parts composed of middlewares and end handlers. +type Mux struct { + // The radix trie router + tree *node + + // The middleware stack + middlewares []func(http.Handler) http.Handler + + // Controls the behaviour of middleware chain generation when a mux + // is registered as an inline group inside another mux. + inline bool + parent *Mux + + // The computed mux handler made of the chained middleware stack and + // the tree router + handler http.Handler + + // Routing context pool + pool *sync.Pool + + // Custom route not found handler + notFoundHandler http.HandlerFunc + + // Custom method not allowed handler + methodNotAllowedHandler http.HandlerFunc +} + +// NewMux returns a newly initialized Mux object that implements the Router +// interface. +func NewMux() *Mux { + mux := &Mux{tree: &node{}, pool: &sync.Pool{}} + mux.pool.New = func() interface{} { + return NewRouteContext() + } + return mux +} + +// ServeHTTP is the single method of the http.Handler interface that makes +// Mux interoperable with the standard library. It uses a sync.Pool to get and +// reuse routing contexts for each request. +func (mx *Mux) ServeHTTP(w http.ResponseWriter, r *http.Request) { + // Ensure the mux has some routes defined on the mux + if mx.handler == nil { + mx.NotFoundHandler().ServeHTTP(w, r) + return + } + + // Check if a routing context already exists from a parent router. + rctx, _ := r.Context().Value(RouteCtxKey).(*Context) + if rctx != nil { + mx.handler.ServeHTTP(w, r) + return + } + + // Fetch a RouteContext object from the sync pool, and call the computed + // mx.handler that is comprised of mx.middlewares + mx.routeHTTP. + // Once the request is finished, reset the routing context and put it back + // into the pool for reuse from another request. + rctx = mx.pool.Get().(*Context) + rctx.Reset() + rctx.Routes = mx + + // NOTE: r.WithContext() causes 2 allocations and context.WithValue() causes 1 allocation + r = r.WithContext(context.WithValue(r.Context(), RouteCtxKey, rctx)) + + // Serve the request and once its done, put the request context back in the sync pool + mx.handler.ServeHTTP(w, r) + mx.pool.Put(rctx) +} + +// Use appends a middleware handler to the Mux middleware stack. +// +// The middleware stack for any Mux will execute before searching for a matching +// route to a specific handler, which provides opportunity to respond early, +// change the course of the request execution, or set request-scoped values for +// the next http.Handler. +func (mx *Mux) Use(middlewares ...func(http.Handler) http.Handler) { + if mx.handler != nil { + panic("chi: all middlewares must be defined before routes on a mux") + } + mx.middlewares = append(mx.middlewares, middlewares...) +} + +// Handle adds the route `pattern` that matches any http method to +// execute the `handler` http.Handler. +func (mx *Mux) Handle(pattern string, handler http.Handler) { + mx.handle(mALL, pattern, handler) +} + +// HandleFunc adds the route `pattern` that matches any http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) HandleFunc(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mALL, pattern, handlerFn) +} + +// Method adds the route `pattern` that matches `method` http method to +// execute the `handler` http.Handler. +func (mx *Mux) Method(method, pattern string, handler http.Handler) { + m, ok := methodMap[strings.ToUpper(method)] + if !ok { + panic(fmt.Sprintf("chi: '%s' http method is not supported.", method)) + } + mx.handle(m, pattern, handler) +} + +// MethodFunc adds the route `pattern` that matches `method` http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) MethodFunc(method, pattern string, handlerFn http.HandlerFunc) { + mx.Method(method, pattern, handlerFn) +} + +// Connect adds the route `pattern` that matches a CONNECT http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Connect(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mCONNECT, pattern, handlerFn) +} + +// Delete adds the route `pattern` that matches a DELETE http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Delete(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mDELETE, pattern, handlerFn) +} + +// Get adds the route `pattern` that matches a GET http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Get(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mGET, pattern, handlerFn) +} + +// Head adds the route `pattern` that matches a HEAD http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Head(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mHEAD, pattern, handlerFn) +} + +// Options adds the route `pattern` that matches a OPTIONS http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Options(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mOPTIONS, pattern, handlerFn) +} + +// Patch adds the route `pattern` that matches a PATCH http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Patch(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mPATCH, pattern, handlerFn) +} + +// Post adds the route `pattern` that matches a POST http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Post(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mPOST, pattern, handlerFn) +} + +// Put adds the route `pattern` that matches a PUT http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Put(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mPUT, pattern, handlerFn) +} + +// Trace adds the route `pattern` that matches a TRACE http method to +// execute the `handlerFn` http.HandlerFunc. +func (mx *Mux) Trace(pattern string, handlerFn http.HandlerFunc) { + mx.handle(mTRACE, pattern, handlerFn) +} + +// NotFound sets a custom http.HandlerFunc for routing paths that could +// not be found. The default 404 handler is `http.NotFound`. +func (mx *Mux) NotFound(handlerFn http.HandlerFunc) { + // Build NotFound handler chain + m := mx + hFn := handlerFn + if mx.inline && mx.parent != nil { + m = mx.parent + hFn = Chain(mx.middlewares...).HandlerFunc(hFn).ServeHTTP + } + + // Update the notFoundHandler from this point forward + m.notFoundHandler = hFn + m.updateSubRoutes(func(subMux *Mux) { + if subMux.notFoundHandler == nil { + subMux.NotFound(hFn) + } + }) +} + +// MethodNotAllowed sets a custom http.HandlerFunc for routing paths where the +// method is unresolved. The default handler returns a 405 with an empty body. +func (mx *Mux) MethodNotAllowed(handlerFn http.HandlerFunc) { + // Build MethodNotAllowed handler chain + m := mx + hFn := handlerFn + if mx.inline && mx.parent != nil { + m = mx.parent + hFn = Chain(mx.middlewares...).HandlerFunc(hFn).ServeHTTP + } + + // Update the methodNotAllowedHandler from this point forward + m.methodNotAllowedHandler = hFn + m.updateSubRoutes(func(subMux *Mux) { + if subMux.methodNotAllowedHandler == nil { + subMux.MethodNotAllowed(hFn) + } + }) +} + +// With adds inline middlewares for an endpoint handler. +func (mx *Mux) With(middlewares ...func(http.Handler) http.Handler) Router { + // Similarly as in handle(), we must build the mux handler once additional + // middleware registration isn't allowed for this stack, like now. + if !mx.inline && mx.handler == nil { + mx.buildRouteHandler() + } + + // Copy middlewares from parent inline muxs + var mws Middlewares + if mx.inline { + mws = make(Middlewares, len(mx.middlewares)) + copy(mws, mx.middlewares) + } + mws = append(mws, middlewares...) + + im := &Mux{ + pool: mx.pool, inline: true, parent: mx, tree: mx.tree, middlewares: mws, + notFoundHandler: mx.notFoundHandler, methodNotAllowedHandler: mx.methodNotAllowedHandler, + } + + return im +} + +// Group creates a new inline-Mux with a fresh middleware stack. It's useful +// for a group of handlers along the same routing path that use an additional +// set of middlewares. See _examples/. +func (mx *Mux) Group(fn func(r Router)) Router { + im := mx.With().(*Mux) + if fn != nil { + fn(im) + } + return im +} + +// Route creates a new Mux with a fresh middleware stack and mounts it +// along the `pattern` as a subrouter. Effectively, this is a short-hand +// call to Mount. See _examples/. +func (mx *Mux) Route(pattern string, fn func(r Router)) Router { + subRouter := NewRouter() + if fn != nil { + fn(subRouter) + } + mx.Mount(pattern, subRouter) + return subRouter +} + +// Mount attaches another http.Handler or chi Router as a subrouter along a routing +// path. It's very useful to split up a large API as many independent routers and +// compose them as a single service using Mount. See _examples/. +// +// Note that Mount() simply sets a wildcard along the `pattern` that will continue +// routing at the `handler`, which in most cases is another chi.Router. As a result, +// if you define two Mount() routes on the exact same pattern the mount will panic. +func (mx *Mux) Mount(pattern string, handler http.Handler) { + // Provide runtime safety for ensuring a pattern isn't mounted on an existing + // routing pattern. + if mx.tree.findPattern(pattern+"*") || mx.tree.findPattern(pattern+"/*") { + panic(fmt.Sprintf("chi: attempting to Mount() a handler on an existing path, '%s'", pattern)) + } + + // Assign sub-Router's with the parent not found & method not allowed handler if not specified. + subr, ok := handler.(*Mux) + if ok && subr.notFoundHandler == nil && mx.notFoundHandler != nil { + subr.NotFound(mx.notFoundHandler) + } + if ok && subr.methodNotAllowedHandler == nil && mx.methodNotAllowedHandler != nil { + subr.MethodNotAllowed(mx.methodNotAllowedHandler) + } + + mountHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + rctx := RouteContext(r.Context()) + rctx.RoutePath = mx.nextRoutePath(rctx) + handler.ServeHTTP(w, r) + }) + + if pattern == "" || pattern[len(pattern)-1] != '/' { + mx.handle(mALL|mSTUB, pattern, mountHandler) + mx.handle(mALL|mSTUB, pattern+"/", mountHandler) + pattern += "/" + } + + method := mALL + subroutes, _ := handler.(Routes) + if subroutes != nil { + method |= mSTUB + } + n := mx.handle(method, pattern+"*", mountHandler) + + if subroutes != nil { + n.subroutes = subroutes + } +} + +// Routes returns a slice of routing information from the tree, +// useful for traversing available routes of a router. +func (mx *Mux) Routes() []Route { + return mx.tree.routes() +} + +// Middlewares returns a slice of middleware handler functions. +func (mx *Mux) Middlewares() Middlewares { + return mx.middlewares +} + +// Match searches the routing tree for a handler that matches the method/path. +// It's similar to routing a http request, but without executing the handler +// thereafter. +// +// Note: the *Context state is updated during execution, so manage +// the state carefully or make a NewRouteContext(). +func (mx *Mux) Match(rctx *Context, method, path string) bool { + m, ok := methodMap[method] + if !ok { + return false + } + + node, _, h := mx.tree.FindRoute(rctx, m, path) + + if node != nil && node.subroutes != nil { + rctx.RoutePath = mx.nextRoutePath(rctx) + return node.subroutes.Match(rctx, method, rctx.RoutePath) + } + + return h != nil +} + +// NotFoundHandler returns the default Mux 404 responder whenever a route +// cannot be found. +func (mx *Mux) NotFoundHandler() http.HandlerFunc { + if mx.notFoundHandler != nil { + return mx.notFoundHandler + } + return http.NotFound +} + +// MethodNotAllowedHandler returns the default Mux 405 responder whenever +// a method cannot be resolved for a route. +func (mx *Mux) MethodNotAllowedHandler() http.HandlerFunc { + if mx.methodNotAllowedHandler != nil { + return mx.methodNotAllowedHandler + } + return methodNotAllowedHandler +} + +// buildRouteHandler builds the single mux handler that is a chain of the middleware +// stack, as defined by calls to Use(), and the tree router (Mux) itself. After this +// point, no other middlewares can be registered on this Mux's stack. But you can still +// compose additional middlewares via Group()'s or using a chained middleware handler. +func (mx *Mux) buildRouteHandler() { + mx.handler = chain(mx.middlewares, http.HandlerFunc(mx.routeHTTP)) +} + +// handle registers a http.Handler in the routing tree for a particular http method +// and routing pattern. +func (mx *Mux) handle(method methodTyp, pattern string, handler http.Handler) *node { + if len(pattern) == 0 || pattern[0] != '/' { + panic(fmt.Sprintf("chi: routing pattern must begin with '/' in '%s'", pattern)) + } + + // Build the computed routing handler for this routing pattern. + if !mx.inline && mx.handler == nil { + mx.buildRouteHandler() + } + + // Build endpoint handler with inline middlewares for the route + var h http.Handler + if mx.inline { + mx.handler = http.HandlerFunc(mx.routeHTTP) + h = Chain(mx.middlewares...).Handler(handler) + } else { + h = handler + } + + // Add the endpoint to the tree and return the node + return mx.tree.InsertRoute(method, pattern, h) +} + +// routeHTTP routes a http.Request through the Mux routing tree to serve +// the matching handler for a particular http method. +func (mx *Mux) routeHTTP(w http.ResponseWriter, r *http.Request) { + // Grab the route context object + rctx := r.Context().Value(RouteCtxKey).(*Context) + + // The request routing path + routePath := rctx.RoutePath + if routePath == "" { + if r.URL.RawPath != "" { + routePath = r.URL.RawPath + } else { + routePath = r.URL.Path + } + } + + // Check if method is supported by chi + if rctx.RouteMethod == "" { + rctx.RouteMethod = r.Method + } + method, ok := methodMap[rctx.RouteMethod] + if !ok { + mx.MethodNotAllowedHandler().ServeHTTP(w, r) + return + } + + // Find the route + if _, _, h := mx.tree.FindRoute(rctx, method, routePath); h != nil { + h.ServeHTTP(w, r) + return + } + if rctx.methodNotAllowed { + mx.MethodNotAllowedHandler().ServeHTTP(w, r) + } else { + mx.NotFoundHandler().ServeHTTP(w, r) + } +} + +func (mx *Mux) nextRoutePath(rctx *Context) string { + routePath := "/" + nx := len(rctx.routeParams.Keys) - 1 // index of last param in list + if nx >= 0 && rctx.routeParams.Keys[nx] == "*" && len(rctx.routeParams.Values) > nx { + routePath = "/" + rctx.routeParams.Values[nx] + } + return routePath +} + +// Recursively update data on child routers. +func (mx *Mux) updateSubRoutes(fn func(subMux *Mux)) { + for _, r := range mx.tree.routes() { + subMux, ok := r.SubRoutes.(*Mux) + if !ok { + continue + } + fn(subMux) + } +} + +// methodNotAllowedHandler is a helper function to respond with a 405, +// method not allowed. +func methodNotAllowedHandler(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(405) + w.Write(nil) +} diff --git a/vendor/github.com/go-chi/chi/tree.go b/vendor/github.com/go-chi/chi/tree.go new file mode 100644 index 0000000000..59b5b5f7b0 --- /dev/null +++ b/vendor/github.com/go-chi/chi/tree.go @@ -0,0 +1,865 @@ +package chi + +// Radix tree implementation below is a based on the original work by +// Armon Dadgar in https://github.com/armon/go-radix/blob/master/radix.go +// (MIT licensed). It's been heavily modified for use as a HTTP routing tree. + +import ( + "fmt" + "math" + "net/http" + "regexp" + "sort" + "strconv" + "strings" +) + +type methodTyp int + +const ( + mSTUB methodTyp = 1 << iota + mCONNECT + mDELETE + mGET + mHEAD + mOPTIONS + mPATCH + mPOST + mPUT + mTRACE +) + +var mALL = mCONNECT | mDELETE | mGET | mHEAD | + mOPTIONS | mPATCH | mPOST | mPUT | mTRACE + +var methodMap = map[string]methodTyp{ + http.MethodConnect: mCONNECT, + http.MethodDelete: mDELETE, + http.MethodGet: mGET, + http.MethodHead: mHEAD, + http.MethodOptions: mOPTIONS, + http.MethodPatch: mPATCH, + http.MethodPost: mPOST, + http.MethodPut: mPUT, + http.MethodTrace: mTRACE, +} + +// RegisterMethod adds support for custom HTTP method handlers, available +// via Router#Method and Router#MethodFunc +func RegisterMethod(method string) { + if method == "" { + return + } + method = strings.ToUpper(method) + if _, ok := methodMap[method]; ok { + return + } + n := len(methodMap) + if n > strconv.IntSize { + panic(fmt.Sprintf("chi: max number of methods reached (%d)", strconv.IntSize)) + } + mt := methodTyp(math.Exp2(float64(n))) + methodMap[method] = mt + mALL |= mt +} + +type nodeTyp uint8 + +const ( + ntStatic nodeTyp = iota // /home + ntRegexp // /{id:[0-9]+} + ntParam // /{user} + ntCatchAll // /api/v1/* +) + +type node struct { + // node type: static, regexp, param, catchAll + typ nodeTyp + + // first byte of the prefix + label byte + + // first byte of the child prefix + tail byte + + // prefix is the common prefix we ignore + prefix string + + // regexp matcher for regexp nodes + rex *regexp.Regexp + + // HTTP handler endpoints on the leaf node + endpoints endpoints + + // subroutes on the leaf node + subroutes Routes + + // child nodes should be stored in-order for iteration, + // in groups of the node type. + children [ntCatchAll + 1]nodes +} + +// endpoints is a mapping of http method constants to handlers +// for a given route. +type endpoints map[methodTyp]*endpoint + +type endpoint struct { + // endpoint handler + handler http.Handler + + // pattern is the routing pattern for handler nodes + pattern string + + // parameter keys recorded on handler nodes + paramKeys []string +} + +func (s endpoints) Value(method methodTyp) *endpoint { + mh, ok := s[method] + if !ok { + mh = &endpoint{} + s[method] = mh + } + return mh +} + +func (n *node) InsertRoute(method methodTyp, pattern string, handler http.Handler) *node { + var parent *node + search := pattern + + for { + // Handle key exhaustion + if len(search) == 0 { + // Insert or update the node's leaf handler + n.setEndpoint(method, handler, pattern) + return n + } + + // We're going to be searching for a wild node next, + // in this case, we need to get the tail + var label = search[0] + var segTail byte + var segEndIdx int + var segTyp nodeTyp + var segRexpat string + if label == '{' || label == '*' { + segTyp, _, segRexpat, segTail, _, segEndIdx = patNextSegment(search) + } + + var prefix string + if segTyp == ntRegexp { + prefix = segRexpat + } + + // Look for the edge to attach to + parent = n + n = n.getEdge(segTyp, label, segTail, prefix) + + // No edge, create one + if n == nil { + child := &node{label: label, tail: segTail, prefix: search} + hn := parent.addChild(child, search) + hn.setEndpoint(method, handler, pattern) + + return hn + } + + // Found an edge to match the pattern + + if n.typ > ntStatic { + // We found a param node, trim the param from the search path and continue. + // This param/wild pattern segment would already be on the tree from a previous + // call to addChild when creating a new node. + search = search[segEndIdx:] + continue + } + + // Static nodes fall below here. + // Determine longest prefix of the search key on match. + commonPrefix := longestPrefix(search, n.prefix) + if commonPrefix == len(n.prefix) { + // the common prefix is as long as the current node's prefix we're attempting to insert. + // keep the search going. + search = search[commonPrefix:] + continue + } + + // Split the node + child := &node{ + typ: ntStatic, + prefix: search[:commonPrefix], + } + parent.replaceChild(search[0], segTail, child) + + // Restore the existing node + n.label = n.prefix[commonPrefix] + n.prefix = n.prefix[commonPrefix:] + child.addChild(n, n.prefix) + + // If the new key is a subset, set the method/handler on this node and finish. + search = search[commonPrefix:] + if len(search) == 0 { + child.setEndpoint(method, handler, pattern) + return child + } + + // Create a new edge for the node + subchild := &node{ + typ: ntStatic, + label: search[0], + prefix: search, + } + hn := child.addChild(subchild, search) + hn.setEndpoint(method, handler, pattern) + return hn + } +} + +// addChild appends the new `child` node to the tree using the `pattern` as the trie key. +// For a URL router like chi's, we split the static, param, regexp and wildcard segments +// into different nodes. In addition, addChild will recursively call itself until every +// pattern segment is added to the url pattern tree as individual nodes, depending on type. +func (n *node) addChild(child *node, prefix string) *node { + search := prefix + + // handler leaf node added to the tree is the child. + // this may be overridden later down the flow + hn := child + + // Parse next segment + segTyp, _, segRexpat, segTail, segStartIdx, segEndIdx := patNextSegment(search) + + // Add child depending on next up segment + switch segTyp { + + case ntStatic: + // Search prefix is all static (that is, has no params in path) + // noop + + default: + // Search prefix contains a param, regexp or wildcard + + if segTyp == ntRegexp { + rex, err := regexp.Compile(segRexpat) + if err != nil { + panic(fmt.Sprintf("chi: invalid regexp pattern '%s' in route param", segRexpat)) + } + child.prefix = segRexpat + child.rex = rex + } + + if segStartIdx == 0 { + // Route starts with a param + child.typ = segTyp + + if segTyp == ntCatchAll { + segStartIdx = -1 + } else { + segStartIdx = segEndIdx + } + if segStartIdx < 0 { + segStartIdx = len(search) + } + child.tail = segTail // for params, we set the tail + + if segStartIdx != len(search) { + // add static edge for the remaining part, split the end. + // its not possible to have adjacent param nodes, so its certainly + // going to be a static node next. + + search = search[segStartIdx:] // advance search position + + nn := &node{ + typ: ntStatic, + label: search[0], + prefix: search, + } + hn = child.addChild(nn, search) + } + + } else if segStartIdx > 0 { + // Route has some param + + // starts with a static segment + child.typ = ntStatic + child.prefix = search[:segStartIdx] + child.rex = nil + + // add the param edge node + search = search[segStartIdx:] + + nn := &node{ + typ: segTyp, + label: search[0], + tail: segTail, + } + hn = child.addChild(nn, search) + + } + } + + n.children[child.typ] = append(n.children[child.typ], child) + n.children[child.typ].Sort() + return hn +} + +func (n *node) replaceChild(label, tail byte, child *node) { + for i := 0; i < len(n.children[child.typ]); i++ { + if n.children[child.typ][i].label == label && n.children[child.typ][i].tail == tail { + n.children[child.typ][i] = child + n.children[child.typ][i].label = label + n.children[child.typ][i].tail = tail + return + } + } + panic("chi: replacing missing child") +} + +func (n *node) getEdge(ntyp nodeTyp, label, tail byte, prefix string) *node { + nds := n.children[ntyp] + for i := 0; i < len(nds); i++ { + if nds[i].label == label && nds[i].tail == tail { + if ntyp == ntRegexp && nds[i].prefix != prefix { + continue + } + return nds[i] + } + } + return nil +} + +func (n *node) setEndpoint(method methodTyp, handler http.Handler, pattern string) { + // Set the handler for the method type on the node + if n.endpoints == nil { + n.endpoints = make(endpoints) + } + + paramKeys := patParamKeys(pattern) + + if method&mSTUB == mSTUB { + n.endpoints.Value(mSTUB).handler = handler + } + if method&mALL == mALL { + h := n.endpoints.Value(mALL) + h.handler = handler + h.pattern = pattern + h.paramKeys = paramKeys + for _, m := range methodMap { + h := n.endpoints.Value(m) + h.handler = handler + h.pattern = pattern + h.paramKeys = paramKeys + } + } else { + h := n.endpoints.Value(method) + h.handler = handler + h.pattern = pattern + h.paramKeys = paramKeys + } +} + +func (n *node) FindRoute(rctx *Context, method methodTyp, path string) (*node, endpoints, http.Handler) { + // Reset the context routing pattern and params + rctx.routePattern = "" + rctx.routeParams.Keys = rctx.routeParams.Keys[:0] + rctx.routeParams.Values = rctx.routeParams.Values[:0] + + // Find the routing handlers for the path + rn := n.findRoute(rctx, method, path) + if rn == nil { + return nil, nil, nil + } + + // Record the routing params in the request lifecycle + rctx.URLParams.Keys = append(rctx.URLParams.Keys, rctx.routeParams.Keys...) + rctx.URLParams.Values = append(rctx.URLParams.Values, rctx.routeParams.Values...) + + // Record the routing pattern in the request lifecycle + if rn.endpoints[method].pattern != "" { + rctx.routePattern = rn.endpoints[method].pattern + rctx.RoutePatterns = append(rctx.RoutePatterns, rctx.routePattern) + } + + return rn, rn.endpoints, rn.endpoints[method].handler +} + +// Recursive edge traversal by checking all nodeTyp groups along the way. +// It's like searching through a multi-dimensional radix trie. +func (n *node) findRoute(rctx *Context, method methodTyp, path string) *node { + nn := n + search := path + + for t, nds := range nn.children { + ntyp := nodeTyp(t) + if len(nds) == 0 { + continue + } + + var xn *node + xsearch := search + + var label byte + if search != "" { + label = search[0] + } + + switch ntyp { + case ntStatic: + xn = nds.findEdge(label) + if xn == nil || !strings.HasPrefix(xsearch, xn.prefix) { + continue + } + xsearch = xsearch[len(xn.prefix):] + + case ntParam, ntRegexp: + // short-circuit and return no matching route for empty param values + if xsearch == "" { + continue + } + + // serially loop through each node grouped by the tail delimiter + for idx := 0; idx < len(nds); idx++ { + xn = nds[idx] + + // label for param nodes is the delimiter byte + p := strings.IndexByte(xsearch, xn.tail) + + if p < 0 { + if xn.tail == '/' { + p = len(xsearch) + } else { + continue + } + } + + if ntyp == ntRegexp && xn.rex != nil { + if !xn.rex.Match([]byte(xsearch[:p])) { + continue + } + } else if strings.IndexByte(xsearch[:p], '/') != -1 { + // avoid a match across path segments + continue + } + + prevlen := len(rctx.routeParams.Values) + rctx.routeParams.Values = append(rctx.routeParams.Values, xsearch[:p]) + xsearch = xsearch[p:] + + if len(xsearch) == 0 { + if xn.isLeaf() { + h := xn.endpoints[method] + if h != nil && h.handler != nil { + rctx.routeParams.Keys = append(rctx.routeParams.Keys, h.paramKeys...) + return xn + } + + // flag that the routing context found a route, but not a corresponding + // supported method + rctx.methodNotAllowed = true + } + } + + // recursively find the next node on this branch + fin := xn.findRoute(rctx, method, xsearch) + if fin != nil { + return fin + } + + // not found on this branch, reset vars + rctx.routeParams.Values = rctx.routeParams.Values[:prevlen] + xsearch = search + } + + rctx.routeParams.Values = append(rctx.routeParams.Values, "") + + default: + // catch-all nodes + rctx.routeParams.Values = append(rctx.routeParams.Values, search) + xn = nds[0] + xsearch = "" + } + + if xn == nil { + continue + } + + // did we find it yet? + if len(xsearch) == 0 { + if xn.isLeaf() { + h := xn.endpoints[method] + if h != nil && h.handler != nil { + rctx.routeParams.Keys = append(rctx.routeParams.Keys, h.paramKeys...) + return xn + } + + // flag that the routing context found a route, but not a corresponding + // supported method + rctx.methodNotAllowed = true + } + } + + // recursively find the next node.. + fin := xn.findRoute(rctx, method, xsearch) + if fin != nil { + return fin + } + + // Did not find final handler, let's remove the param here if it was set + if xn.typ > ntStatic { + if len(rctx.routeParams.Values) > 0 { + rctx.routeParams.Values = rctx.routeParams.Values[:len(rctx.routeParams.Values)-1] + } + } + + } + + return nil +} + +func (n *node) findEdge(ntyp nodeTyp, label byte) *node { + nds := n.children[ntyp] + num := len(nds) + idx := 0 + + switch ntyp { + case ntStatic, ntParam, ntRegexp: + i, j := 0, num-1 + for i <= j { + idx = i + (j-i)/2 + if label > nds[idx].label { + i = idx + 1 + } else if label < nds[idx].label { + j = idx - 1 + } else { + i = num // breaks cond + } + } + if nds[idx].label != label { + return nil + } + return nds[idx] + + default: // catch all + return nds[idx] + } +} + +func (n *node) isLeaf() bool { + return n.endpoints != nil +} + +func (n *node) findPattern(pattern string) bool { + nn := n + for _, nds := range nn.children { + if len(nds) == 0 { + continue + } + + n = nn.findEdge(nds[0].typ, pattern[0]) + if n == nil { + continue + } + + var idx int + var xpattern string + + switch n.typ { + case ntStatic: + idx = longestPrefix(pattern, n.prefix) + if idx < len(n.prefix) { + continue + } + + case ntParam, ntRegexp: + idx = strings.IndexByte(pattern, '}') + 1 + + case ntCatchAll: + idx = longestPrefix(pattern, "*") + + default: + panic("chi: unknown node type") + } + + xpattern = pattern[idx:] + if len(xpattern) == 0 { + return true + } + + return n.findPattern(xpattern) + } + return false +} + +func (n *node) routes() []Route { + rts := []Route{} + + n.walk(func(eps endpoints, subroutes Routes) bool { + if eps[mSTUB] != nil && eps[mSTUB].handler != nil && subroutes == nil { + return false + } + + // Group methodHandlers by unique patterns + pats := make(map[string]endpoints) + + for mt, h := range eps { + if h.pattern == "" { + continue + } + p, ok := pats[h.pattern] + if !ok { + p = endpoints{} + pats[h.pattern] = p + } + p[mt] = h + } + + for p, mh := range pats { + hs := make(map[string]http.Handler) + if mh[mALL] != nil && mh[mALL].handler != nil { + hs["*"] = mh[mALL].handler + } + + for mt, h := range mh { + if h.handler == nil { + continue + } + m := methodTypString(mt) + if m == "" { + continue + } + hs[m] = h.handler + } + + rt := Route{p, hs, subroutes} + rts = append(rts, rt) + } + + return false + }) + + return rts +} + +func (n *node) walk(fn func(eps endpoints, subroutes Routes) bool) bool { + // Visit the leaf values if any + if (n.endpoints != nil || n.subroutes != nil) && fn(n.endpoints, n.subroutes) { + return true + } + + // Recurse on the children + for _, ns := range n.children { + for _, cn := range ns { + if cn.walk(fn) { + return true + } + } + } + return false +} + +// patNextSegment returns the next segment details from a pattern: +// node type, param key, regexp string, param tail byte, param starting index, param ending index +func patNextSegment(pattern string) (nodeTyp, string, string, byte, int, int) { + ps := strings.Index(pattern, "{") + ws := strings.Index(pattern, "*") + + if ps < 0 && ws < 0 { + return ntStatic, "", "", 0, 0, len(pattern) // we return the entire thing + } + + // Sanity check + if ps >= 0 && ws >= 0 && ws < ps { + panic("chi: wildcard '*' must be the last pattern in a route, otherwise use a '{param}'") + } + + var tail byte = '/' // Default endpoint tail to / byte + + if ps >= 0 { + // Param/Regexp pattern is next + nt := ntParam + + // Read to closing } taking into account opens and closes in curl count (cc) + cc := 0 + pe := ps + for i, c := range pattern[ps:] { + if c == '{' { + cc++ + } else if c == '}' { + cc-- + if cc == 0 { + pe = ps + i + break + } + } + } + if pe == ps { + panic("chi: route param closing delimiter '}' is missing") + } + + key := pattern[ps+1 : pe] + pe++ // set end to next position + + if pe < len(pattern) { + tail = pattern[pe] + } + + var rexpat string + if idx := strings.Index(key, ":"); idx >= 0 { + nt = ntRegexp + rexpat = key[idx+1:] + key = key[:idx] + } + + if len(rexpat) > 0 { + if rexpat[0] != '^' { + rexpat = "^" + rexpat + } + if rexpat[len(rexpat)-1] != '$' { + rexpat += "$" + } + } + + return nt, key, rexpat, tail, ps, pe + } + + // Wildcard pattern as finale + if ws < len(pattern)-1 { + panic("chi: wildcard '*' must be the last value in a route. trim trailing text or use a '{param}' instead") + } + return ntCatchAll, "*", "", 0, ws, len(pattern) +} + +func patParamKeys(pattern string) []string { + pat := pattern + paramKeys := []string{} + for { + ptyp, paramKey, _, _, _, e := patNextSegment(pat) + if ptyp == ntStatic { + return paramKeys + } + for i := 0; i < len(paramKeys); i++ { + if paramKeys[i] == paramKey { + panic(fmt.Sprintf("chi: routing pattern '%s' contains duplicate param key, '%s'", pattern, paramKey)) + } + } + paramKeys = append(paramKeys, paramKey) + pat = pat[e:] + } +} + +// longestPrefix finds the length of the shared prefix +// of two strings +func longestPrefix(k1, k2 string) int { + max := len(k1) + if l := len(k2); l < max { + max = l + } + var i int + for i = 0; i < max; i++ { + if k1[i] != k2[i] { + break + } + } + return i +} + +func methodTypString(method methodTyp) string { + for s, t := range methodMap { + if method == t { + return s + } + } + return "" +} + +type nodes []*node + +// Sort the list of nodes by label +func (ns nodes) Sort() { sort.Sort(ns); ns.tailSort() } +func (ns nodes) Len() int { return len(ns) } +func (ns nodes) Swap(i, j int) { ns[i], ns[j] = ns[j], ns[i] } +func (ns nodes) Less(i, j int) bool { return ns[i].label < ns[j].label } + +// tailSort pushes nodes with '/' as the tail to the end of the list for param nodes. +// The list order determines the traversal order. +func (ns nodes) tailSort() { + for i := len(ns) - 1; i >= 0; i-- { + if ns[i].typ > ntStatic && ns[i].tail == '/' { + ns.Swap(i, len(ns)-1) + return + } + } +} + +func (ns nodes) findEdge(label byte) *node { + num := len(ns) + idx := 0 + i, j := 0, num-1 + for i <= j { + idx = i + (j-i)/2 + if label > ns[idx].label { + i = idx + 1 + } else if label < ns[idx].label { + j = idx - 1 + } else { + i = num // breaks cond + } + } + if ns[idx].label != label { + return nil + } + return ns[idx] +} + +// Route describes the details of a routing handler. +// Handlers map key is an HTTP method +type Route struct { + Pattern string + Handlers map[string]http.Handler + SubRoutes Routes +} + +// WalkFunc is the type of the function called for each method and route visited by Walk. +type WalkFunc func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error + +// Walk walks any router tree that implements Routes interface. +func Walk(r Routes, walkFn WalkFunc) error { + return walk(r, walkFn, "") +} + +func walk(r Routes, walkFn WalkFunc, parentRoute string, parentMw ...func(http.Handler) http.Handler) error { + for _, route := range r.Routes() { + mws := make([]func(http.Handler) http.Handler, len(parentMw)) + copy(mws, parentMw) + mws = append(mws, r.Middlewares()...) + + if route.SubRoutes != nil { + if err := walk(route.SubRoutes, walkFn, parentRoute+route.Pattern, mws...); err != nil { + return err + } + continue + } + + for method, handler := range route.Handlers { + if method == "*" { + // Ignore a "catchAll" method, since we pass down all the specific methods for each route. + continue + } + + fullRoute := parentRoute + route.Pattern + fullRoute = strings.Replace(fullRoute, "/*/", "/", -1) + + if chain, ok := handler.(*ChainHandler); ok { + if err := walkFn(method, fullRoute, chain.Endpoint, append(mws, chain.Middlewares...)...); err != nil { + return err + } + } else { + if err := walkFn(method, fullRoute, handler, mws...); err != nil { + return err + } + } + } + } + + return nil +} diff --git a/vendor/github.com/go-playground/locales/.gitignore b/vendor/github.com/go-playground/locales/.gitignore new file mode 100644 index 0000000000..daf913b1b3 --- /dev/null +++ b/vendor/github.com/go-playground/locales/.gitignore @@ -0,0 +1,24 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof diff --git a/vendor/github.com/go-playground/locales/.travis.yml b/vendor/github.com/go-playground/locales/.travis.yml new file mode 100644 index 0000000000..d50237a608 --- /dev/null +++ b/vendor/github.com/go-playground/locales/.travis.yml @@ -0,0 +1,26 @@ +language: go +go: + - 1.13.1 + - tip +matrix: + allow_failures: + - go: tip + +notifications: + email: + recipients: dean.karn@gmail.com + on_success: change + on_failure: always + +before_install: + - go install github.com/mattn/goveralls + +# Only clone the most recent commit. +git: + depth: 1 + +script: + - go test -v -race -covermode=atomic -coverprofile=coverage.coverprofile ./... + +after_success: | + goveralls -coverprofile=coverage.coverprofile -service travis-ci -repotoken $COVERALLS_TOKEN \ No newline at end of file diff --git a/vendor/github.com/go-playground/locales/LICENSE b/vendor/github.com/go-playground/locales/LICENSE new file mode 100644 index 0000000000..75854ac4f0 --- /dev/null +++ b/vendor/github.com/go-playground/locales/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Go Playground + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/vendor/github.com/go-playground/locales/README.md b/vendor/github.com/go-playground/locales/README.md new file mode 100644 index 0000000000..7b6be2c647 --- /dev/null +++ b/vendor/github.com/go-playground/locales/README.md @@ -0,0 +1,170 @@ +## locales +![Project status](https://img.shields.io/badge/version-0.14.1-green.svg) +[![Build Status](https://travis-ci.org/go-playground/locales.svg?branch=master)](https://travis-ci.org/go-playground/locales) +[![GoDoc](https://godoc.org/github.com/go-playground/locales?status.svg)](https://godoc.org/github.com/go-playground/locales) +![License](https://img.shields.io/dub/l/vibe-d.svg) + +Locales is a set of locales generated from the [Unicode CLDR Project](http://cldr.unicode.org/) which can be used independently or within +an i18n package; these were built for use with, but not exclusive to, [Universal Translator](https://github.com/go-playground/universal-translator). + +Features +-------- +- [x] Rules generated from the latest [CLDR](http://cldr.unicode.org/index/downloads) data, v36.0.1 +- [x] Contains Cardinal, Ordinal and Range Plural Rules +- [x] Contains Month, Weekday and Timezone translations built in +- [x] Contains Date & Time formatting functions +- [x] Contains Number, Currency, Accounting and Percent formatting functions +- [x] Supports the "Gregorian" calendar only ( my time isn't unlimited, had to draw the line somewhere ) + +Full Tests +-------------------- +I could sure use your help adding tests for every locale, it is a huge undertaking and I just don't have the free time to do it all at the moment; +any help would be **greatly appreciated!!!!** please see [issue](https://github.com/go-playground/locales/issues/1) for details. + +Installation +----------- + +Use go get + +```shell +go get github.com/go-playground/locales +``` + +NOTES +-------- +You'll notice most return types are []byte, this is because most of the time the results will be concatenated with a larger body +of text and can avoid some allocations if already appending to a byte array, otherwise just cast as string. + +Usage +------- +```go +package main + +import ( + "fmt" + "time" + + "github.com/go-playground/locales/currency" + "github.com/go-playground/locales/en_CA" +) + +func main() { + + loc, _ := time.LoadLocation("America/Toronto") + datetime := time.Date(2016, 02, 03, 9, 0, 1, 0, loc) + + l := en_CA.New() + + // Dates + fmt.Println(l.FmtDateFull(datetime)) + fmt.Println(l.FmtDateLong(datetime)) + fmt.Println(l.FmtDateMedium(datetime)) + fmt.Println(l.FmtDateShort(datetime)) + + // Times + fmt.Println(l.FmtTimeFull(datetime)) + fmt.Println(l.FmtTimeLong(datetime)) + fmt.Println(l.FmtTimeMedium(datetime)) + fmt.Println(l.FmtTimeShort(datetime)) + + // Months Wide + fmt.Println(l.MonthWide(time.January)) + fmt.Println(l.MonthWide(time.February)) + fmt.Println(l.MonthWide(time.March)) + // ... + + // Months Abbreviated + fmt.Println(l.MonthAbbreviated(time.January)) + fmt.Println(l.MonthAbbreviated(time.February)) + fmt.Println(l.MonthAbbreviated(time.March)) + // ... + + // Months Narrow + fmt.Println(l.MonthNarrow(time.January)) + fmt.Println(l.MonthNarrow(time.February)) + fmt.Println(l.MonthNarrow(time.March)) + // ... + + // Weekdays Wide + fmt.Println(l.WeekdayWide(time.Sunday)) + fmt.Println(l.WeekdayWide(time.Monday)) + fmt.Println(l.WeekdayWide(time.Tuesday)) + // ... + + // Weekdays Abbreviated + fmt.Println(l.WeekdayAbbreviated(time.Sunday)) + fmt.Println(l.WeekdayAbbreviated(time.Monday)) + fmt.Println(l.WeekdayAbbreviated(time.Tuesday)) + // ... + + // Weekdays Short + fmt.Println(l.WeekdayShort(time.Sunday)) + fmt.Println(l.WeekdayShort(time.Monday)) + fmt.Println(l.WeekdayShort(time.Tuesday)) + // ... + + // Weekdays Narrow + fmt.Println(l.WeekdayNarrow(time.Sunday)) + fmt.Println(l.WeekdayNarrow(time.Monday)) + fmt.Println(l.WeekdayNarrow(time.Tuesday)) + // ... + + var f64 float64 + + f64 = -10356.4523 + + // Number + fmt.Println(l.FmtNumber(f64, 2)) + + // Currency + fmt.Println(l.FmtCurrency(f64, 2, currency.CAD)) + fmt.Println(l.FmtCurrency(f64, 2, currency.USD)) + + // Accounting + fmt.Println(l.FmtAccounting(f64, 2, currency.CAD)) + fmt.Println(l.FmtAccounting(f64, 2, currency.USD)) + + f64 = 78.12 + + // Percent + fmt.Println(l.FmtPercent(f64, 0)) + + // Plural Rules for locale, so you know what rules you must cover + fmt.Println(l.PluralsCardinal()) + fmt.Println(l.PluralsOrdinal()) + + // Cardinal Plural Rules + fmt.Println(l.CardinalPluralRule(1, 0)) + fmt.Println(l.CardinalPluralRule(1.0, 0)) + fmt.Println(l.CardinalPluralRule(1.0, 1)) + fmt.Println(l.CardinalPluralRule(3, 0)) + + // Ordinal Plural Rules + fmt.Println(l.OrdinalPluralRule(21, 0)) // 21st + fmt.Println(l.OrdinalPluralRule(22, 0)) // 22nd + fmt.Println(l.OrdinalPluralRule(33, 0)) // 33rd + fmt.Println(l.OrdinalPluralRule(34, 0)) // 34th + + // Range Plural Rules + fmt.Println(l.RangePluralRule(1, 0, 1, 0)) // 1-1 + fmt.Println(l.RangePluralRule(1, 0, 2, 0)) // 1-2 + fmt.Println(l.RangePluralRule(5, 0, 8, 0)) // 5-8 +} +``` + +NOTES: +------- +These rules were generated from the [Unicode CLDR Project](http://cldr.unicode.org/), if you encounter any issues +I strongly encourage contributing to the CLDR project to get the locale information corrected and the next time +these locales are regenerated the fix will come with. + +I do however realize that time constraints are often important and so there are two options: + +1. Create your own locale, copy, paste and modify, and ensure it complies with the `Translator` interface. +2. Add an exception in the locale generation code directly and once regenerated, fix will be in place. + +Please to not make fixes inside the locale files, they WILL get overwritten when the locales are regenerated. + +License +------ +Distributed under MIT License, please see license file in code for more details. diff --git a/vendor/github.com/go-playground/locales/currency/currency.go b/vendor/github.com/go-playground/locales/currency/currency.go new file mode 100644 index 0000000000..b5a95fb074 --- /dev/null +++ b/vendor/github.com/go-playground/locales/currency/currency.go @@ -0,0 +1,311 @@ +package currency + +// Type is the currency type associated with the locales currency enum +type Type int + +// locale currencies +const ( + ADP Type = iota + AED + AFA + AFN + ALK + ALL + AMD + ANG + AOA + AOK + AON + AOR + ARA + ARL + ARM + ARP + ARS + ATS + AUD + AWG + AZM + AZN + BAD + BAM + BAN + BBD + BDT + BEC + BEF + BEL + BGL + BGM + BGN + BGO + BHD + BIF + BMD + BND + BOB + BOL + BOP + BOV + BRB + BRC + BRE + BRL + BRN + BRR + BRZ + BSD + BTN + BUK + BWP + BYB + BYN + BYR + BZD + CAD + CDF + CHE + CHF + CHW + CLE + CLF + CLP + CNH + CNX + CNY + COP + COU + CRC + CSD + CSK + CUC + CUP + CVE + CYP + CZK + DDM + DEM + DJF + DKK + DOP + DZD + ECS + ECV + EEK + EGP + ERN + ESA + ESB + ESP + ETB + EUR + FIM + FJD + FKP + FRF + GBP + GEK + GEL + GHC + GHS + GIP + GMD + GNF + GNS + GQE + GRD + GTQ + GWE + GWP + GYD + HKD + HNL + HRD + HRK + HTG + HUF + IDR + IEP + ILP + ILR + ILS + INR + IQD + IRR + ISJ + ISK + ITL + JMD + JOD + JPY + KES + KGS + KHR + KMF + KPW + KRH + KRO + KRW + KWD + KYD + KZT + LAK + LBP + LKR + LRD + LSL + LTL + LTT + LUC + LUF + LUL + LVL + LVR + LYD + MAD + MAF + MCF + MDC + MDL + MGA + MGF + MKD + MKN + MLF + MMK + MNT + MOP + MRO + MRU + MTL + MTP + MUR + MVP + MVR + MWK + MXN + MXP + MXV + MYR + MZE + MZM + MZN + NAD + NGN + NIC + NIO + NLG + NOK + NPR + NZD + OMR + PAB + PEI + PEN + PES + PGK + PHP + PKR + PLN + PLZ + PTE + PYG + QAR + RHD + ROL + RON + RSD + RUB + RUR + RWF + SAR + SBD + SCR + SDD + SDG + SDP + SEK + SGD + SHP + SIT + SKK + SLL + SOS + SRD + SRG + SSP + STD + STN + SUR + SVC + SYP + SZL + THB + TJR + TJS + TMM + TMT + TND + TOP + TPE + TRL + TRY + TTD + TWD + TZS + UAH + UAK + UGS + UGX + USD + USN + USS + UYI + UYP + UYU + UYW + UZS + VEB + VEF + VES + VND + VNN + VUV + WST + XAF + XAG + XAU + XBA + XBB + XBC + XBD + XCD + XDR + XEU + XFO + XFU + XOF + XPD + XPF + XPT + XRE + XSU + XTS + XUA + XXX + YDD + YER + YUD + YUM + YUN + YUR + ZAL + ZAR + ZMK + ZMW + ZRN + ZRZ + ZWD + ZWL + ZWR +) diff --git a/vendor/github.com/go-playground/locales/logo.png b/vendor/github.com/go-playground/locales/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..3038276e6873076ecd542099e95b25037b1c0c34 GIT binary patch literal 37360 zcmV(-K-|BHP)ysx*JK zMpBX=dbK}5gAy}y3R{{beYQe$t~_(EI9HY=983!yQ4BbH2t9fee6m7kr7b^x7%_4X zJ9`gfp(=T?K~s?>F>nbtbqz;?9&D*HLWLAVf)p1<2qIzzh`mlUaSo2aQfQ+xioj4u zi57RSK09+4J$n}=VG1>K6C+;`IdT#dKnQiRIYfOMa;!RRrZpi|42HT(K7kH5Z51D0 z2RV8bBU%zznI$e~3~;G9N{kpKWf73XRDQWdPL3KgZV)nR5J7tvJAVu-VG5JQScJDo zR+bL!Ta3IbT6ncoYNbC?j4!6pWoxTBl*n#=wPJ6nPG_V?T&y%kcr-zED1W(DRHZFT zhB7~qA6u3+V3JBCZ4gs{L}jKoF=`!luS|!&X@DUWZdUYba2WIU7L}XOvil!bU7wAXuO|PIN?OtwU_FF?ptGuGegAxjs8(G9yYG zg|%{%%2R#1JvUt~pwDwIP%5I+ft0_2vEYw`$yQ3QA)Db+A{7b_0054wNkl}YE}wrc9DS+rDCwcq-kLn z6*rr9Gievg)&9W#+|En4X(tdH=fj-$InQ~{3w3k;I<^V903k*-k%?L`+gy zD<80`%CcVCt7&b)>-AWo}M*k4L#h*SN=*WN=wOPGQCc(S19x{GH}}yZ*TGF ziK2LMaUoYPF2r$dT&q?u0Q}(MpEI#8)^7>wy*j~dU6yeGL|G)4Z!`D?6v$J?4GNiF zGNUM+N-|jqFSt^;^pX20u^KaC*wKL1)CJS$%Vk@iEmQRU!98y?czh5h263h#&UI8G~>;F&}3tQ$@xhmG@h5396##KW2c6&nD-->t* zzH&?cgu?c})WwUscng4f{a@;`oGHloVP3&K8 zYWaY-m3_Qz=Z77^NgMadOSSCt@E=Ps4GgQlTkY0kAe~EC|Lpg z0C`J&DPN2UyU7&Gu-tM7^CfvM>!_q$|F7zV-={;NRk*zX^&Xy|sN>Mfv~agPsrszZ zST{=H##(12j$1JtBfT5p%`HZ(R~kw8ecKQFg5WJ*x&2m`V}}Y*yZ+#L(7tQhrOc;? zl-q4QvB#(*`_Y3X_Vss0x8Fk3#a~Y$nt>$Qn2*D~V85{yB8iQ{r9&gU|I zev9S7uL8Gt)I|dF=Y>|QegWzPvP@{V3Nn!IR4VydvXh@BKI2xUMBh(6aBL~@%r!AuWVG?f=&mJDxzGOktCLsq`D9Be0N@V+ zw0ap7DLEZtMdX4AhRfVstkov-f;^PxlkxbXr%Y<&X1CewisGbJ`y`1>y^eD%RgLHX zYcVG7w{0ENyVVm($?-3NBx$ln5*EKMtyUbD4wv+JlvSVUD^3~+YL43}RqjpaZ>3ze_N$kOC+VOY{hW+5B@jP%seQ7^>9XbyLO_reD=`#sdf2i+$u9o?M zdc~#Q*=#JUW~0w|6Dzl8Ec<(uJGK{c1uP-ECFnFoEcE?p>b=X@zgJgrNs7N?y_(l62vH_2aOTu; zH1Wkuhrd?fG^jc{yVoI7S9+u_MCut_7!Id3v9PUUb&ldf@7>y_JFay%O|e@o7B~1R zR>f}jzhMAekSBme7+=8B<$4CP2M`qy9;PHYV6Jyi@gzzQxufnYeT4}(ia$$dqsPwU z5sO*J_umWFSAy&Qz_!oZ_MFx;KV|fIOpaJ^|IlRj`#mo`7L%L${sFWDr)GmSX15!x z-ju0rqgjo2_ERjgP*qK!X^q!LX;y>Hu?d|?f1KrU_f9eo=CJlH^$aSqrQQSef(+VI zC|ev?=iM66d@OdmUC?cIyVcDG)WLl$UUUh>iAb>R_igW2u?(N61L7?ic^SATn9E7n zNxqRMszu^JF zAl2kMNq7&8r$ZVW%4{j9Mn@?q+c73i$N&u<3-i9;kLlEE%cl5$T`V6CkTnyOJ+mDaOaDWQ*^ecn!U$EDGLmsW}B zARh3Q)rAo6JL!FggZ3F6jy>B;&&!jW5FMg-Pfri`&2I0*$r<%!@Z{{~#$u(6L5tIC z^ct$p<0cjz2bs`3+o&=gg zN0I9tG<<%Iswa`AOAJdUZZ^xs-z{*A5120pqimm1%e$$8lj2Rz-5n3_^+!xU`FD3; z?p{7vc6^8QYfHemZ=l>~d!hFs`#E}j$4Ogk{OLe2Q=08L;!#{n!QPLNUsaV8bX6T_ zoZeWG8?W;fL^?9qw}QvFOlz1NW~S4EBF|xQlOZ}B-97Er#?yIiJSVn3uGPB5yDgsX za>d8T9K^q@j<*wkQ>~J@2auzPFOmx}x0!EFdB9!yU9WwxvgjR&?#kfg)Re^ zU-wz6Z!-%j`#HxBkmxujd;G3VYpX;y0Xtz}E(t{V$~uW0lOc^)=|GS@GK+e7MHx=# z!*RE|?AE3ejI;Sv?ZxLMm2b0E0P-M#%6ch}d~Pk7{t#OF7gYEvW_6V_EC`1%sm z;p`;DqvO$3nU9KswqGY#rE*CRhZCi6Vg+4BzY4?O1Z^=|F|5~1w-IQ|ecyr0B;3%> z6NBS&$4u{pLhhSaJ04eT@6<#cQlX#RA=lns%xy$Iav8;|8b2CeW=l2{s^~`vfxD{}nt5yRf<*f`crJol5KDpU+ooq#9&8 zolytKS$vp#7S*yGSBhp|TzSfi1;>|pT8b=!z8&|j&*(e&+8TUqFrCtl8|%?a$FBL@ z{y>@BXE$djM^uFJTU_rioz{q{e5Fbf#|)xZ>^Gwk$Huc-c9m^sKiA@Euns4o_3#?h z5i=0rkge;=Umc~s?o7dWGHh16c;nOB7RtO!P^{%PB)h}wuHU|SgU1_E^|#l+Q}qdS zH#zt}!9}+!7OMbK0D7Km3rMzut~&X`M`exqrYM-~VVJwhgjJnk7U?*AzI_a9V$zJD zYHhE&WAk}!5pOwiZ;S039$dytin18|FPwW+$P$X}!sSCocO(=%2_8{qAMNLT)*Y5M ztEsG{FE zcd6Zz*ty+c+4me7W7MhL5el9=Tt?^XuMb_;vSwBV%E_{HLRF>yV3AH_j|HcTm^;>a zvC_jO>{*oxChK<3CbtTePO|dXP!_ATF7#edCex`hO``srW-Zsv6_-_5+@v|i8We%Y zyMIuG>bHs?7YPXYC-gp6qnLxi$pt8CqEy8~wN7FkrU^!Uudp5tkYr|StbYSr7gfDV zsM%*}B(Tv6Atx0*<3}nIIDfx$@1=y-X3vRdKeE41dk)V6r>|lW>)}zv|MC*Fy`WVDgB%|{yeSf>k=9~(Lk%M*Vv}w0f(3C@}$xW z=X;gp5Q-lcaybmN2}XLiG@bn1#U(Pt?#M*{@CI`K@ZrY~KmPdP15Q4?y(75}eD891 zC_7n)=49M0h?tLJO|BA$D3Dz}f!wJx7^$#1Y~R+{IWt^h(BQN*7k{Rg64=2xqpssD zn`W{H_xI(6YZSCPV+TC8tNs^9A%it&I(jN+PxAE94F2TRn(Smgm^H4&{6j33fOh zZjjt+-FdS%$#sj9&A8U=j_334usFvB82#hjhsQtOJig5p-xephIDsOb#>Knora0d; z5&SmI<#x`^b0pP@Q&HaT3K3^9*D>9aop88;9J?Or>4dJ6EzBUTMqjBY_GmR4Fe6FO z3~ldwf$o=IUERAW(~Wh{VsiKmmaF?;oDlu_3w%;_Zb7fRgLaG6Y~wF^?Tgs-~d>j&DCZN@>`>j_xTR{}t_f9U)W2S+R648V8hb{3Dmp813n?7e z6LF4tmd&OUt5Qilew8{x$Uy@An?-AlX{&(3EiElA<#AhfOL=T557!owu4yP~DebPa ztx)PswzAR!84X=8C4fe0x=1Ru)JJIjfz$+3Ov@v(L?jKOMvF@vC=8ABl}ra>#Kgob zYE1lL)E|Bqy)c%ACEK~@obP-O%4%vKqpYuMEaDb% z>Xe*wLNU)%FK*z7Jri6>qYAqoQ~6u3ywE}DD8MH{89OM0G^)dF;hsksFBVOkXtT0L zA)0_y?A`NfeW$BFX`cjk;gmBhQ?bvFCP#gkc*f;o0ClWv2_(_=U@$V0blZKCc3>Z- zBH*?Mrjtn*NIp28+w$lrc+K<-%I$&t#c9`?SWEITs|_o5YRdX)Clyr@1azy>;plKs zILBxE2xv?d84A5>{!r^s^r5BjTb85%_(J2Zgm{-@VQR0h$oiG zruagSqDUa91*Hjf5jbT!=~D(dN$Ax^u%=i_N2ScHLF4s8w)Nt}WP($HD+eob4+B3P z2EH?PEIFp0@qxWyt=$peI9dq>gRu@o0?Cm`BpwOQCWH9i=%n2qna56ySnw)tT9SZx z7W;3W%9&~C7}KMVF^|Hnz%@C&C$MdCP+=BOb8{&*LJl6^&o&ZZ4|lRKcdWUR5qED&dJGwX)i)6B?n$ zOosG;3l-6!Kd&dR7|)UkH5H9Iqee`1;=ypJmBx9KQkSgDkU6M&@Vi>>Nx#3cdf>G)y~J z&y#G)I3rK8{v8dNM(U#AD~htsQ86ORxE5|0tFhji;NKFrW=+J=$c#L1JJ;M3Mo_yeqOj zI*IXjLAHKtzljb9u;77UFc6Gj1l&oB<)$6oo{t240gG#7-W|uHxO+xnbWFQPvFn(8 z06vU5$U{urHQalQn-%>gb9(cFpCbKaOy_`aLnc}uni3iZLGy;BwGx#%B&?Pz`TT~< zFIEW7G%Cug1j7}YPEPZslA;&+91*slk5kMm7b`V6lCvX`*`#a40zeNW<2d^Ek(+jmJ02821OEzy2yukV2AJ!GIcxE4Ry$&BNVa08W#W3>t(6_>z^&514EIOeh48)L8Is~0v&gIH(NED?41y597-PtVe ztf&wb7hftBovGq@#uW{fb@gJ6a7rT=iAw}xLt+TXNf>nJ_2#p+1oW!jxIpLhY~ImD z)3g=0m8H?JDzsiy-{OUD>}momhezG8Bi!@ho?h3ew`JS6?XyoO?MX`{Ih#D(y!*>9 z+lTvccHUpd#|p+Dy$89$(8o`yZD0gi7RQifvXf1ZYH!*`dtl5$w6P=Kgt*4kqBS`k zZ87L|XlFX4PEgbw;V@nSjrSXf1d#yj8;QQY>e`_$saY=MD$1%SN@bU1&CUD<4__hV z);A6)J(s#KahiuakvBoOl!z)MwHkBvl!nWJ!}XfO2yB<)O8EN?dLu~@C>lNY(lkk7 z%>nDC$81b5fCsm>ZD!Jk+96JX>F(s=w?{|5h$UdRj7(eX(}C@~J3Bka`S;#<@4-$0 zs&(!CIG#W-fb9;T-S`X!lEL|TOC(^QwOb;}TLyyISCYV#&QNUdD#Y z8cn6pZ6c?m`rBi=tFajL1t5>Cl`71}b}+o5E}^8lt4sD`?W>%+@rl6-nShT&4y3zu z8==dP>3Wy1BO2Ja{(tAGGVi5@LkIAJwZ<;7?X>ZyThF6J~`Y z)dCX%APghL<^pjCuKBRackk|hcl*w*Z@=B1Y#ROVdfolx?VXeNj^BImX<_HkJrc05 zj6_zF$ys;A9uG$1zIf2h-uU^X9kUJ%=Y~_m(xIEDwiTcqN6i|B)e9EEdXumwL8`1& zMpfH^;0e_3JWWwVDArE2OAW1aF%rh2G&ZEFl#M;DktuGJb$6dB@|-KL@Kn@^M9re{ zhQ2{g5qM3txY(o6C^cf4CS(u*89P+chm7aXN)cmGdP*JDJM<|%kEnDhfBfDX$0tW? zAoA>p2jW0=7V%I26rcSc=fUTpc+l`3#xgzGV?*%LG};1-3g@H=8*c-DhDDXIB6tJT zr5tkcWhiB#^XZIIm1NVpA^G9I5_BDio#spM7E7oU-V+LUlO z4fsyEh|j4W6I6>PM6!tv%1n_lIQmi&c7>6|9Ca9}s2ai{ipE?0aO7Z*GreB;q7}Kubavrj@AubsZ=XzW9AwkkEC&9KH}c1afW4b6*s)YD zhzARg)~`io0r_Y>i}1b~@L*74Bok~L#RinfAsDTdZgXPfuCWdqal^+`jaeh0fc2EuRfs}21N(Wucufk-eWo4VJO@TRbITCj|;iwPI3 z1%1Yu%S>+Uj_#b?-A|{dJj<)ku0H$4Zl-X1=iueT&4a0Qb}4_nxpU{>zRwbAdjF<< z#WKHQ58~KI;_j8Wdln22EEd`Ybk;qCgE(Vx2Uwi%VY4XQ&o){M|Jww}ga41D8AfPS z?I8TRJ~BpuZRphiB&omMIA}Ds8;H;i5Lu+{;Ka8 zjzHW{*EtRfFB|KtmGEwu`yh75Nb^Gp74AB28zK&*j9pPZ%7bJ@@?b*5*6VF)Q!{j1 zrjWUp$=qZ1!h0^)^ufu4^won0X|z54$mY8{yE~t}a_9bsZ|~g7ZebR_Iyzcgiv%od zcaKu8;0m!87n4#^Z#FKMQfWtRskx*I$t7X%HQl4ee4k?0&e z=jqeVA`sR->zDR%cc6xa!o83J4WaIv= z{lK4_CvT$6wfO%!W{v%f2UphcLfC<~!^gFQ9AVd4mlB>&3+5|)&BSD)pGK6meIzMVeKuIEwv`uggJnf^Ohf13E{t)+ba?R@_D_&E3A)6YNu z^ysf&e*Ja-@XcUwWn?A(=IqFdeFdLEh?*oT)+27;G<=(x86f;=BnSLtv>3QV8w%H+ zhS|tl;Y{Msbd=PO>4$0_A}KXqfjUNz{&tn>s+15Cp{^G>!m)|2nu!<7#v7h~y1t}@ zgIzBwI#=H~F)+Ys7}xN)-P~#cU(A**htCpJGhxb^JvD-(;$%ZrQ4 zi_7cl>)HI$`X`4=U*>N^qOQ$Dy{)kpWn>KxJM1GEe0*giNtE0(ZFeEBvuW|dZB{1S zW`j3ysvg*c4_${NONQp=q;SVCrocl~p^!?alU})qyDl}io8dRr+z@k1U*ai;i_cUP z^AwGB^^GNEobK*tlurZUmG#XR_`C|vm|Q9y>{6A14n9m0=hcMKK^sxOns(03MF}Iq zCMOMp4C2KG-N<-p#u3eAavO!rwM?N<$lUt=+uM7)Ki#_XRXV-y`QejyKYM<4@fDQ4 zwY8OAPN&n^d_JGu-vG|<2iPmdmdS267~Rpz>8>BHS?qyP-@MB`13y#S(*oK69Tdic zFQ%}~i_5OH0`Gu&=sK-tX{?HN_#Gr9y2{)N8QX3oC>g| zXU$OB6#RcscMw^Kv*~O17!*%$4sSn5uWzm2`tIvzpMB-o)yEfC zS5f@(@_KrG=}X+UU-EC{ckGr~cYMSi4bSp6msiLj;2dNjDu$sapwhfG|r#9TaG%npBZ&Y*wR__7PL^>hj{! zhSJLC#F_~K`?Cb1649CKGA>W^Dn~F;<|(Z&;_&32b|L?&+{`hD&N})jI)!MX7MB9v zR3?{!M5FiFNgC)>ByvrE|@PjEy=b-Tkq=Zw-B>wiqn3eAY9GuJ=o(q0QQg?kxmfzA}X_tOpOcW>u!zq_>b<9Ej= z7Z0|+$A+(>7``SsB%8%S6Mug<@ z_U9@EFYy)QV*D)4_2>9iMUC~B&+v=OMM{oLSrRVcs=E3IjZ#=mB^Nc-+X^+f;%C7}i4*&k=@UQ!y7VZb!M;2H&tOT;d zwMPWun}j;R#Ggt87z6!nY_{I(@M>WRTQTe@u-SzaITqDjA+8{EBM`W%DN03v>$DGP zifYEMOpS9C7rKjh`~gKV3WZ=99;hm+;*^x*qhU-bn;N?!mlV~6Zs_}U3u*{Kf1g8Y zq;pmr5gNr)>`zieO;)XyO@7pLKdsJWG8;hn%*Izge3X0b?caV#FMsq00PWqomS2C} z+xbGXzP069U*BTez78Ubw&$~7qI4v2kSKQh2nIe7S-E>}XXCHKjeQ^%@n(GN~bst8Gk zv^}ON<(3z7J={vqAV(uB?<{{+R54s!RD8MnOgX1iQzkA`@I1V+=7(idax=-rt|zDj zJh*yJoj9WS#cr^YO)|G@n$Hd23R`dQppMU!KCx7lAjU0~Lv><~( zR)y4#fw}FPoUC%e?Fg^z+?p<}J=66#)ITdnb`Ybn|1SX6^|F z&1eSc=uzx}EzriYEwckj;no(|Elv)0PS#iq2J7g)*=n=vW(p~)kVGnWb#Wv6F%bd$ zL69v(G6ly$BNz&S4>b;g4Vqg3OqO|ZVwhnD1^PIVIbg8Uq%2<6ESr_LUMzQMhA&<; z)Xpoq+9Ao|YQF{-9GKxzyYJk1xGO0Q07&TG`2bdNVU1f_U+P?6`l_Kd79t@Yc&Icu zD7M*H4$R%_dFry)->(J86Uv+rQ1}ReP!JKs1Vzhn;K0ctArSPA36XVd#!f=APZ%wj z%%U>@qpM>uf?baWM&Yunu|TzziGgJ`PGTbb~05fO#S>Cx;DFzWV-e>SdLCJx8S}7zx{Zv{UQYY#S7-kNwt?-Tcxc@T!3r2Qs8377nzGH zE}xqZ#SaEJ2zbD;fq{At;{A10mGp5?Z9qgk;6j`a(4G!`4L**?F`=2EkOD&gjF6d1 zW`s0>XgGus$)eK=pj;(0QbdemLap=wn;Qu>uAAbmzLy_ODPtXjj z2lIsT1+B1C|4=caxpjATJ>o-Cd)I{@Z~f=>c3535La-0az;#tS-t&?Vg}s4`f>aV2 zd~A%bk3-})yi(XCC7~Q7%2Jodmx16euPg}I*0LZ7`~Xx?0dfXF$38%nb7a3LpWMP^ zeB6lw@^Q%e$T~k_fe$S*B!n1=_uI3V;ep#^>w>p;am3nStT65XKSz7)b)sUeQyi%n zM^f@$yq6``$>bqgGPJ9KL|34T?Z$8jBLp*nNlsvcCK5J+gph;~IzmMJ{MeBRad|LE z!NN;c9ut|O7`J%~u;~JdyF4XJjCU*y*3OG0J z44B5#e#xn9h)t8kN?T>XNz^XQgVUuFAf?cmJ|FnF%CDf@)h0n#Q%~z^UoXpp?p_-Z zP%D707NPw5p*%#a;bN; z2Tsue6a{-7FwR?TtZWWYx42_0tSDRdkQ{+w##p!(6xK!hve^fjG#WdM+!PnVgdhhk zE=Lr~q0>U?en>>X#|e2bO~URRFlKtNYSac9mSf{P7ss_P=3XqkP|n?6n=%HdYv)Zc z&p^Q6ZHIa0;dZ(b>F&mOZZkQrn$Z-#l9Fvq2PU7!x+xN z082&|oIuENO)P{(rW2Z=)FT`=B80IHA_2-CCn16W%4A_)xoJ-QXPa?;_K{9#?C&2m zDM!@mGPQ9eZR}C}eWSu)FkQRVbqgB%H7IizFW!Km2Cj833PATr_zk0A?x>V21vnaI zX29pL$w0}^IW&LhP-|XVUfKK$W4lf+hg}`+k89ugEl9nn))s$_y<2~7QXfN)D&!Qh zXe)_?( z<V}u8invj{s)^GKhDyeJdBx z15F*R@B2SBSw0!c}C!c-R)*O|2u#nh76OfxS zKncajV1S;c7*9$8B{bE^!`ssX>tt1eLQEk(^&sYU^*>3Jn61DZ}9 zP+MlWV3OwvBg8BO5{{W5H1~EDUAlDFtK*V)J@2HFUV8Z0;ZK{7eH#1H_liA`2kj*$5(lN6!%o1&CjZsBdUisW9tJ3Sp4k zJZLTtFqx-;cbK0q4;ULe0u0&5dAgv5T-4`x1_sbbpMimOVBqg*zN`mwy&+%Hlk=6V zb=PR6Od?gG7vwr9OQD^k;@a}Xua_a%KN#$kqet9n)=YU<)x*xs%jTV|xqZDQ{a8%Q zCvDdcx3#n!ON?obilGq;X{^FTRn zt*g9KFk9?NR*s%nU#f4lH6WONb#9R-SSOGs;93aq5a=9)AZGgsLy=H2!Uj|_4i+_3 zyCgg=pDpgXq*R;`Bjw^w+2g_?kHdOY!tmEXg}xjM^zGuOvUF*xKQACC4rpu(2*p=)S?{h?nJ~wwmd|x&@A_M z@h$~=dKMMce>XHYH`m|acDR4I?|O?*>0w&iXKlw~XrC6x96MZ?OLQTVLDwBd!5_{2 z+{MNx%_6!G>F=ojwEixyKK!m{RsG44{)(Ch=O^c;e)j)<>a)Yw zzwj%LE=?uwtWIVGlM16^aG8uuP_*x1WRP5O7^-b<(Wlu(MbUPE+1OfJVh&h=JQzo! zI1_Q3DVsLgSl}66j7WD;=s}?$S-cy80-8+ch&XVIL_$si1Og)D2z>-dZ~}Q}gudOS z{YC!;=wbbGwMO6f$MWLF!zUv*^b3aRq_o%5)MaV%TD9TEjVBK$z}XWMPr&V3fMaC& zNitQXET?ibsZw%?4@3kXjd%$<&8M|WVQ~XgB2I0b)j^zh4yp}Cn*GdE&~LRUd`SPow+4*`|gHqVR$=w@X_Oi6YY;hr3xNXL}?J20+TtEm8CF9r}LIQyWdSD+i^Z0Ip zh{57;(m5glB7lk?3Fx~R+MNDz;B949efHFprWaApu8fS_U!ttNxUgoJrH{9M1;ASD zduj0_7w$Zqm;tX(47^(0))&SvOY1*=Z`|{2R?cLsS~_jt?qF?+-R!Z|0fR}gx3Tnc zv87N*pfJV|8L6R7VJ8w`M@6-1AqdnqA5mgd-(kJEH(eAeM1&%=u?g60(a-&6^KyOk zvHF!+Jx8Hgm^IFuW(^O~QGMDlAOCJ6=x5$BXu;plC*bR0+`z=ZlZ7YaGPJ6rxjmZC zg^y84dQ~MLRg%$GZi9qd2@F*HSnc%MoI)o?Ezg(8%F04K_N|aa|M~KJ;lYU8V4JjbM8Sq z+i-V}Dy#5p=V&UZrl|I|7%I-5LUE!{d~p=Q9yTDmO$F#{B_~d>VUUdo>J$k2MkeRx z^u5xZ@*Ti3&@*a zn0|s*Hz;#Z-Pz+y@BS^7E?wsLr1b!umQ>jQaC919C6Tp$wXyM6Qa-4pK`sgFTAyxM zqf20m&9gk7VRCZy%%A&tHDB(p0JF3FOWr6c>4vkdySt?1_n%I`QF1yftK0uf$-UdR z=lW8EiK&q5(AbaeVK` zwXdsdVu25fLlEv3!bS}1Famw8RI$8r?%cUajY6R?r^6g4>>GO8JEdRg{rTtBOT2Hx zr(Q%1z9>|xwZ^rzsc|JBuWREV2~r;#n;+LgVMjy$`OMWDzb$QyFC=lf@4+bZOa}gj zI9Ewqfp<}D{GooN|4X{7^<_Rlv6ti1?rV*Z>|(`QJ#Tf2cmCA9Q~OV!^4||9YoGrc zZ)}5m8$5xMH_mP=DLGqm<;vOan>YP$-aOM`rqL69`byK&n~RGB1E~&FFDlj1+SwO4 zCwLjc*4fU%5>OkAGsa@eQ5$Q##byegQHLj!@u6fIA(Vx#f=3YsEkV$Su=M(>qAFh1 z$#ds;9V`6`p+dR5I<>qyq*U}j=(yC;vGREJk-}is=+flI1%pw$b_ckIrKEQcjlHim zY@q&zA_snlxPLe@`Vv~2tS5(is3Ephs)F!GOZ?LGqx&;6kH#h3*tFK##@ct@7Iz8} zv(l^>=GClroUAzo4nJSI4N0@-~&5Ot|!i)Me4|u$jypwSAfLEA;UFEiy=YwO-ZFZ3YBk9c=WLC0w5Qrp z9lX7>v#C|#ftXycz})6&-*6Ho5I}3+OgfH32qyRiGt!d_qkf+3Eln?NnLBm<`h(Sb3;XDv?N%%BAI%5@_-83ebk~>T@RGwG$Vw-qJSiT3FEP z{#Y<5hu1E7dCh&>aqq#?@6i9~pM^Sj+nZ<4g5Ccg_z|o=y92(TJqw=i2It?*I&<^P znKL)De(3)+)xtKnnOfxJbk4IV+Z$w(ILqzO-0d*dHh60W-qj6{PjPh2ZT=|g)2No_ z^y@M7QXjDS%8>m&PR7_^Yku>hp;K?Z#+B&Ms9CEa_iee(l||{MSG&#gBc) z?-{>y_2I<8KzsWPkhJTy+Tq2qmHK~~xc0Cn>nJ?#7ZE`q!4v^?6v3Kgk&i_*77q~? z1414GvI#^YY($PGd!~aJw}%aJlb914EH26#A><%Q0^=HD$W1U*KoLO!#qe6a-xk%` zw+s7&Z|`@`dC%o{eqVjQl*OV7cpP5yjq4%?557+E6f-?NJ)m?T)vEp5Z=w3_+wsI_ zToWg!k|OB-B;dRog z^%m>bS-ks6tc8~)3IV!0fnG>g(}z4yitqQPoLion17apFIR(%OA+ABPNDSN}9#5*| zm7x*SpFJ+QIl6TGvj5r9{@RAl+B**)jOE5OE;gcEJJoaIX=SKiT>8Vyqn(`#8SyW7 zd>q*E#es;7^!8n?Wp60POO>Xl>gDsJrMG^6dQc!AJg8(j7c)34*--N}c$g=X$t2jk z#K{BLR@_{Ncm+B%|IgP&S}94Me!a+JNK>6d02lK4QMLj48#W@wZQZ+-MCC(rl6=!_ z;Ok+uFmh5fndTmy6&)Q`m@t29h%(iCZECv2(-W$O1OYle>t4h`GKM$^k(MQv>K2)n znwP$Q<@n{kHiWm%*2k4`s=O-`NMaWoXCFUJeURJU9@p8{x%l=(MY`V>|9DIg#O1|w zv@Q0JOU66fuF7lce;dD3Cn-*1v4nhNFd{L9fru>@F=QY(oF2b|IJu7Db>abcCxGi< z!}y8ILvX@L&*}R^w@Q|WI0agf<>VLh6MdbjW|2lHTS==(_N&&}SeTeZ3E6CFrjW}P z(%5Viz%+FNw;`vu6eTx3^p17uXjKK%y<*D)_ z`nv0DC5pPbHiB+1X0@pM5PkYRE#GvYS@HQ?zKuKj=m&{t%|3JBAm zo_eIA%-t)1ax^gdf}F&}99!E>k(Q=wEDbjxs$1!Y2LwdLCdI}^Me*4o!mO;!LOMHv zoxtU*s|(b<%|GX8TBeFTa84MymSk`cdWZXg{onJuB%{}6iieEduCqct^(np179=wy{~ zCAH_2Wh|*&AlNI&AJKr^f`DI4sGPZ?@a_M(I^K2AbymM(?Fe>|=|^)6j#yKm)p}wM z#MU=5U{k;beLGV-QfRfE`B2|4^N&ZHP>}goJe*yu z?H|1|q34kHNf1` z+|tZo(}p)m&dyXMdd8&i@HC6(9gV}t#$FQ;mgub=xMj_5m z=pFVCJA^(!bTXCzYl}VKb)5R>c*FUg%iV2bJ$)FLscd?XSNRxCn#W(nv`3_>o?(M_ zQ{4Lpki@9c|CsSle^A+1qmY-Dw$}ArJyj!}tdZ|kyeU;4%vWM0qnO8Gh{Uk?AVgFc zJiJYd9l#+vl>(vTy<0?J7H*=!i1yUZ@GOtnJ67_dOWnm zCx$(8cnl4)yxzLw!{2=K<1cq^7D{@$D^*A1;`*AZ;+j-#zy5kW%K+#CUB@ZJB)Z?xm}8IZIlm+$$*K9Fua2M~-oh!PF@Pui*ekK)Aoj zbV`Qawce&fOvsALaS%e7`nMh}_m*$n$5+eusyP~srXYu3Pz~^W-$be}_BfesG_}R* zi%p;YkG|L1HlvxuQk}eFr6Lp~K{~M5FU{ zoz+8hA9N`Vk<>Z0+@=h*OwSF?wJ-=L*FK53&bOuVsR3q2tMyl}F)}hU+(@!=TW9yK z)oM&xJ^$qkn6uj!wQY~hTE~#AtOW49kSpX?bGa9qmy?}}TAGJ?h3cPsZxlV+?g86N zCW>ZM6$LB-kLBz#_|q>xb{wBQ|JLQYhFZm$)GMQ%ss#-FS5)OLl*hEkS1sh_rm6xD zRpf>4%d1fNEq=Oq>HP6$7ZtUF`cmcmhZ9S!1IlWp;2=*a6CcbM33x%GW60QHZn}_4 zq!U_((-HehNMB+1`;Q(?FE2m3Q6ReaX#QHkg&d(!2nWX-4t}I%W@Lbao`Igdsl5To zj*4tf-_lH)BXXc)59zW66$5

      ^J3SC{O=CWxCY&tzNKiT7Ed?5&{U3B&KGl|Qi^kMOQv-cdv&|b# zHv+SZnT-wAe#7(YZP%L^B$3jDwEgJu(xPef1bPBj%~dC;>1=x8>E5aNpVdk9wEbN6 znfaFOK%PuQ9ON7bZ#)?~79(fcCXQqA`D`Z^Rgu8`diJp@{pdoRYN4v4B4!~qJ-xju zz9IuzeC7N8f2iUny2fVW&qlO$b@fXohTE2YkVtuxm^Lfs2*8}h`MmELTD7An)$top z>)iW4A+RHqf!yXsIQ;4yji&n6bje&nP9`W_hdwjbH)&I*Wh8ZLl=GX0)U9S4oXxg6 zZ{12VGBnnQ1(;YF+gRC~?6xwY(n4ZEb7U-Fc{#E{b-*pmQcv9y{)P@%LPCS`v-JaK zT8IV_uYiNZn#0rZdHL1O0GRqoE^pN`*{DwiyuB!#aE=KF62E}$cw>RQ+gAg zsYe&`UP`U3`0(qQqqLS-DIYLd2FV&Z7OZ9beu-$Fy5@4Pb z6%`PyADnHMZKoHEky+BJHLEtSH`ZHcVG(Ar7F!#4+W1&I9@$}i^N1`Z}+u zyi=Qw=EXF5SA_bhQsc@)(<>q}u&VxP-`GS?*T*03`fjmreyMNxr#i(*y+SY|FB7<- zD&PpDJk~K?2M(O7O=WZpM`W%ZI&sp{EfdLxXo|~@txkZj&oI8f*6T%cbPRVShlPZM z#D<5PS=s3u8DSG|fYF-ZZ2e%+oP!-UfH)X$UQIF%U!9HeWsmU-pG8@J7J`j}&tbIQ z+S<{5tvflT?#xdObSDT|o*GbB3%T4RuJ9Z)`NCCN zY)F{#>hap_GezrY3Wg~|+7OjT3*K0kle_;}|XMc1yy z$2TV>jf%nkGC}`HjgpA$0<@fqWrFW{_|MQg1>#9aGQhu16cF2;{t<%wz=60#_pdGA zQYR#Ex%{7)qSI_)Y)E7XEs7QyYn7N}a?r%~O%u#hSUOW(Tx@r5^^M)@>+4KfV_;-p zVn{O9vr4itNlJ3tZ*K0D7T_2{^9rMxxJSiC(=r>_v}kiWo1c=zEli*{@X2IqA-7<@ zh)L1fBhoDf*e-}C;vkz>3ah^5K?(!o;_$)KVhple11Wk?gIgQTKrF(Zh{Bw!Q8r!I#@`l`!c zi87)Hf^SQ-jfv!w_vWru=OAUhaDO0CSm46;%@k5IU0hBHAa`bPTpq*eA77VFTTbKCQR$>Gl|b{yVw~P=d z3=WBRgDu98<0@Q&37mDX67^AAcaqNd*F>^iooNO>OPEi{rzytxqraRR!ji z@2WTy5$7M1TD7Iz`+zDi=$U9%U8o5M@M-iZal% zBN^G5t}c6CZY*#!^&6N=h@@7dR~*C@GVH9bPHo@K{nFELN^ijCYQ;XLNq^q|ZAdG;UY> z7yj)T54L-~<*q85t>WG@_0-w!Jhz$v$g?NSA(AGJaSUK24kyaZS z6S~$92FY)>vopnp=HNBKo3o9wadS3{FW-IFWY1@M*ztZC8($6|w*Knyw!^q_A0}^K z!IJZ~BZSs>ypnPRAIOfU2cF#Hh|#6wKmeNXc@1bj)45FYd})7AS5Irj<+0)MEA7w9 z;{q!V>}vWvFx6ibxa-0DGgY52e!jR^{_xqK{ffq#$yyYxW&LtQHK|-9Rce$x@cTjM zVsxJwFf3HaI%mff*uFyUcxtuI#N~%=FvaJt-x9KELUuSilg6fj*J&1CW{2BnuUVa~ zA0BL%9gMpX8Ll=Ax4?^Au!Ef$QMo~EoNbc$Nl~_L25xBv_GzT`ULotq`@?tInERwf zoiN$oKqK$ZjHV}?E(|*%bajnAolvd5aPM9+n3u`K`BB*sZi$vHPg9I^zO3eV(s*6P z<+i>jqZzNp9O@`PkP+{HH1yM|R}Y{&^YZ&0!*?@g(2NA;Nu>f?BnFiT=PaItB|G;> z=ES5--_}esVNF_g15yalbVaU?7pNT%0zLHZS;BU$*E=+RI`!3C1&z7ahRpK z>^67a?SlKSP#s*HF&1pR*V64E>CHEd4hGng0vt#VHs(gbdaDuOOh^`MNzd=m!v+HE zD8L;$$e(PpUb_?ffUI4~m`-tb-)a3^iqFny*FrU2-4a9;t#C9k;pssL@;nVoIwGi% zl%lU(+t~fEGriI;9f>>E7xUsUD^%%M?jP^nG1C$8hyTo9fBntVmB%$*#^H@!>>f;H z12$xXjbIXJvXT&*vtSJZW&;HlM}#`=iGi$$h{MWFXAp=MA{BH%fgGiiL(Iz1C`GbE zR8Uu>r9t)Sdxr(_A z0$UfPC8dZcl(ZzN#zR9#%1#wA=?srh4F{cOwo4h4=Bf15d&YWG0|S{`x3a>Y$-p$H z8?=qwpyaoDb@T%dtae+y_h4!S*hBKvy(bTvOs2lsMYIgp4JZ;GI6d@13nO>8Ihnw( zet+?si)Wu)SGw-;xWjSUEtS>#FqvK15w)%B?&_#hKb82;|NZwLf4z06;@zoh7cU(u z1iob+KlIu0fm1$Rst>+3>tN^bI(ha%i^i8c-a}-fMQ_l@CS3MGm}FT zDxgbhRgF$nmkuAN^i~pCUW_u9hD{{YGkFvymndb|OOvE9c%U>C0voo@CbH`JYyqE7 z%S*2CEYRyKWO)@8%8G)#0=-IQsxhgJs9}m~dUI5UT_#zrsl2nc`@0bQVt8IBOba)c zwHV+~a<&1XMEP>;%lS3hn4{W`(k-Q>>(*@BxA}#2G0(>Pw?tJxaO$VvkN*7g?>|33 zG+_Va=g@QZm+}uBXc(M0^6J}fUmE&uMab~b(-&!1cwxpKmO9=0;@?UnC8JJmX1X`b%C`tvlhL}z%z@rEp7uuDZ7 zo<$$Gl;1khlF5Gfo?GK1HdUIjMwb_wuBu7T)bOZ~Tw`L;hv&=lkuZdzzQXkZ$$kOC z$n|O2%Od>He+ zohpx~R0@=t*jO32zFt~Z&u0-Un6P*$5f7P6p=*2yOmdP7kqd<;9*vs97ZN?`PQEOS z0NO0yRiEsu;4|cWb#%HxohH|zLm`Vc%A-{V6Hxle+s-{><48G?%;1a)tMU&70hT^} z43z$k2jSn}*#(yY^;73UVfY7*$tZ=!MTowV<%pH|F1s}$2=HwIR1x^e{OC0 z==YwU>9-rI4wb}6dk-~kZ7eEWud(0*sOyS8&; zc&>Ms5jMW7Hm9%#P*g$kGGWj%1|tX;-jz!ANJ3nPfAb)+rED@Y$q7btLenH^X(>V- zEmT0GS75%AEa3B4L{GN2CoO|U#ZW=`{o?SzFtIpHrVtzC^1KK|pFwX@mk(aXnP+7! z8oRT6vox9u^V{1bMypCAsl8zxw9* z$7fHUzH+7K`1Y^H9{#jzwEEgW|MluLNK{Q8PkB*QTBEsab^$1(E8@Ar7 zF7ND~xl@e5>WnXlzl~NL(oVkvRRz~ZbB}@73dU#flck&A*xUi>(3tHVTJ5%HgCE_p zCU?X3(x{_x4}NcSH*R!K8P!F3=#l2h#C*M{ zx4_$r=HM<%Wf?kF*Kfs@hPs9Xj83f#Uj=x8$lpTJ#r-uU-IhES#r%?&+mEGiN| zt>f3^g$h-n1)&8TPSG+lmm~r^)Pv#bL4iUxh0l~S$xNavmCW^^Q?sF=>cU~r1+FQc z$pWf`&vj)$Zr9h7%kbjyyr_JyVCyMF7E3_jQRyB8 zj#Nlbqthidz8Z-rNuuG1D3Jkv=)TmG>nRjAJBdiFFJqL&l9BV)ds0$(z-TEzZorgx z7evP@#6^4cM!8xXT`up_^_lAA>T&~6!2Y2d-|g7lT$nxS_JG^Ty$2t<*l=Rgqo+3H zLOc|rO3w!G>(Kfi-Wa@YyW_!9d=bQjhaD%6o~-`%D#l&gfW#eWKh)6NFol=@L@7@<{w?&jLA*2zBB*-$ey~||AJ@Q%<>a}Q@s8j`f z9XNn|0fEKl)t9lU0u~oyYAm8hJ(Ec!N{P7pJ`9dX6tFXtK$cK_m?SQbz~zH4D@mb+ z(geb?ydZairy$5PnZyesxeJ1}dMcFqt%|%%gDgxPW&rg-A(NS8261oi$c^K(0H*v# znwkzaVI1(Tu^wnQtSxyorg}@qzK(71aSKmY#xHE{S}18bdb1__e77nA1hADi`t7&u!?%Zj`)z6KO9|{!E|=v5EvO0AUu!;2abZ;J!%oR}qy-Fz*@Pb{W6cI&AVUi?h!Dy01 zDH`aA)9C3W&U(6VXAXTmQzFbGpwZ$*Lr2Q%{&4SSFbR(_st9-3y4p=1CYQ;>6nTIu z4Jz9=#|JL?9Y`Md;;Ge7J2T$Fm#b791N(tK;HhP91BF zIu_pAbk zS-S(1U)(zGyJgmX&TgtxtI-lx$z;Hv-Q9Ii5@oV@JcKS^Ave;6;RE;0b0zWp7#hEH zjt~*tg(&rK@%8g1Joz^3n4M9Yxc$keSe!`>p3!Pa!G>b%cH>%*z1Klykpcl7wEe`);MN3~k)xMMy( zc)oODzO*Z5Avf27F%E^};Dsq66dVdIW~+H;L%U^vW1@L~R^oe!AuC?lvGSKshgYCF zFK%3kt3F<3o|+wAdHc0R@csJS+}vybb~=ZLC&zmSdu^S%U9~!tl{$4@C?b#&Ghc#0 z&sdr_i-+9Yg9y41)rUl<`-;+bl6(S0bQcL-D9TyyD4&vr z18HC8cCGOr{p63cXECSTv1NXrzr!C9E!P3HfyYj@mUJmnqocY88qB*7Ou^dQ3lSX5 z2~#0p<~3XoNf<0nFyF8@6gHb18bcCS+SQkm{W{N#&)vK7<$LbAetUXwdUz#V-1U%g z`|qIqcXroxmm6yhIw?(H5HLGL2_)6*Vb5Nmm=IvvHZTh zvIp*49vybyeXHd!rrwo$R~X3Rtvv%6Xd9R~5_D|MT~TWHJVWZ?f+${KVeVR?mfl7 z-0piizZ~=@>l{q{-a9kXgPnVZ?u0l~8vB_cm1muL$X;%<88P>x(&_6|>FBla^}?JW zjy{0z?Lz|-6z9z#ijc=ZFx`bK(ulYaX(15n^VyhgBqed!n0;Y08H^n0!=q7^EQu5_ z2xU|VchTxuWs5P+J2o%Y9kC-EZ3%qEPIOqRTeL#av^ua!X=oAyyMZXj@hZu;S3cQv zSIdP*$4+gC(w1ob7fRwC{>Qc>Y0q6a)%EBCUe(Q~4t~*}xU;#c%C8;mR15m{K-aAA zCA`^aS&`Lvz4+c6{j0Ke?Hbc2 zd5&>-&X}SuLI$f=DBLqMV#B>-Gh&&sEEXY!$q|yXef@Sy0wmmJWQGQOp>!$R!wJxc z=yZG`0D;S)`vzpY?i7+Dd0bHtTObq&7+!2HE;|Dv2g%7n1VNb~7AZZ-S2(<|5t-HlSzI(7e0Zj5c*b;o$Y_mWDxVqO}v=Zv56rL1F*J)No^O?Ik0Y ze(0A~*2(gkBDL6PFdR<+tqZQs}x>hCBz5#V8BBqIu=AgDw{1J z2v})Mz9^K#$qrZ+8Q?34qz3u1T^NxJczcnb$d%3^Xeb^O3Q-^-5;+7egnCFkBC1va zgF$2D=yM8WLRyeOuY?;>gsJ6jXhALCyF4t_xd7Zm;N#xtgO4=zoE~W(Go?QA(Abx! z$DWFUf@pk8+@_lg59gLdJ#yjZrlx~y@4HK{?;0rF{dDvG#=`61Wi&VMPq2c3idWE> zXjy?9Uwr%Wg#F}QDRSE`paQtiioV&91f;A6gTZ$2xs!8tOLOD6EmIa~f>Odcl|C<1 zta(Ps$gHSvqn9aJK`8`2bhU&OK7~Z(feR~QQlxBbkEhZ2Nz-<6BeNs3G3Vy$=i=*u zP(X!NIFm>&i*@zlk6i_B}5 zZR&JE#YByX|9p=6t-B>8@SXF1-+OzW=l%GjZ_nKG^k2|+$3Tnji;p~X@k@L3;>FtP z?aCs$YYT7qR-a#f7e4K-xh|aY+*DT=>e;yQE*%fc`2JSKoTVw+fw3cr^jfAZCa^X6)+U@~PL)O)#Ma@_ zk-BMk#wIB@7&nPzav9!lP!c4N$Tum(0Rxg*x0UOz#uw6zVCQt=}b3M%P<#DO}=^wwQJyno{aG_O#npRTrR>&@&f{mYzm+QQUoCqb{!~0gC_;(m9y-x@ zGIj!GjuVlcW*yquNi=Ex;gtW~ptjZngsWi%$)zqL6%*92e@$1MtIBvKBE3Y}7+ zCirS2m?6;8KiP1<=>E3G@m7(8GE$-Vc;Yk$jo3gW>%@4ol@>5WAP5zW7CYKcf$jR< z`|n>?UHKmCHSVjQzSn*G@!O9)a(t@2_srzo4}?FYQq|1xam)5XR}N_pkn1CJBW!SX z$Jx2{vj7|eQZWVCec=mNd-J)np8?;hx)|;Fd~d5vQRQ}~W1iaHDOZ?gv(8@$``_O> z+M6~Hj`lmu;nOM2#2pE>O{(_DiMk@Xf=_1Lne}RlWv*C5R__yBoFl(Er)B; zb7iDNA{O(SR6=7=frD<8RuNSpOPt4%fF5O;4w1YtkEp3T-Ij3H&euS(7L6zf8iL(# z@AO0;=vcy;pLf~jPfhmT-G1uMjkmrRqpR}PYu~^2^N-&>c;>Hrx{n{ZxN>}E1yVoJ zUVAtyDpq!{?OxtL+}!y6@7vfqHXuWN=q(qLR~9l?rg96Ffhawi_GY7C8HPNQ2?lh& zbP1u<#`fl=3XLWxy?yCM_1<2^6LP@0)j1RmpmZk3MV3epGE?NKD71?S4#`((b*+fDY-!8hMZ_H9$>L@8byigVrD+5X!j{F_-7#D>IgePfb`w5sTcy0i;qQ zwtxrr#A$XaL@UI+TE}ZdI%S;)o{cGbI%aEGQdsR0v^71Mk!tV6Q1#~RNlL>SE?CkPMOhGRU+#i zf1)ma;=~ET6DRrnNN^|}% zzVo%_9w8BSG>juMktjF{u22BBu8OA$$^t=?P~-FYjP8DGM9kyFd_t*If+lmos_vKh zcy1F3B0pgjNM)ibC~K=ZgqSbm%k&n#$xBA+rS-7;L}NWVG7c!9u%gO#mI!9+)X`BL ztxI`yOgW^}v5=#$fQuONx!;(Ih{YDu>o2@H}ZlV-Ij@E;vLpK`idVg2^v{@m5g z%Kq8)&CM@DDF< zz7YUvOcFgup8*vH-XFIjuocFj%EaXw_;LfGSF4js(l8z&2sW7!iR#deX@-O{jd=s% z5XGy(ejT=U8&t%jo+xhkB31M->GbB=97sZi!qfs&w7q47ce%x`!c-=Au(zfRhs!RHISMnfN9|AvSh9QI zLgv9kqv*u;SC3WV8{1oz-QRv-KL7J@^S4_+EiNx_?e=*0;>}M8>c&ZZBx!ZKNrN!h zUlr6=Nn?DmSR*!wtsF(hs}>uR7>FPxs>mQuC2!)gLmdrLq0GW}TS%Y9q>fFitvqDA zb&wuB(a_WIgrm+F4iTY72jy^eOt#dr2H#G3pvxCFqjZ7d6?$>m&9fsJ@PRTu!|>G0 z5yR_OED&gcud96B-Tihi#@;=!vNQqN@kw(hV{U0~on^ju8*nWQxu*;Zxi=&W8*SlY zI28@iblhz2cbOF~nxb3`?SWt{)9xyJvfG=0bou>`neDAn@3hY`xVw3U zh$x;sp*kT|#mSzWAy6=glPW$J!<_^w+;MV~Po|N;)=2ak^!Y#Uo!dvFWbrwa9G{W~^2>PbSlv zFw_i6n;ENtE0kmQlTfLbgX_!H2o*+!+ejq&GB=QB5v8RLvsxS5+A!Fyrg6BgXFMFH zU1oD_2Oa_>rEN?qA5P^%-n@5g?B?phr9PGn$9AJY5EFSmy&iOE|&5hx!Mn#pR3Uv!a@LI&J zq%tWnka{am&*A6=$YGGjYr*d3Sw-X4NMtBtGVzjDiJAl2A4e#CMmP@VhMSHjs>7(a zfdOZ=4TBRCE(-4VD*z# zNh(HQII#jfxCV$lxmp3EqFpFWQeJ%0*)b-aH-jFBrw{!67eD=9C&%mW>RMmyLSDYx zGU~E7uF&UuYdh|S;_p39XKxz!cadt_e!P%;ys$X3Siq-{dv|Z`^R4UKlv5Y=z%1+@ zT=GtEO=+`E_iR4xW&D0Bn{tHE6v&R2E?+vlus*jxT%P;=8c3=`R_hG-OECfjW_3T= zPg;3$4PWj9S6>^G2@3&;uJJi?0}p3i9MniPY$iYC)9}bDkya|#i?t@ToG;`^)uxmI z_r0}0E>h|e=s%+8UN_JTpo+*G3h7{s9Xe-iEtO5{vi|YWHI_Q?EVjRYlif4BmPgLQ z>T!jYoavH1)lq^(R`gDUeRmf<6J}Q%sy+8#&5c}n90w1sFlQL~>ae)GKeyxYhIQVW zM5?;lHjhcXY#3p4MYAsa-w~oxgIO5BaN_eDxeR=1;b>>`X#JL;rw2bO&{FOs8Plo+ zQf{0b0zk%MrkFMoAZ0k}Ds99>YV=Jp#5QhU@|=Xv#ZCq6h2Y}~v{g#uI38C9Gd+1? zxC$ZScSMNwpty_b@C;hpXh@0M=J8`B9OfFjCdJSc8gY=zSpDkxRd9?B{(kH~FyAZa z!!CB+(RY0VCw3lF*H)a+s_dP(yBjiYQM>0QWGBDP}(GzkarYYh?rCjHA)TGl%*)e+wBj>RD%j*Ti5V^v7;VTf=%W*<20$3;%Gm3?J zlOzc}HNCV-5@Z{VVu{9@F&K@Sq!{pE=*Y_50dQfE$BVg|02I@OZaG4kq+6^}6Odaa z;N4*RBDFMvo&-k$qj$7n?r~y(mA!#SccmE@n(Z@r?@Sh0#npd5V}rQr{*_Z;0anYb zz`~^xqOu~w6uZvjY_q#uEr4TE@DPxe!51$Be#O$n3)lA2X5IF}@-CCWX`*d57l!%R z;Z1A22%siHc0@IfaJ7wULx_KQe-0;v-TgX#Eza%iPWOA+R(gyinvjheG#rglD}f(Z z3%R(^3`%2wi@24S(aVw?+yN%ORm_)T+8GQ&#w!ScAhd{^xTFlqd>kbqtJ4}S2Eu9) zHPqF&wY56f$(V^SokFQ1p{VxK9@-YxnE@;UGI@0sTW8mP9~wi;iw|FTcyS%OpWDha zB!GE}Lbj|Mt%P_5DQ1P#h&Nt)6 zYsY*Wlq$jrue!#I`b1^n@eAu%7ykc^KexUDqw85c*)LNf<(4b8e6%5CVw7xf)$xg> z*raWeD0qA$8NgeYsPr5XnuBhAl2m3C3Tu$i5M;Qi0Dw7Z4`kr zK!kKcI^5`V=&EaR--XjUGt{nXY&Is%i~`fK%C3X!7w)*w*N2}5O!7PSE8BU*qzLzm z9yTy#7d(}{$fQeYJThz@3r4@(_tSxYaOTE~*AMbuzc;R<<90e89S*r@q_1=~)la(+ zEhBjy1Z437yYMX*3+osDTd%;wtv-A1Szl&I4q(PF zEfa`Qs?cOepMfMn`inQ25X%Y`G9^c*!iZ|fOrsnrsy_+8CQ_?J^}@Qk`V&esWcS0T z?}tq7zBe1wRm3u|$%YjJCjVH|9;3N5W-KqF8E42=ZL`tE!E6Yj>*y#N ztOxrnIe#7d1ylY1H~-jeET0hs<)NYB3<->wMr?v`a!^22srWeQZiyRmb9_~VgtnxZ zBr{grX2{mH@*vO`$tGEHIO*o|2m&U-=gZ|nk@}=sWR#?o1kQS6Rr6_J>RN3;*PzMc zBv6-z;+amD_QO>FJ?>bWM}3RzT3*Lz%j-{%tx;YxlP(YX(_z*@+lpx_no6g!^|7(t zo9ve^!?7*w>ZZf~)w184&Fa9i)PaXVowqyB!=WO4s2U& z`}haeZNGrI%5t+oc4C7%nM}q<1xm<^LtwEd5X1$57p=~iK;qZCwI;ci-^7>mtuk&V z7AwRJG6fF0M#fVK|EZ!VJQA7~*Am03C)o*upc9*$){oeO`@BQBUy>GX__i|0_qxU@A z`VA0BaO}62r>6&Z{`>$Zf~e+$r#`s&q;ws83sR6>2q=JcnBErJd+5`V>8+qI`1Dl_ z*f{||eGb%Xgsqhn-L_CnHaWyFU0(N^YZFz~xnwL((xgBg6131ZdDYSl70^e|Z~^jp8?99- zf+o;bJW~dCD#F$h5hBYll9cI)w3yu^67@um1tC;_QQQT8bOYyu(^yQQB0NG5>GIQC zPle|QpnLVzPjSd)tqT9Q6S7TL@bj8eeFwdl;kI#8rmG>0H)Q1Re7XuZcm@DCo(4-) zj~klk^ma<#uG89G-MDeH1!KQC4FUD&;%Dp?JHEH)XYoB;e?Y|w1?$mx0Y#^vrX?fQ zqtl!*Xu9KTa-8C66UjQsg?C-g4=l?9&M7uW>frFAgi2F-(J;6HYLNs{iKeJYSgK9T zr8&iBscd$mg9nth#gMSt9-+@-G+Cmz;TXmYls`pZ%h~y@5ASUpD(BB{?BLwo)vkxQ z{~c{-YZvRC(#}XL4@2>2Yk4+Z{sKMp;mLPj;_rTIhz$nA<8XdJ8Bn^l9$qe|wKZ*M zr)Y?T(sp?YY4*jR&qA*K=dZv1_1Di2W9#AGANT_&9{xUB9FEa2D;Rn^D&PT(SI`_T zHwRsKZK@c>u2E#hT}PFfE5y=dJgz25lgiJefdM~=dr{z%JV;$?u5*CIL%bP=}=a;KtaNQrRra(og&9(q=AOpm(RTIf#V|n{_C_%XR z`Qbl*{R`#Sqn|GR{tGQ;5cB>T+WP@8eu3Yz{Y-O4xs;NQPnuA1Lh(UyLScZ?qQOwa z0OfT)Miyz3)77F%(O?+T_sbt};bLcGGDFtfT6E1_JCKFSmu+1pR;XDd5=H&d&L zcqs*s5a2dyVZHZYxI8*IJy?Eq=ZQC-1E+rZ%iS-ukIPsq*gLrU^_^YxnqS3XLR!)< zjR1|SRqICS?6Z$P`R0@BH~L$3q z7r*`S=bx`09o@e5+fP3}5N`eFyN@5e6>c8eKmBD|w2;NP$X{Zr8Rf50vTWwlF(xnB zU~CD#kkl#FQuRE*zI{lMvo@ut^-!PndX7}{r`J#6M}Toh_aw@% zzVPaE&mBGYI5a3vUHlztxc_+Y=--V$fsrJ4ep)WnisfZvYt#vXdL6<(I$bmisv-%D zO`uoOR%C@UY+)eKFGb^AnpTTNGuE`oLDW!r-t&??i;@h-`f`QGu5-`lG8y!gAF4DjR0kRMZr@qvaw;kP1C+&JGI({(3E~=Skg5 z+l(=;*n%2Mb_oflPMh5Ugn-#ZHkFOU3n9$0IjK`ACjmQXGaKY z?%etiQT62)UmxGRQG&TwtDS1Kj7Je+?8x+9Tn|rk2aOq>P6q)&38~61Dwp^k{;)O* zJ=(}&=JAcncCNjJ(q65f(`q%xA32bghorz0w{hKHeeRxVFYxE>7cMU^PoKb%W9!XO zzx>6szug{>Ay=llZ9bXL<5n}Vg22rXttxSvXdVs@JsIu-`&)a=O}WRIeOAR@%9G<+1wx4{g0&-FdHH#U3>@gCLH<8@TB09RkftxYpb7 zgIDWULwRX+jz;BNVN%KE_P6KPM-V9ew@y!C?>Of%_USGU4(@)t7#}T;76%6t*!x%C zo_~D6T#HeraN>K>sMl*-oJw9Jl>##`b(0Vj+6Kz2a*QWwb<7E~cH50c3rT{@>*z2{ z32KVryL8BNVwwp@Nlm_zVY8vZ1L{Yt?>iPhvCzC#^H$EvIreV`r@vof>p$LUVAe}( zRc^pi{mzbtG;F<&Q-1{M>mztD?S2ptRdBiZyc)p3N4K164UoBAV-P1rH}{BoW@BHh z?>!x^{mnW?=P8r9+^~Eg%OYF{;TkuWFQKb;arVbwf#tdjkW<{@?Ci&jPY)Kcq9CPa zi8c~5j`P4srf6N^lAK&Y=4Oz#>n16~hO(P#Mp>av%5BC-n+j!CKzD$++Cgh>D{SRyg&fsye_-o(ZbBW_DpxnJS7GpF$SF{| zz&pR#`Mrf_xe%OUVaRhCugtu>D?(az72qkNBO8GuRhQ;_Jm#T_Vou!KM1?a zH;}Z!WLJ~c)L#r2i_vl<24F1Ce|qEHJ70h}L_=G@-$DK{*N|?n=N{X{E8&lBJ-WO3 zc7N+JaZ7_veib;Hd!<&p;y7Zb-`^CsH|n_^dMTx2e32K}!R{H+()Oe}DPz-F6(zYjeEdl^$kpscN30$e0ZZPK^~6 z@a)21aOfL4MX8(_L);S?FwL1ODAyz!t>e1dmQB_~>PrhsC6$%3y`CZa_C!HYlj-O7 zYAlE_ZwklO3be)u*wn%}-%o%1;KOG>Z2-A%0LXTyqsAy0l}BQ~ysm9uspFZ7^7>Wa zeHf(y=5WzR>)Ya^b@3r>Tg-@&TneEb7&2$F?ztd$!MF?VcLq``uvZ}K%uAEWVm=8-l#|wg*Yin&Mq?daA$SEE=()TW4@=J343&{s#}A~& zy*URCu(wlNIhug%?Y9r#ci$gU9pz58+YW^{pz9 zZY7Gl;GH&iVC$Rv;W$jhii(&KuB2Fz&y3g&tlUOve}6yq{A99x#-A0erWN?hMH2=O zg_kWi7nUx&NYavwKpFn{`?E3K_GDfj$B9^)_GgwW@LW3S@j8*`p?5L~({!i&6CNl3^kx<8S0G8(+tSyD5tbJO3o%3)HK>lmIX^kWjQ-;rVwesJ@p$Sr{@hV z%UL!cL74`~C*M6EPMzbDgj5SI`8q~-Yfwf$(g(5i8s3lYzo*sj7eVH?MlH+Hq$^@) zd*oo-`?>u(n9pr7ThHw5Z{*P2WP%Epn7zzC5Z;-%!D0f7p9PDtbvTADbul*l1@8Dj zE)-0@?dyUfnZ7Rw7G&y#AMd$QQgta$p4f8CZO0-M4JEUU!c(!yH3x<+I|2h>i^i@+ zT+e_JA!ubN5*2xp(IpTWN=%_BHu1_N5*bj2HJ{AUNvCzfn5SV4{YFsr8h!9aD25!I zfB4~#A0Hq0!)~_Px`&X|Z(Q;EAl2AXsfM=t{^pKWeOj!C>WY@^^u6`|_KV`))4e(l zoXPPWB#C^*scndxn|pxwM7GNoC`rhyIlW%n_bssOiohEK|73h}B+H9yNnQ!8=FIYK zo}keY>bgwNx5m~$kldcsW?WTJx?IJkRLbNqx}i&OwhrqVOhDe|i*YVmk-PFtYQqtN zsRY(jN>>$BicC^0#8Ujk=sv>}1S`D~N#IXuUYX2&WNniMme+Dtojzn{%ex=k`gU=1 zQR7>UPNy^ywd*Sw{Q7IJq1_M*I#Iy;I$lq|TGcQKM%+U6w!B%@#Lj#)8cCyQB1ejQ z<0=pyA=MngBL?Tx_xBPKV@$?lO844|tEdJ#95GGokSom0@R^4q9CKkjwr$oX;+*Tc zV>Vjwe2Dv8zg|=2gE+Mq>V7e z9;mk4uf5ja-0EW(hSq3iOrGjA_@**rT$s~2i$z~T`8hdku`i&%`+tj|qYpaNs3l z(WE3PNLyzzqY|?w*-Yk(BnS+l;M+akgwiz&}U@7Q?QWT}=tit7$bRukmqULN90$RTVB`UY5qa*s9xR2McYi$hM&i~E4prOsJ0oRM5gWb! zQ1qOtr-hFfR2!YGRJDUlESQc&shUf?oQXV?%E61XsZ=(D>ZVuQ$Pl@DCYS3}x*&^y zJM3PD@dR`XFrEk5`Qga{R2*cIv7&83m>HB2c6}FJANu7&P#6pONbwbD9nxxEiI{Vl z7u+_vM)6UBJ0y}S?z#}|mG31xwKz`?j_4Pw@qY7=BM-ELyZUMi9&72RN?G;3QrPtGA&PU8d(y&|)MAk$G2 zF+6AH2b4AI>M=3~^(Xq~6nM;J3^NU4#U#yBf=#FbB(Efcep*U5Q{z;HsnF0&xILnB z)?9{Kai1NHY8`3R8_mzgH-jTopT219=YVIuvM81T@uNBb3_)2AacXTlA?|fHLt0Y| z|1&4To!7TSQ9~gohkvqr8{sUpST04Z3E?MSsjv)~;l%SE%AMB))~o3 z)-nhtN)A!?Ry~2|^dzmsd$qZg%T+p(S7n_lsLhc!!jPY^bej}wUO9s?{<#_gyfu@Ev4vb2#*4xizdX^%)ETV1Nvd5URB1~u=FVlvTqmOFeA;7=$78UE*t=saXJmvTiqJp-X$Z}_G!jXXl|a!J2(nN{ZxIp&$jvK3 z;@@(d1q$v<#(BRM?|Uh~`ugQ-WGQePH-yKC`)cBbLf^fISFq3S zKKb~=4-wF-xI`MU_3CgJsn2;9l{m9`KA?=uuAhGWvic(eA{ z4`~#gyc>2eEpbw8IVmg==ii33iFD+kj^Yg`d3-Q#vqmp}e0=(H_@SvDpK*!$c>nNz zh8t7-^2he~@1MVTzxd?-^ZK(-KF2L+K8nAEJ|jgTPi1$X!kb@bHU56T5I%#fe+YxN ze}fpf`?`4fVe`@)p0^vm(S?l*Nc1>rV;*pQAlqKjJ~}=cGdbp4pYt>NuH3f?lZb%J z3e^rg{5tCZRIa%~A{qg|47p`BCO^PkhIAV!b;IiESt99qq_zzp4`Fn9x+I zBp)J%|3%MQVoz1N9iH|?NGqt`pi0c2t2CyjE{`v@c}e;G;qcStx9#)OSMMG_e;41Y z_?!aJx8HvI?pG-IVfUZjEr6Gsqd(l;;u_Fv4Bvc%d&OsqmaXa)%H-@NTiLJc`h^yX z zdbo>>9#4yxG~&4x-VdcTG>^dWq?!z+~;V$UdQhi!-Wo9r-Q9N z|K=NP$SRHs1XK|(zomaMvVy;bXh;#`Js$4{{v)cqyEvoHw#p{)x^MRVunsPlEZ@E9 zFYA-s zxqI)E?-n7i@38^cgazBb&$zCSXoK*jpab>QT)(qU@V(=;y3OG+0&9J{2~IX|hm(b2=8MRE(@kPy}(F2o+qxmnupIO&6Evx6WT-~E0yI-hH7RWf#`y1iEx%+g9`5Vta1?`uUU<6zYuh;Qnw5~VD zto}61ZeB+&*%U>gNfbp$sFR6`JO#aXsdYq-Y3}n&yM7Z`+f`MUKW%@!ti^K@#UVJG zd$TJ@KTW}Cn>_EDB%=92g^=?#@x2(V?a{bJt(hvK8|l!YCqxG+o#*SOqq2n`8_C#^ z4;>_iYzXHdSUf-k8$u!~j`N(YNKKE$0v*5S<3qDRN2wL5&ft9CKeZ5|dgpws_GGhEoPujA;bY?P0 zZOf`I?(He@e!n3ifBW@f{vaML1N{f7;7 ziu|@ui+gm|85j+;48AnRtTg-zS3hK*!o#nYEite>Rtwt^)DZ}@i6V68*a|$x<0BDV zD99Y8)(Xb#X~LXVhQO?)v>;4*-(8}^o^>6rR$O+;d8kTBtvh(p(H(JvGlw~Q+*Kay zpAtnFE=CM*8YKNKKSM1g`nKiL#g(?2vVv4mCq_x7c0nPuP$rzfJkljq|3+{wMhA^0 zR+54ja3C)!jpGP@B~QasTGUH$-!1GOfnkM5gkiDct3lu5qBbToc(2G_zvfuP$7MHT zQDC6Q@vCKS!U)WAVxfGeDMElF6s5C>b!j347WJPp4L##x_sSWaw>=dHvAUeeFD*#TiIR&DsL3(3mJNkic0@xc9BCP=5XOSI@|Z z1-2^QC4PhylQ=sG`=)l0<~(4#4v;J3P}2B4BE;?U{%i)FwrpnE^-Z%oWV4$NIiZTU z&@wtp>ilk3@`85~6`Y0?Zo@sEqi*DS7+f@~s9 zSLGu2uvK=2-7Uk6C+y)qzQ5@}nSxFNpbL@RUBMO}ixH>Tg48uiC8|`jF%#p81veQ= zly8F*mhhd=&zr;g@K?8f6ts|?SNxE_iTB^x}tLrx2Nn-?w(nPdEFv24!tyhdyL9o1I!nP5lXY@qM1v-L~$JEeG z_gEYe#4cOvk*mm#6tEV-$5kf8Gr}8|&8DW=JexV2R|Vb!cDPn+3X3?BxQpllT}LDV z+xf^Wfy;6ygya(LzzK&mWm)UhroXh@SImMK3N5yWzKPQ`MGbS8&BTo6Rz~5lgYwP3 zP>uI|Pu>hxczy3zm2$9i6GdZV?d)bpgo`&X#p8bDD}0 zGTU)!Rx6#+Xk71_$RNwnhlSV=={@?IMdmQTOtGl-t#FA;TECjjU_ig5bOWOnLuO`C zj%@Ka>f1;(xnG*`nM#KjmTJ9pFG-Mur*HTBU@hl)*Qtn%p;f!C+%9rZU&pB36Qhl2 z0LQJX)=zBvsqfOOHWdCK0&~s`X4+a zNklAA1HZ9x1a~BoX4y*>(He=2KESRI_Bv zO}HKBfU|~1NdihUCL=0k#h8%77zwQrl12#Q{_^JW(F@;oETrH-dx|2%(abf%0mW$M zGF|6P(wX=rE%oc6iCWo`wr3Z;-66M`XrevpqH7eWmO5(k#L3x6m^)4qE*C@z)$WxF z%0pkfrh&q=*4oqy5W{FJ*Tii^Gl6glYr2S*)gb z^9Ehqju71?)@5)}Btw#%#!)6nZcY(!KRD?GZ)~^gd7CUxwP;W-tO|m(QahFo+olkj zGCI{=!nt%aBP6MsCK+r;c+dY7jhqT*g{sf9OXjP)LzZMNrU?AmOok{)4T)@`fHPF8 zYV+0-+aby<#Lh|0C>BfQ0=-t0E72ttv?2#Z$@KVo0|dptBKom z3v>mj3&VgIcXeKGY-ArdDSJIV?6g2^iZ%4%VmXac@YcUt}E&?3f9K0 z9+)o-D-v9cT(8O7OUS2Z&fvD?`w=rFIr0@!YQ~hj(km5AU#FD`-cHlR6pAJrN#1*} z+JZo77-Viz3k2%SVodA*pwF++VgEq~?8UHjvK%5n7q8GU0ev;L%(g%WLipA?Bw4Hw z!pm@GA_igJiefrmwn?8Scz<7YjdHFT1|^ZdRYzhwN$%s!nXaj>lhKTkP50uNKUz`_ z{!H?<8-jl>wpCP_2X@s7ul=1t+Qi0B*20g5GBHuRH11wN-58oBMIr))cUG#Uw0d2u z`zJ!pe1nb+_&;>0Hvlh~WdzNH0eT^D{vYW2)$6zE3=|&FC36;D4?#+8*sSR^P7~fI z_+~>o%D_4#@y?E_^IWw|AQ)}L3f4NP6D2L3qeA6L6wQ-zqvs;`)+V$kz6x8Nzljo= zEv2uGI;;Soslz8{ji84Uu~NA#lzD|%55#d5>;gTYRj>}wDOU84*TW3_sBf;>40#I~ zeT7~da9A(U$zqNWetQMS3!J~117wY-SdPGX#0VD#w?KEV(5ap*1y$hfA|6kHB|t8^ zG4Y)ejZa#pFmG#_pbj#j?K}x8xe!80F+=6mx!JS{8wgvIzf__p8koI;Ac8$$)sn5Q z8nhzwJn67xcq5pCi-oW~bd$9qEHyk7sC5pkkEH$=Ix_~CF$qSqKwr$*8pyF^0u!&$ zg?)uyup3^Oi(a8Kz1Yp`k#r2uCH}qtpo1J@C{ryF3?$__SN_~C#jYPJB?wb3!3>O9 s>SmKTFz#xX%2+j_#T4;&ea^-9Z+8#z7el$et^fc407*qoM6N<$f?|Tx;{X5v literal 0 HcmV?d00001 diff --git a/vendor/github.com/go-playground/locales/rules.go b/vendor/github.com/go-playground/locales/rules.go new file mode 100644 index 0000000000..9202900149 --- /dev/null +++ b/vendor/github.com/go-playground/locales/rules.go @@ -0,0 +1,293 @@ +package locales + +import ( + "strconv" + "time" + + "github.com/go-playground/locales/currency" +) + +// // ErrBadNumberValue is returned when the number passed for +// // plural rule determination cannot be parsed +// type ErrBadNumberValue struct { +// NumberValue string +// InnerError error +// } + +// // Error returns ErrBadNumberValue error string +// func (e *ErrBadNumberValue) Error() string { +// return fmt.Sprintf("Invalid Number Value '%s' %s", e.NumberValue, e.InnerError) +// } + +// var _ error = new(ErrBadNumberValue) + +// PluralRule denotes the type of plural rules +type PluralRule int + +// PluralRule's +const ( + PluralRuleUnknown PluralRule = iota + PluralRuleZero // zero + PluralRuleOne // one - singular + PluralRuleTwo // two - dual + PluralRuleFew // few - paucal + PluralRuleMany // many - also used for fractions if they have a separate class + PluralRuleOther // other - required—general plural form—also used if the language only has a single form +) + +const ( + pluralsString = "UnknownZeroOneTwoFewManyOther" +) + +// Translator encapsulates an instance of a locale +// NOTE: some values are returned as a []byte just in case the caller +// wishes to add more and can help avoid allocations; otherwise just cast as string +type Translator interface { + + // The following Functions are for overriding, debugging or developing + // with a Translator Locale + + // Locale returns the string value of the translator + Locale() string + + // returns an array of cardinal plural rules associated + // with this translator + PluralsCardinal() []PluralRule + + // returns an array of ordinal plural rules associated + // with this translator + PluralsOrdinal() []PluralRule + + // returns an array of range plural rules associated + // with this translator + PluralsRange() []PluralRule + + // returns the cardinal PluralRule given 'num' and digits/precision of 'v' for locale + CardinalPluralRule(num float64, v uint64) PluralRule + + // returns the ordinal PluralRule given 'num' and digits/precision of 'v' for locale + OrdinalPluralRule(num float64, v uint64) PluralRule + + // returns the ordinal PluralRule given 'num1', 'num2' and digits/precision of 'v1' and 'v2' for locale + RangePluralRule(num1 float64, v1 uint64, num2 float64, v2 uint64) PluralRule + + // returns the locales abbreviated month given the 'month' provided + MonthAbbreviated(month time.Month) string + + // returns the locales abbreviated months + MonthsAbbreviated() []string + + // returns the locales narrow month given the 'month' provided + MonthNarrow(month time.Month) string + + // returns the locales narrow months + MonthsNarrow() []string + + // returns the locales wide month given the 'month' provided + MonthWide(month time.Month) string + + // returns the locales wide months + MonthsWide() []string + + // returns the locales abbreviated weekday given the 'weekday' provided + WeekdayAbbreviated(weekday time.Weekday) string + + // returns the locales abbreviated weekdays + WeekdaysAbbreviated() []string + + // returns the locales narrow weekday given the 'weekday' provided + WeekdayNarrow(weekday time.Weekday) string + + // WeekdaysNarrowreturns the locales narrow weekdays + WeekdaysNarrow() []string + + // returns the locales short weekday given the 'weekday' provided + WeekdayShort(weekday time.Weekday) string + + // returns the locales short weekdays + WeekdaysShort() []string + + // returns the locales wide weekday given the 'weekday' provided + WeekdayWide(weekday time.Weekday) string + + // returns the locales wide weekdays + WeekdaysWide() []string + + // The following Functions are common Formatting functionsfor the Translator's Locale + + // returns 'num' with digits/precision of 'v' for locale and handles both Whole and Real numbers based on 'v' + FmtNumber(num float64, v uint64) string + + // returns 'num' with digits/precision of 'v' for locale and handles both Whole and Real numbers based on 'v' + // NOTE: 'num' passed into FmtPercent is assumed to be in percent already + FmtPercent(num float64, v uint64) string + + // returns the currency representation of 'num' with digits/precision of 'v' for locale + FmtCurrency(num float64, v uint64, currency currency.Type) string + + // returns the currency representation of 'num' with digits/precision of 'v' for locale + // in accounting notation. + FmtAccounting(num float64, v uint64, currency currency.Type) string + + // returns the short date representation of 't' for locale + FmtDateShort(t time.Time) string + + // returns the medium date representation of 't' for locale + FmtDateMedium(t time.Time) string + + // returns the long date representation of 't' for locale + FmtDateLong(t time.Time) string + + // returns the full date representation of 't' for locale + FmtDateFull(t time.Time) string + + // returns the short time representation of 't' for locale + FmtTimeShort(t time.Time) string + + // returns the medium time representation of 't' for locale + FmtTimeMedium(t time.Time) string + + // returns the long time representation of 't' for locale + FmtTimeLong(t time.Time) string + + // returns the full time representation of 't' for locale + FmtTimeFull(t time.Time) string +} + +// String returns the string value of PluralRule +func (p PluralRule) String() string { + + switch p { + case PluralRuleZero: + return pluralsString[7:11] + case PluralRuleOne: + return pluralsString[11:14] + case PluralRuleTwo: + return pluralsString[14:17] + case PluralRuleFew: + return pluralsString[17:20] + case PluralRuleMany: + return pluralsString[20:24] + case PluralRuleOther: + return pluralsString[24:] + default: + return pluralsString[:7] + } +} + +// +// Precision Notes: +// +// must specify a precision >= 0, and here is why https://play.golang.org/p/LyL90U0Vyh +// +// v := float64(3.141) +// i := float64(int64(v)) +// +// fmt.Println(v - i) +// +// or +// +// s := strconv.FormatFloat(v-i, 'f', -1, 64) +// fmt.Println(s) +// +// these will not print what you'd expect: 0.14100000000000001 +// and so this library requires a precision to be specified, or +// inaccurate plural rules could be applied. +// +// +// +// n - absolute value of the source number (integer and decimals). +// i - integer digits of n. +// v - number of visible fraction digits in n, with trailing zeros. +// w - number of visible fraction digits in n, without trailing zeros. +// f - visible fractional digits in n, with trailing zeros. +// t - visible fractional digits in n, without trailing zeros. +// +// +// Func(num float64, v uint64) // v = digits/precision and prevents -1 as a special case as this can lead to very unexpected behaviour, see precision note's above. +// +// n := math.Abs(num) +// i := int64(n) +// v := v +// +// +// w := strconv.FormatFloat(num-float64(i), 'f', int(v), 64) // then parse backwards on string until no more zero's.... +// f := strconv.FormatFloat(n, 'f', int(v), 64) // then turn everything after decimal into an int64 +// t := strconv.FormatFloat(n, 'f', int(v), 64) // then parse backwards on string until no more zero's.... +// +// +// +// General Inclusion Rules +// - v will always be available inherently +// - all require n +// - w requires i +// + +// W returns the number of visible fraction digits in N, without trailing zeros. +func W(n float64, v uint64) (w int64) { + + s := strconv.FormatFloat(n-float64(int64(n)), 'f', int(v), 64) + + // with either be '0' or '0.xxxx', so if 1 then w will be zero + // otherwise need to parse + if len(s) != 1 { + + s = s[2:] + end := len(s) + 1 + + for i := end; i >= 0; i-- { + if s[i] != '0' { + end = i + 1 + break + } + } + + w = int64(len(s[:end])) + } + + return +} + +// F returns the visible fractional digits in N, with trailing zeros. +func F(n float64, v uint64) (f int64) { + + s := strconv.FormatFloat(n-float64(int64(n)), 'f', int(v), 64) + + // with either be '0' or '0.xxxx', so if 1 then f will be zero + // otherwise need to parse + if len(s) != 1 { + + // ignoring error, because it can't fail as we generated + // the string internally from a real number + f, _ = strconv.ParseInt(s[2:], 10, 64) + } + + return +} + +// T returns the visible fractional digits in N, without trailing zeros. +func T(n float64, v uint64) (t int64) { + + s := strconv.FormatFloat(n-float64(int64(n)), 'f', int(v), 64) + + // with either be '0' or '0.xxxx', so if 1 then t will be zero + // otherwise need to parse + if len(s) != 1 { + + s = s[2:] + end := len(s) + 1 + + for i := end; i >= 0; i-- { + if s[i] != '0' { + end = i + 1 + break + } + } + + // ignoring error, because it can't fail as we generated + // the string internally from a real number + t, _ = strconv.ParseInt(s[:end], 10, 64) + } + + return +} diff --git a/vendor/github.com/go-playground/universal-translator/.gitignore b/vendor/github.com/go-playground/universal-translator/.gitignore new file mode 100644 index 0000000000..bc4e07f34e --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/.gitignore @@ -0,0 +1,25 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof +*.coverprofile \ No newline at end of file diff --git a/vendor/github.com/go-playground/universal-translator/.travis.yml b/vendor/github.com/go-playground/universal-translator/.travis.yml new file mode 100644 index 0000000000..39b8b923e4 --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/.travis.yml @@ -0,0 +1,27 @@ +language: go +go: + - 1.13.4 + - tip +matrix: + allow_failures: + - go: tip + +notifications: + email: + recipients: dean.karn@gmail.com + on_success: change + on_failure: always + +before_install: + - go install github.com/mattn/goveralls + +# Only clone the most recent commit. +git: + depth: 1 + +script: + - go test -v -race -covermode=atomic -coverprofile=coverage.coverprofile ./... + +after_success: | + [ $TRAVIS_GO_VERSION = 1.13.4 ] && + goveralls -coverprofile=coverage.coverprofile -service travis-ci -repotoken $COVERALLS_TOKEN \ No newline at end of file diff --git a/vendor/github.com/go-playground/universal-translator/LICENSE b/vendor/github.com/go-playground/universal-translator/LICENSE new file mode 100644 index 0000000000..8d8aba15ba --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Go Playground + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/go-playground/universal-translator/Makefile b/vendor/github.com/go-playground/universal-translator/Makefile new file mode 100644 index 0000000000..ec3455bd59 --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/Makefile @@ -0,0 +1,18 @@ +GOCMD=GO111MODULE=on go + +linters-install: + @golangci-lint --version >/dev/null 2>&1 || { \ + echo "installing linting tools..."; \ + curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s v1.41.1; \ + } + +lint: linters-install + golangci-lint run + +test: + $(GOCMD) test -cover -race ./... + +bench: + $(GOCMD) test -bench=. -benchmem ./... + +.PHONY: test lint linters-install \ No newline at end of file diff --git a/vendor/github.com/go-playground/universal-translator/README.md b/vendor/github.com/go-playground/universal-translator/README.md new file mode 100644 index 0000000000..d9b6654741 --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/README.md @@ -0,0 +1,87 @@ +## universal-translator +![Project status](https://img.shields.io/badge/version-0.18.1-green.svg) +[![Coverage Status](https://coveralls.io/repos/github/go-playground/universal-translator/badge.svg)](https://coveralls.io/github/go-playground/universal-translator) +[![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/universal-translator)](https://goreportcard.com/report/github.com/go-playground/universal-translator) +[![GoDoc](https://godoc.org/github.com/go-playground/universal-translator?status.svg)](https://godoc.org/github.com/go-playground/universal-translator) +![License](https://img.shields.io/dub/l/vibe-d.svg) + +Universal Translator is an i18n Translator for Go/Golang using CLDR data + pluralization rules + +Why another i18n library? +-------------------------- +Because none of the plural rules seem to be correct out there, including the previous implementation of this package, +so I took it upon myself to create [locales](https://github.com/go-playground/locales) for everyone to use; this package +is a thin wrapper around [locales](https://github.com/go-playground/locales) in order to store and translate text for +use in your applications. + +Features +-------- +- [x] Rules generated from the [CLDR](http://cldr.unicode.org/index/downloads) data, v36.0.1 +- [x] Contains Cardinal, Ordinal and Range Plural Rules +- [x] Contains Month, Weekday and Timezone translations built in +- [x] Contains Date & Time formatting functions +- [x] Contains Number, Currency, Accounting and Percent formatting functions +- [x] Supports the "Gregorian" calendar only ( my time isn't unlimited, had to draw the line somewhere ) +- [x] Support loading translations from files +- [x] Exporting translations to file(s), mainly for getting them professionally translated +- [ ] Code Generation for translation files -> Go code.. i.e. after it has been professionally translated +- [ ] Tests for all languages, I need help with this, please see [here](https://github.com/go-playground/locales/issues/1) + +Installation +----------- + +Use go get + +```shell +go get github.com/go-playground/universal-translator +``` + +Usage & Documentation +------- + +Please see https://godoc.org/github.com/go-playground/universal-translator for usage docs + +##### Examples: + +- [Basic](https://github.com/go-playground/universal-translator/tree/master/_examples/basic) +- [Full - no files](https://github.com/go-playground/universal-translator/tree/master/_examples/full-no-files) +- [Full - with files](https://github.com/go-playground/universal-translator/tree/master/_examples/full-with-files) + +File formatting +-------------- +All types, Plain substitution, Cardinal, Ordinal and Range translations can all be contained within the same file(s); +they are only separated for easy viewing. + +##### Examples: + +- [Formats](https://github.com/go-playground/universal-translator/tree/master/_examples/file-formats) + +##### Basic Makeup +NOTE: not all fields are needed for all translation types, see [examples](https://github.com/go-playground/universal-translator/tree/master/_examples/file-formats) +```json +{ + "locale": "en", + "key": "days-left", + "trans": "You have {0} day left.", + "type": "Cardinal", + "rule": "One", + "override": false +} +``` +|Field|Description| +|---|---| +|locale|The locale for which the translation is for.| +|key|The translation key that will be used to store and lookup each translation; normally it is a string or integer.| +|trans|The actual translation text.| +|type|The type of translation Cardinal, Ordinal, Range or "" for a plain substitution(not required to be defined if plain used)| +|rule|The plural rule for which the translation is for eg. One, Two, Few, Many or Other.(not required to be defined if plain used)| +|override|If you wish to override an existing translation that has already been registered, set this to 'true'. 99% of the time there is no need to define it.| + +Help With Tests +--------------- +To anyone interesting in helping or contributing, I sure could use some help creating tests for each language. +Please see issue [here](https://github.com/go-playground/locales/issues/1) for details. + +License +------ +Distributed under MIT License, please see license file in code for more details. diff --git a/vendor/github.com/go-playground/universal-translator/errors.go b/vendor/github.com/go-playground/universal-translator/errors.go new file mode 100644 index 0000000000..38b163b626 --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/errors.go @@ -0,0 +1,148 @@ +package ut + +import ( + "errors" + "fmt" + + "github.com/go-playground/locales" +) + +var ( + // ErrUnknowTranslation indicates the translation could not be found + ErrUnknowTranslation = errors.New("Unknown Translation") +) + +var _ error = new(ErrConflictingTranslation) +var _ error = new(ErrRangeTranslation) +var _ error = new(ErrOrdinalTranslation) +var _ error = new(ErrCardinalTranslation) +var _ error = new(ErrMissingPluralTranslation) +var _ error = new(ErrExistingTranslator) + +// ErrExistingTranslator is the error representing a conflicting translator +type ErrExistingTranslator struct { + locale string +} + +// Error returns ErrExistingTranslator's internal error text +func (e *ErrExistingTranslator) Error() string { + return fmt.Sprintf("error: conflicting translator for locale '%s'", e.locale) +} + +// ErrConflictingTranslation is the error representing a conflicting translation +type ErrConflictingTranslation struct { + locale string + key interface{} + rule locales.PluralRule + text string +} + +// Error returns ErrConflictingTranslation's internal error text +func (e *ErrConflictingTranslation) Error() string { + + if _, ok := e.key.(string); !ok { + return fmt.Sprintf("error: conflicting key '%#v' rule '%s' with text '%s' for locale '%s', value being ignored", e.key, e.rule, e.text, e.locale) + } + + return fmt.Sprintf("error: conflicting key '%s' rule '%s' with text '%s' for locale '%s', value being ignored", e.key, e.rule, e.text, e.locale) +} + +// ErrRangeTranslation is the error representing a range translation error +type ErrRangeTranslation struct { + text string +} + +// Error returns ErrRangeTranslation's internal error text +func (e *ErrRangeTranslation) Error() string { + return e.text +} + +// ErrOrdinalTranslation is the error representing an ordinal translation error +type ErrOrdinalTranslation struct { + text string +} + +// Error returns ErrOrdinalTranslation's internal error text +func (e *ErrOrdinalTranslation) Error() string { + return e.text +} + +// ErrCardinalTranslation is the error representing a cardinal translation error +type ErrCardinalTranslation struct { + text string +} + +// Error returns ErrCardinalTranslation's internal error text +func (e *ErrCardinalTranslation) Error() string { + return e.text +} + +// ErrMissingPluralTranslation is the error signifying a missing translation given +// the locales plural rules. +type ErrMissingPluralTranslation struct { + locale string + key interface{} + rule locales.PluralRule + translationType string +} + +// Error returns ErrMissingPluralTranslation's internal error text +func (e *ErrMissingPluralTranslation) Error() string { + + if _, ok := e.key.(string); !ok { + return fmt.Sprintf("error: missing '%s' plural rule '%s' for translation with key '%#v' and locale '%s'", e.translationType, e.rule, e.key, e.locale) + } + + return fmt.Sprintf("error: missing '%s' plural rule '%s' for translation with key '%s' and locale '%s'", e.translationType, e.rule, e.key, e.locale) +} + +// ErrMissingBracket is the error representing a missing bracket in a translation +// eg. This is a {0 <-- missing ending '}' +type ErrMissingBracket struct { + locale string + key interface{} + text string +} + +// Error returns ErrMissingBracket error message +func (e *ErrMissingBracket) Error() string { + return fmt.Sprintf("error: missing bracket '{}', in translation. locale: '%s' key: '%v' text: '%s'", e.locale, e.key, e.text) +} + +// ErrBadParamSyntax is the error representing a bad parameter definition in a translation +// eg. This is a {must-be-int} +type ErrBadParamSyntax struct { + locale string + param string + key interface{} + text string +} + +// Error returns ErrBadParamSyntax error message +func (e *ErrBadParamSyntax) Error() string { + return fmt.Sprintf("error: bad parameter syntax, missing parameter '%s' in translation. locale: '%s' key: '%v' text: '%s'", e.param, e.locale, e.key, e.text) +} + +// import/export errors + +// ErrMissingLocale is the error representing an expected locale that could +// not be found aka locale not registered with the UniversalTranslator Instance +type ErrMissingLocale struct { + locale string +} + +// Error returns ErrMissingLocale's internal error text +func (e *ErrMissingLocale) Error() string { + return fmt.Sprintf("error: locale '%s' not registered.", e.locale) +} + +// ErrBadPluralDefinition is the error representing an incorrect plural definition +// usually found within translations defined within files during the import process. +type ErrBadPluralDefinition struct { + tl translation +} + +// Error returns ErrBadPluralDefinition's internal error text +func (e *ErrBadPluralDefinition) Error() string { + return fmt.Sprintf("error: bad plural definition '%#v'", e.tl) +} diff --git a/vendor/github.com/go-playground/universal-translator/import_export.go b/vendor/github.com/go-playground/universal-translator/import_export.go new file mode 100644 index 0000000000..87a1b465cb --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/import_export.go @@ -0,0 +1,274 @@ +package ut + +import ( + "encoding/json" + "fmt" + "os" + "path/filepath" + + "io" + + "github.com/go-playground/locales" +) + +type translation struct { + Locale string `json:"locale"` + Key interface{} `json:"key"` // either string or integer + Translation string `json:"trans"` + PluralType string `json:"type,omitempty"` + PluralRule string `json:"rule,omitempty"` + OverrideExisting bool `json:"override,omitempty"` +} + +const ( + cardinalType = "Cardinal" + ordinalType = "Ordinal" + rangeType = "Range" +) + +// ImportExportFormat is the format of the file import or export +type ImportExportFormat uint8 + +// supported Export Formats +const ( + FormatJSON ImportExportFormat = iota +) + +// Export writes the translations out to a file on disk. +// +// NOTE: this currently only works with string or int translations keys. +func (t *UniversalTranslator) Export(format ImportExportFormat, dirname string) error { + + _, err := os.Stat(dirname) + if err != nil { + + if !os.IsNotExist(err) { + return err + } + + if err = os.MkdirAll(dirname, 0744); err != nil { + return err + } + } + + // build up translations + var trans []translation + var b []byte + var ext string + + for _, locale := range t.translators { + + for k, v := range locale.(*translator).translations { + trans = append(trans, translation{ + Locale: locale.Locale(), + Key: k, + Translation: v.text, + }) + } + + for k, pluralTrans := range locale.(*translator).cardinalTanslations { + + for i, plural := range pluralTrans { + + // leave enough for all plural rules + // but not all are set for all languages. + if plural == nil { + continue + } + + trans = append(trans, translation{ + Locale: locale.Locale(), + Key: k.(string), + Translation: plural.text, + PluralType: cardinalType, + PluralRule: locales.PluralRule(i).String(), + }) + } + } + + for k, pluralTrans := range locale.(*translator).ordinalTanslations { + + for i, plural := range pluralTrans { + + // leave enough for all plural rules + // but not all are set for all languages. + if plural == nil { + continue + } + + trans = append(trans, translation{ + Locale: locale.Locale(), + Key: k.(string), + Translation: plural.text, + PluralType: ordinalType, + PluralRule: locales.PluralRule(i).String(), + }) + } + } + + for k, pluralTrans := range locale.(*translator).rangeTanslations { + + for i, plural := range pluralTrans { + + // leave enough for all plural rules + // but not all are set for all languages. + if plural == nil { + continue + } + + trans = append(trans, translation{ + Locale: locale.Locale(), + Key: k.(string), + Translation: plural.text, + PluralType: rangeType, + PluralRule: locales.PluralRule(i).String(), + }) + } + } + + switch format { + case FormatJSON: + b, err = json.MarshalIndent(trans, "", " ") + ext = ".json" + } + + if err != nil { + return err + } + + err = os.WriteFile(filepath.Join(dirname, fmt.Sprintf("%s%s", locale.Locale(), ext)), b, 0644) + if err != nil { + return err + } + + trans = trans[0:0] + } + + return nil +} + +// Import reads the translations out of a file or directory on disk. +// +// NOTE: this currently only works with string or int translations keys. +func (t *UniversalTranslator) Import(format ImportExportFormat, dirnameOrFilename string) error { + + fi, err := os.Stat(dirnameOrFilename) + if err != nil { + return err + } + + processFn := func(filename string) error { + + f, err := os.Open(filename) + if err != nil { + return err + } + defer f.Close() + + return t.ImportByReader(format, f) + } + + if !fi.IsDir() { + return processFn(dirnameOrFilename) + } + + // recursively go through directory + walker := func(path string, info os.FileInfo, err error) error { + + if info.IsDir() { + return nil + } + + switch format { + case FormatJSON: + // skip non JSON files + if filepath.Ext(info.Name()) != ".json" { + return nil + } + } + + return processFn(path) + } + + return filepath.Walk(dirnameOrFilename, walker) +} + +// ImportByReader imports the the translations found within the contents read from the supplied reader. +// +// NOTE: generally used when assets have been embedded into the binary and are already in memory. +func (t *UniversalTranslator) ImportByReader(format ImportExportFormat, reader io.Reader) error { + + b, err := io.ReadAll(reader) + if err != nil { + return err + } + + var trans []translation + + switch format { + case FormatJSON: + err = json.Unmarshal(b, &trans) + } + + if err != nil { + return err + } + + for _, tl := range trans { + + locale, found := t.FindTranslator(tl.Locale) + if !found { + return &ErrMissingLocale{locale: tl.Locale} + } + + pr := stringToPR(tl.PluralRule) + + if pr == locales.PluralRuleUnknown { + + err = locale.Add(tl.Key, tl.Translation, tl.OverrideExisting) + if err != nil { + return err + } + + continue + } + + switch tl.PluralType { + case cardinalType: + err = locale.AddCardinal(tl.Key, tl.Translation, pr, tl.OverrideExisting) + case ordinalType: + err = locale.AddOrdinal(tl.Key, tl.Translation, pr, tl.OverrideExisting) + case rangeType: + err = locale.AddRange(tl.Key, tl.Translation, pr, tl.OverrideExisting) + default: + return &ErrBadPluralDefinition{tl: tl} + } + + if err != nil { + return err + } + } + + return nil +} + +func stringToPR(s string) locales.PluralRule { + + switch s { + case "Zero": + return locales.PluralRuleZero + case "One": + return locales.PluralRuleOne + case "Two": + return locales.PluralRuleTwo + case "Few": + return locales.PluralRuleFew + case "Many": + return locales.PluralRuleMany + case "Other": + return locales.PluralRuleOther + default: + return locales.PluralRuleUnknown + } + +} diff --git a/vendor/github.com/go-playground/universal-translator/logo.png b/vendor/github.com/go-playground/universal-translator/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..a37aa8c0cd0f6e1b98e0be3eb2531ebc6ac6717b GIT binary patch literal 16598 zcmV(yK*U_<=i=1Q$^7;0v#+eDrK0%p z>%6(N%f`XBv#;pk-N3xJlaY`9`tZ@r#>d0H&B?^Dtf>F`_3`TEoSK)csHK;dl)1LD z{xUb9o}0zMyZALSjf{%1BqI0!{{5jc`1SO`zPq8KpwB5MBz`@`DJHxnB>jUjr=XpP zhJ*ceGX0V>qah&tt}xmxDK3XPA9F;SA|8N$duRs?{%JJ*T{HG>5AcL8I*&O1Ju^KN z1^!Yp@h&apFDzno38}29au*Y6VF#%(B=Pd^`t{{04g#CPRH8PEL>89OH1Y4=wM`?Y+cnsCD|dZGb#-yb zPbYsY6v#U#TTlf1)HKmxCR88|TWkfi;WgJmEa>U!iH1CPzc%zlFUrZIxOpL50SAW2 zHrkRe-Bv8!+}rP-U23*Bp`mB-jzz%dHuKoF($TRq)t%&MEAPFIet}u?$D-;-NTfd? zqGBFudL7@{$H>RCmXS~SDk-e2cr(q3b}2D4;I^fdk8wf@!NHcex`pmIGxX}ykX2Zk zP#l(MXu)GF(Pvk zb5n$3uu@QfLrR3XE#bH{zmF;My}ImfZ|eE@n0GU+i65iC#kVv_JUkHP6q^ z=b4$1KRnawHnN9;XOVD+dTcU@PWtQI+{V7)vVb@}2{~W|d768ob{*KawLyATCMyBY zhk?3y?SQh*YZ(!U#KDNg9qaM-(p?CZPE$X(8z(y`Rk002FaNkl8uC7fajE|-h>jHG2b9lbevz(KOfu`z+X2)PND2t1w1WGFmB z;BZ@Tf}w8eW!d6lVUNJlhe<3w@VLAr5!hqYo=(frj?qrXhNe@r$z?o#)_BC$c#6Tn zw%ibJSrePzu1EE-o7FRWE@Bmr=0#t-W8=a(6GTqoYvcqTWN@=@*0!nMye8HIu2(T+Ak@9J5Z~>D99iw*`m8V%yP8G^_lKA3_-39D4+I+C1zz z%PxAIjtxqC6rEeEoK;TYRK5moFT3e)S;c473ltAKvc{hCWlVc;gKFP7(_^pP+TQSQ zjTnnuLBc{Sdb7KSnYy{T8Mi%*-`7X=bnva_VNVf!d<1rL=-JH6uuGF1?^y5f9AB6q zotFt+&fvKN9wTt?2px9TxG)4b)AV}%MO>l#`PSCbhc8CH z(ahGS3jt5QrHGrvLqpybTd3aT!_Ma3C?0!8iS}-@N4$|3Vjk~Odfkur_B2j4Q=ai9 zwCdFE-MgodJ$v@--@hOJdcD5T)wQs^+~2>veB#83lSsEgpFKBQ8LAYfrz?!j@VGrK zfD?mhnuhu zc6A*>`uqE-yqo0c(WA$Y&khU>p!`akr_C16;qx9(K3}Q48GMs(2|#W(U+C>U+gs?p z^6}jBk0WP#6@}XUG1|MFxifa;Gu`Gf@{^8r3D0vJ&-0ExB2Qql!KaO@u%q%RuxCa- z=nDq{@3OWa?o`}pF?bNzz;Q^nz?4c2d1Yzhk<6eIWaeu#=B8Cm810v^Rke)+e)?h zH``r9!+0zn64TyHj(U9NCw8Ir?OU83bm-%VH;0Wb>dWQso<4o4T$akBA7WgT3iz&_ zN#||w+mrl%lwSPt^Vg61UR6`~YFWHi_l{!JcULueSU zuU#7-U!wAd^F!yiGqsgYce}fpeBa&ns10GwH=8Hj)>BVDk~}BH;~@vhCnx{=D_1_h z9(z4@+Q`0r`z}a*NhgoKotri}dCcg8TMu47d)M~vT^slBr56_$zkgrMPE@N|O(WZ! zsLQ%0YpP1+LKrd6^35*)GUSB5)MzwrJS8#U4D>#RSz-pt?c=lJXO zeSaQ*)aC{sacalkE(o<+>1c~WPfGnKtu-k`2YJOl(N%r)u4fVPB7smYkR!~c!2?5` z13>TVn~)3sx0VVE3qQ8?KZ&MxkE4I%0~`Az9FB(`>c8OVKkXPppkEAHPbYRdx2|$6 zf*j~H;Ex?orIrKyj}eYAQ%S`h#fdpw@Cz<58T?>}2zx?ZT|%y(T{~Xpi=gkZTF;#e z3F=$F{`}PNFa>wR$HyM5Ztd#os_vSakjh6}Iy<|C2zX8|>ielr&R9gEe{Fo0|8gK| zkY8VlfcpEtiRi!U(S93Z-L~--2kINT8Vb8(?fP;$%dGar++*t=TX-4CqacXL~rY1d|=Z=r( zT@Q{j(+PIADfOvY)=!t^b(wRg^=0R7n8aR zGu)okchJ@@r~V1+Ujz8JBY#ZBac;u{>vE*5fRzYXDa*3>N)mKP)O|L;_+)+@W$#W_ z1HCSw0BPQbdWUK^n3k3~2){GaaiQou{J~fvivE1qGekZm14C^s_>uYe_~`Zew$6dh z&dz2jY$hilM;G9l1sq4)7Rn-P`H|OEqLr&S14g)DnOR!8zA!U0bMNinM7RaVpGDl; zY-jGh@Wtt|F$}V_tG&EfzS=j}cU7%lLF4S~p35Z7OJBR(*!bOV-xB?PmY6P)N+eR& zm~-CP8no)@pwxKED3P8YEr^+%?8q=F+vn#4EnG5nUJd7iSCx$h8STYo>M5XqKb%>U znOOtZDR(?fN4Uox1Ub*XkD$wZHf)e>(EIqv@I>f+HsGnMd7^oAVqjvh1vQ|K6RZ%6 zS(agDR(SBQc^!rdmzN8vK88rJqp)LqgEnqF@z805HGQJ@1$%=?VI znx@@zXBFMuwRP&sqPpVZvLw6xjS9oC{Zv}oug2jiu%}ZIcF@Ph^RCBI+pC^=W&^+h zj2nbIz;VS1L`O&K^(`$vP;`|5u!wLu!{jbqrQrBbaLVo`2m4qAM6qoVHq>>S?SyR` z*c}LXS5Tn6g}o`iI4?0VQ5zK%Rio1xlm=zWuo0G1 z^py0Jec*;-d4*BepMTH?oH9ZSY$|#H{6GG`^dbW~(Tbd;`3i5jm;5kK&YSMhLvC&3 zHVlp9eiusn*^WX_1XErv-9)w42ysdA?Q+H zW2CX6=ZBNdm?l$Xli3vMR5s}}x+#0!T+v)!UV9=H(9Y8J_>rsU{BkbR#TC3Ak&M^yN+acyB-!s$e-Ut;vL8ySlm4a z;eC8dRw94`tf=X%Uv6%$8=aRI9J<1TIMbMW6^gFu(4jHQl%}SF=r%{bpn^hWvR;$u# z?d{>=gnV=2*2E~n{(eP81u1Vp-=CRI+4rUIi{BUTb=|}MLKVTK$?cJhCIQZa#yajY zS(}2N?bT>;%*x8uf2KJB_nPh{ry9GsF6g#rFPyoz{6b}Ux%JHA;^J%)xNpWt!c`tW z{u(CNPsL)vuD!{O6hY2%>I8qZSX5O>PtGWEy~`Lmb<%8B>Xe$#4z(JbN}bN!q|z#P z103ko^(ZQx!H{Jz7!K^;PuL-zok!n77@PpuN3`=QIJaXNJwN>xw8No`D|!K~UHql+Qv5HWo# zB}cT^)aaC12QmqJ`hK3=ZTlv`6W5{ViSOGfIrW*|Np9;)2Kq```l9tRy)3$O^iF?{ zPUxJ75m{!I-KK-QaAxVc*K(Nd4R;SXqMht4{NEVX+)5Xg*@A@Hq<~LB?(fg+E!|uH zU3PZ%u1f#x_XH9a#ZAHrAeO}~uDGbkZnqajX~LVrJ32BtOdr;k&6(!Li-vb=RcYZo z`qr(9iCZ7x(X%SDkm@`-$X^FI#FKA=?VA8jd`GrF3{<|9@ts|UOIx>`TRl)x)i(4! zVqK1178248PoY+zy&b-K_%Oy7g$1LI+PVzSss7D$wDbGdl?MTRO~_3yx};tzTQz$r zSe*>=WM;>E0%_2DZ|vGpUk`K^A_F2WgkGGN_tjVSqN1X_;l#xEe>Y_`nRX?JRuvab z&g~`&C+yn9tq{;bzH_ItrY6OpN)iIAqhPS4RrcG0}H-ItzJ63yu82&@oOwU+_mf1X}n+g2RO*VZncK44<-BB z+G+Yq=F+7-dwvP<@5T-$&i;rIO9hgIw?BI0!*bRmde8z!{OebMCn_45k1IEu%%;5w zZ2pLs8`5bugFNbyN1`6vx%0719fnqA*1>c_p8opl;C9=-g_85G(`0|)akx&hT0i8E z*A@6EL~^dPMBnD8U_geo*8BDX#{gcTd}-NoZ9(W=)2}TPcDLmocn>*d*J+ov2jn5X zXFPA=Qd371{#Zkjvdg7$5|ZN*kx0rQ<9P{LJPXA|<1mAld=H zeF6pxh+y>)4x?&9&JdUXE;854k?u3tb-luOx$vDg{YKA04)&K8U7-bQ)+Wt*$g!p+ zd>R)h=2(eXDrI1_slN=}1S%ohp zYxPt}n<|U+ZLLX3DU^`n%%gKDue)jSGZ|@jXG+Vz=eq5l&YUz)X3nM`O}_;8bW6G= z_o!T>E7p}a=o+%+4G~%088Lh6<#L=(cY(ZrFR_KH+jR%FgZ+7u*Ku0ym53ZDlD%;M zDK00U$79jCFr3=+e>+Zd8Kbx^y8rpdw;+ePi0(rEcF{vXXUH9M*J=IbOtmtzv9U2p zZ8n=LDb51T5%B!EI7_u9F0HyYe&&bWyDz1GlxsT+qsKmW{8-WTmSZB|aUiV( zp-$K&$n7N5VfYthn(2a0mpq8WDj|Q##oe9cXkS151>`UX`LAYm5)73sDbrS_7t)At z*5MiTSA0^HksSw%*X)LU1ay357LSh~J$h6Zm8R3Ap?k~D-LOHIy{AFm-Px^**;QYa zRWHuV0((CzdpO8}4s*y3Xwud&^^FK$SLZ;dLr&F+Ft25_rg2cGMHE*=P(hwTxPLCH!Q#wALd+)uu>YY1x z@80P^ABRO1AI(Ks%hl*K+3~t~e6n@AtgJn{^)dCj`q*8&RP*TJAcw=-+1WIg>Og-! zi0R>uof>t-y6A!jjiN=dZvEf4lN?@2@VXN~XWf0N=0ImPpPrm-n>8vX&)n@Ol2R#B znbf1LwNQFh?-AAi|L(|>>jb9nKL5a# z9Oin*V%Hps8x@|4J7>=Pz-uLu-d02$AM6y*6+OQCyoDT5;^I)icc$llc4<5}_oyZ} z9q6GAFnMu9vAj6DbA5(iJ=DU~vNpz>?Ab;zfJ01KKV`b&+4+RMK#-yA2MrCG_ zjasUD`OG&}adz8*Hiir*E=5IYiqq0M(?ZkbGuepsVqLeqJEOB(2kKohauw41-dFoo zTMPU9LH@!E;jl%)zA-iRc}Di9+Jk~xPK8|TB|^jN?%g<&O~C;*1>ZTr|1HqT^~&AZ zt2|$RWm0odWs$lF-$Id8uw<=`?m#1}vaQK}T3tBj~iK{rDR^4%a1L}Fip6pKf zo^E+P(CcIO@2Z!pRH`=%LEgUw>`rv2>e~rA)5v2sH_8=VnBt-*_gW4*wPuqbAjy{F zg8t9slNhyMMJprJo3Y9#Q_FY~k2ZAkutg4!9=0@%*iP77rNsdba<2F7igPm&jID>o z#Kgo_Rqc*a9xqlw4X(wq?9avVNq zlfWb>_yT3k)!mnn1Ko?Cg6jldkn@@v0Zpnql3mf#LUJI^Vez+xlB;b|b15a~Lmi@X zJWG2YK1tUT^v0&MU$F+&){6@@u6Tr zjdB19{%^XtMFoAbLxMTGeca3`Dl2Pk)9Z^WWs<-7woPeKX~Znm6;#ut=)i4DZGI`h zOUtV7N~y{@4xQgO_dr`{X@zvA z9J2{nIpTZ?Ix9NJfxgt`Nv!vrR&C#Sx@&moL?lHYuRFE;i^icGLGYMgK=2as!*F+y zzYB7^=2C^ii(DQ062r07cvB{%yjs=fMwz`zF6@(vkk(-#is~cOIV0CsxT=)reLM7O z{`m-UPzCo=aF7%BcH;2FTvT^-HCu;GT{Si0(*uFSLtPj@?fr^guIS!|F@Y(-mgIM0 zaW8WisqhzQofDQsa1z#?_ca*OC3#HY)*TC(}?XH@?&Z-WxtL~JYjrGCdlLMQysqz8SfFa-G>$_VQx`Nh36<)yN?DnC)#7fB z!>_%4IZIsJ+?=ICB0tL7{@(1QvYaHs45Uw{tXPiEHi zq;9v>)C6A~O&ks3E?4zOPYwjEGlgLhcHN7M-5uy4zvVcsRg7q(#oprRXf3(HQ)IUJ z(u5qhYprT2kK(wXIgT4Cestix!M$rbb2e+FyM>a9riL|Pi${b zWYL!fd*tdHml<@G>e3Yo=eHL4-U>46j7L+xp|&jsyRdcav_GR z?TLwOu)`KNH6uRBVLeKlQl-)kmWV=@sXCVuBE7nXm4b>5UH&(vkkqhs7x<)`RO!=hk@B#+>Rab5%2HV z@qUDT;C_V5J-1;)dF|B@?)S7eM0aW)%WxBPyXuLse{y(u{0LS@BmIVYYLo{hWD2@W zboZVy!GJQ!6dA~Det&WKgV$KiKP2R^X|e|>@v@5htOl`G9KBCW0iDKWi+vohILtX5 z^p*J^*^es_9A7ZZoR6G~M`F*2FVBc^fIH)yC5P$^JM5o4eyi0V`;&p#WgX~oN6;>J z0et0m>jc5dfw0Ihzd--h$)=yy!QEN%TWxJW>+df)pr5|OSDf3oFFG2ZXzc}>q&b_B zMpg&^BI6+advZH0JMHW&ICIl5U)0LyHUE0eet<6}U*hm=L-*YCgZ@xG46Ceyo+d7D zd3%z`xob`i3j~46u;DJPA=%%@|0kPmUi4qEJc4B@?^XHJXFAqO`V1r1zKLtsR*;NE zNzF#Pd#CU{q(+zR9chQO!m{&Hv4xPQX#j3VXTf1#kFu$KhQ1i<)SPUJuM zj6L-LfC+56y*~W^lm#th`;^yuyU3>Y=Bs#gX zxN*THx|cicONSWMm{YK(W-A(|v90N^r041!rU`A>rg4C?uVnZw%yymDml4p z^m^gTU=MovKC&c}*us#r9&ZPCq7Nqfe2aR-pda$Z&s?U*NA?7pOv(Y%6~k)7gUQK0 zPXzxS#^$&-EO5FRvD@!aGJV(U+5=erBbz^6`zYjanHk5nd2`k^-vU{R(Sp&GUG>oM zZ5lf{)4a0iGhRQkVSen#&u&g#tE(%ltE+q2en+0jqO)y0J_P+)(#k#;`K>=vJhLjj zDUys|mm@j;KfzeA0IK^LwAwBofAX$JdD#!-1bxj)vM1(_E%vq6zP{+w){!n8mrh3; zP?>3?t*o`RwXLm94=ZA`CPfMH&zg&g9c98Cs=H{;pvT01{ONu+!|ngfTKN5O>D1Ks z9zV8_B>{)%4%Nf)K|f~~9kP!c9En^VwmOiYuRDl&ySn`A%x**wgO0!UE)4c?Ms(|g2CMy12+&Pq_u%a! ziOWhQZw%-Gfyx`CR6=wgpC=AI^yt$zfZw|H0Q}u;1(u~|^$B3tVn=nvYQ4ed2zgxS zE>vK*U!tfik_qSiodN)Tp2_W+;!qadsW~ZX1U+VRZAlf|$MhE>%)cUcmcFa5x76XP zJduPuW)*eUUzl&>!y);g^^r$>h9i^xfsWT$ICA<@{~MmBOC;O{I_0brprKJlb|J+N zgZ&Vmu|4|e&9I`IX0;XsGxg9iuu zuqIF5#P}!U6;uFJ7mT4u{r~d{{YO5J)tr*#)Qq8zwfTvo#i?CPtTX5!huvS|)--)a zw#q}{A!(XCZ|$>Mts^5NR&tLlRg*lYuGAyZt6S$YJjeGH{cYSNYBb}WgdFH;5svdY zJ~6}?^eSp<6xf?_U?H9R$5?|PZITxa^q>|(e$2hsyTr=+`}M~s1`m^+} zk2rdWpck2C5|LhA$x9JQGc#F_$6+?9IdeQ+jvIysW^EuLAuqlmuUj6mzB@0AxVyL$ z4qu-aJCQT;`sS@0+g~r-xOdA*nUt*3k`V|&2YJh}RphC_r-R6Ig#F?g!ysM&;#ElG zL7#6|M+Tbw0&44d(q-Q%l06rGzZ+>}TLX6*pw|{x?0MNM(^eHS2w6q_?+H`NP_lgzP>mx6aB=_u_k3P+) z?qe7vNjYG^WP0@gS$Q~#=Lw3FI z^kQ#lUte#p+rA4F$6!E4qNPdBj>arwkE;qgrLh@`!#X>ea{d=7=N{8m702;%aa^D< zV6csc@^TEk>mZD>DT%9=&`nn;gh)mlB7!rdB9AJME`b_S!eiwj ztdeHfL{c_bjmTcch>`u}|Hkh*x3{+)Iw$_<;Qj;ar@!axl#^7s(}uH{Y;^fAa2w@GE+?S3Ep z{Oz~%^F4tvUh2BKPS&D;Oly$Rx%c=!JlS~bVug~%%PXR^tFgEVUFh02#JbG1Hj4fs zK|iWiefYX6=Vd3lDs^3Z}T+Ya;&Ni@f!YgQA1J`fWyK%5;X(4!FEX-yLqx}StO zvq`UuOHP2T0^S!C>=UXTiWi?HgPSd*;fB$KaJ9bkRLETcolYqut+(&mx3K>6{O>(6 z(xBB&wIz3z1iCvgYY78VLd(Bg2Z+2ir8OlLRQf6^D$l010h^$|1oUdv`+2I5dGy!v zw0Uo7b($(eu6+&YXc+P65lgLzaR@ILFc;IX>f_gL+Az^7-f8e=hu$F%q3A7}estPl zClWei9YrA0N6X`Y}!prk%Okx6*BdR;WvleVA97X%R&DC&^KGs4G%(E9BPQ3WVdbTMFDE;wHAn3hB92y`<(J4RpFY&niX{j{c{56Ajx2`3ml z3fQ;c>p4Jo)B2IDr>0~gI!SKW&s+)ExP68iybs8Cn>KJ{GmNBl7`%LMaDv`qk|)q8 zHxsyH^j%19*lhfyv{Tm^M^|oc=wK(aO{nJfg)QB^NrbM+Cg#s=d3U|a7w%$7!w0WjnU;tsxcgfeU z!?dyx7KV9G__}WK*;7dg`FeRQjqo#4cN+G;pa+uVW{6GJVKT>Y@9r}s&UvEy?;{8Q z&z$ienRm*$b0Z@-4u%F5>Am6&pQ(Y?1u=tp?;Tih9fz8ispN9RXD5#@M; zUofRC52d6oL`9K%EKJWmrz2O^$de5Sa+{ki%nln=5G-1gS{}57_x38x_&7y$jFZ## zx)WV0t*op2e!iCY`o#BDyx=f6mT!;;VjCm~uFlJ6-XzA55Fs*gIpRz!<4JhY;1C}BLr<47kbpwp6LEtidvj$ud5s%uc(|KfsBujHs zu&DiuCeolf92|`Gx_Pw4UJ1D9V@qY-!+W&I#AW{29FwE2=PFt>@h#h zt83>+6l!>Rt$O|(1e@nSZo3i;tX{b|f1ug3=c{HsbI`g!Gpgm$tGA*1!O`1o2iI&x ze~V5d{Gu)+_2JOdQD)kZ&6#$XrqM%POeS3#xfef}x)b&Uawo^A)iBnHv>qa$3)#(Y zR|nLNF`uH5`Pw=Zv9=FJftcKx8M3trvP+}!MTCi;sSA~5@A^0wGD`#u@a zPY`s4>LQPxrPgNUXj3-qyEOLw<+i9bTa1v~Ku*z7&4C=f5?|kSQ)=pZSd@+)E_k?i zT4z2LVvRNH_2KEyau{9QA$#!gq;zw5EY|%xY(Y?Tu#1U(cRSU3Gql}Tr)Y!D;p>R+ zw(%-nUWEudt==&Ci0tMwJzX_LXTGT6u(Dv*>;aNd?bVmxQmIcUh_B~$Q*>zk{BFCy z%pTQYi!|7RM07$f6{4IEt}wZ~n3}pV7`B(#d)`p&b9#qEXHK?S^3&g(9w0+5GT9D{ zo{2i14x5j6bdF8;-V3=)J5(Y%&2B&sX#e?~Q^vo)NsRsGcy@L+4^NhF5{B*of!({N zr1aDBlG4(W&u9R;Zx5Bg*H2tkDNxI_=3$*$U6)m$%_z_Y_}WHCZGMPxqc+5MF~Ead zK!>mIj*LSIZ(1DGV+O=DsDIvc4_o5X4y&biF6F@NB*$Env3I157c78za&+`6tm$S$ ze7FT2*N~7?+Y>w32|7|a0vn=R8TE4rzCm92=1_5cNsWYotuwTg^)7#}SqeWW=VL&W z&F(X5U%YriMdV_JR;AL`W#y~TvkAJeX|ru=?%Td#qwm~S^`r3rdWmkw(A_ZEroDXB-mrlx2GAF?s==(t${^?w zUiWO9p;$Nv7+M5$C|z)MitbC$BcpUVD^JsFOHju4S{?LWD!ggyMk3}wPEN{}u3wi8 zkUd1N|8nb6fB#&6Z@)!7hCdi0E?dJqLVU;gxrsU|WE*0l z%F)~gbllSvYF?;4p6^DdPo+Iefy}C|^Ia#!LicZx|=kx;>#>W*m5$35-OP}~2($)sWSM+5L zV}#I2OF4kVH+~tA(W`!DFJ@7pL)Lh~OgZ6=68MPisZB)3;w5VTVLA2y%=mIR^!oVN za9o=7%<|Go>#b`m-M`^#21YutbVv5&T}nwX)w)%$9r>>m^wyho>i54Tc5$@-0|-^qv5389|oe03Z9LVZLDo@$A6KChyh0HFb zH|ekA^*^-Xq<(=~-FL`Hb?zd+to(?BY9G`5mrZ$+6K9vnVpwKiz>6mbx@hn2sV$OM zx`58#I~W^2XUVr*-@~%AlU^LLIT;BlEKM=)I%iqUKdFR$1L*kb*CV^R%J|T279Vra znbN;OkGa_B0*5r+_(=H?N}9)@vyFLnOlern>=agSth1P*!@GE9=pzJ1!2Y8(j?VDtI3JWOqCdKV*>@q}he~y2-0s-K{cKKo9a*x=?b8&f7b>u^^`# z%sPvuKfgeogGi~_NSvZWKRhb=lQR0m(e&}y`hKv*ItTLp1ie~L)Q%>VE6@SmrS>9S zop8E9eaLtW=m4kEnA=l$nS}C3RVZb_Q zLr^-sTY=1-lhBT_YrJoOi%O^Huy^;Q?o>K=1xUtEJY7?Lw5zbeUY7t>e@cVp)&9rjhRZL@fiLU zrln!fK{?De4Re>ji@tQZr)STlo*U5|+k?w_7{SVxy8+FklYbz`r^BqH6dUm7(J8rS zCC8(KT(EbX@d`PmvtZT@qCVohi>Ld*B$kaXduBN)RY5fS4+&j-@}B`Z#sT6_jg1|5 zQ#-m;e1nd%<0_h=PNX#j&POZG76Kd8g+`pxtWE^ zON@Zd>}y5+D#o}g10)b5_$AIpgIp6BNR=*F+*~lm}B~8kn%Sz?&C8hFo&_{(Bb_!y|k|xpJD$#tM6v`FKZc zQ~INxPFy{1I_G(iQ*?DcnQ5hw1GXa-K4flvSxOT1azhW<|(3Ixh;XVH5*TL2eCp0E53{WhKEG`gQ5;{d6>n1~Y%ma5 ze%K}aNC~DK+Vp_bAjJX&l~pX!HM@JUkSiCE6(PF9szj`{VmUYnXKNuyYDA-?mnbI= zsh~ZyRfU{fDpf5|C4zE^Q2q(TcV>4o9$LVOR9;-yQ7`@Y`{vD?H?#AWj`#f-Tvb8Q zUxWKlaGD_9;s-W;cL!JpYxaX9{H|njNAxrP{08)3)lS)azB%(9Qkr}U?AFTRqbo-b zTZUFDhsq_bTvp4Lx;{EpLvo`M^rK}B=xpIG%i}ZL;Rk1KDR4;S-xqIb96ccCbGjfp zVqD)Z!Ce(JzK^vBkLS;AqgJx}6XJ(3+PUn0kpH{vllyxveEH@X`^Y5bH zJ^uSU3>{aL@axuK2%L&cu2tNv0bO7hWcOYE(F<#j|L_L}`pfU;&!0?zdu64RR?CK= zOP65uu<`3BHspiAXcZJDAca~fGrg@ zXaUNypPzhv!T|cGVXbP_jO{5Sw?W=(En_)N(2?B$eXCq1IZZ<^LUX_)o>TO(4;^ez zlZuqxP(hyLE{ivC?6?#-Q@L5-8-bNImmP%IEA*pTR~CjEX8 z>A)_?&e&qn8IoWk7-CsWpnHEm4E)p9JqzF|z|j9S{59x_T{BPGjLSp#~jHQiDq zsGg;YW;(C;L2N8*xG7Ur(2`b z8bu!(CFsatG1p-T$UZs|9U086-xhmRX~Aq@w%2m8^k#3-ZFF_ndLtHP`GtGq!0v zF(NuA?-t2{4)Wg*ku4V(*eCs~(j&iZ!r?(axGLfd-NZEC>G{!N$R4mC5ZNI+Vej5I zn}=C>ihe7XZ|1j>Eu(4}O4({!B`sA-!_$vinp{q`q;;za^stn1OfTsG&iSKXRNxrc%gd^^9xB5b@^qq~|8u$i?VRV;s)e zf3rCiOXGobOKn<)Va2d;l?Zwhi&p#<);vsZwwX=Nn-#}|`{(8h+MJ%4vvZD?gEOtE0_g@+bTz-JE3tKTXm%mBT z^LK7yBdUL~7w|#fgS3hXN=v3Unl-gnBF?@MADXTjHBuFI^^8Owlkn`cr-xk~GHVT6 z#mn>-^h(q-l*t_jANT-SAV8EK@>Q9n2(Ueq}&dkrOkQyCnK;ggPO| z!yt^^*Ig{wK!&^Lanorve**{f19reCeD?G>rPnliRX8yXIZHf5&~vKoNYWQ(*fz-* z;M!rwjoWTUpPSd?b=&sliR6qt&>W%*1D%m$NS>BNOZ>WuaL+ZDw=a%ugIoqxhoO$i zPT7Ip&JOh1>l3g~w^?jVcxVAZ8$PIk`gn^Ic*!H^URYH!r*tQ3yJ=+Z`dpMqp7Gq=oE`nlZHw)q z<}8`Pyv9Ty7BW^A+L-Fd;#SWMUWE3$YX$SzC9eC9%Tsndasz)S=<92=XoJ-|7oJLw z{ubjnFh|C`N(Vmp@h9Zzu?)~L%jvq8Fy|4~qlIEtuefH^p6h8iEpuL&)dX@RGsN9F z`N);~?C60q#6BxMSIPP{#5UbJp5PceOX}Lf{8tqHgB#sJ!AgJ^y4)AOy<2b!$cE8t%=oOIDMpsA~@74TSHqZwM`NJLD9VqXm`O76C)V;u~ zRZEY*_`}3`kgxeg8yII7;h9nLG|;s=vi7XrsO$6fLN-&V7xe|#?6KXt9?95quH7GD z)A{Y2ocy^Uxcj0H_yc`-JoMifd%DEn8K5(EA=JU=ucIf&ylJtPPZ13ae}EbQrV zV26r&v4U421KtMG8GFGj7VWNxQ_yGk`{d-P)Sm!n`72G`LEb*lp9=jK8G`zrYrqR+?Y^hyzW7cvbqA4f-Sr5ueUzLvaeN$c zN4~mq=gtS4q#5s%SFUt3c+fwz)XZ9+$XWABkh2YCQFBE14o3Rk8(kf|4|{N)uJ1bFF9hp%-l;Rvb+;eJ;5k1mnn*vn zRR5`tmENP7u0(G#8I97WR;;HNeh)bt=Pb5U&1rCd;(_ZHiyEwno#Y`YP z=)oSiJ!{S?@Z$sdh<6zNiBL0eLe3l2ve3@Qxsb|0^hxP~+r$6B&T?ARtbF0Q@`N77 z;R&Z;nSQP}xQPjUTE$82e&nx658Oi1fxoe{+C1BsAngAEz5qf00MAd3Cq<=4x Z{{;$xH 0 && tarr[rule] != nil && !override { + return &ErrConflictingTranslation{locale: t.Locale(), key: key, rule: rule, text: text} + } + + } else { + tarr = make([]*transText, 7) + t.cardinalTanslations[key] = tarr + } + + trans := &transText{ + text: text, + indexes: make([]int, 2), + } + + tarr[rule] = trans + + idx := strings.Index(text, paramZero) + if idx == -1 { + tarr[rule] = nil + return &ErrCardinalTranslation{text: fmt.Sprintf("error: parameter '%s' not found, may want to use 'Add' instead of 'AddCardinal'. locale: '%s' key: '%v' text: '%s'", paramZero, t.Locale(), key, text)} + } + + trans.indexes[0] = idx + trans.indexes[1] = idx + len(paramZero) + + return nil +} + +// AddOrdinal adds an ordinal plural translation for a particular language/locale +// {0} is the only replacement type accepted and only one variable is accepted as +// multiple cannot be used for a plural rule determination, unless it is a range; +// see AddRange below. +// eg. in locale 'en' one: '{0}st day of spring' other: '{0}nd day of spring' - 1st, 2nd, 3rd... +func (t *translator) AddOrdinal(key interface{}, text string, rule locales.PluralRule, override bool) error { + + var verified bool + + // verify plural rule exists for locale + for _, pr := range t.PluralsOrdinal() { + if pr == rule { + verified = true + break + } + } + + if !verified { + return &ErrOrdinalTranslation{text: fmt.Sprintf("error: ordinal plural rule '%s' does not exist for locale '%s' key: '%v' text: '%s'", rule, t.Locale(), key, text)} + } + + tarr, ok := t.ordinalTanslations[key] + if ok { + // verify not adding a conflicting record + if len(tarr) > 0 && tarr[rule] != nil && !override { + return &ErrConflictingTranslation{locale: t.Locale(), key: key, rule: rule, text: text} + } + + } else { + tarr = make([]*transText, 7) + t.ordinalTanslations[key] = tarr + } + + trans := &transText{ + text: text, + indexes: make([]int, 2), + } + + tarr[rule] = trans + + idx := strings.Index(text, paramZero) + if idx == -1 { + tarr[rule] = nil + return &ErrOrdinalTranslation{text: fmt.Sprintf("error: parameter '%s' not found, may want to use 'Add' instead of 'AddOrdinal'. locale: '%s' key: '%v' text: '%s'", paramZero, t.Locale(), key, text)} + } + + trans.indexes[0] = idx + trans.indexes[1] = idx + len(paramZero) + + return nil +} + +// AddRange adds a range plural translation for a particular language/locale +// {0} and {1} are the only replacement types accepted and only these are accepted. +// eg. in locale 'nl' one: '{0}-{1} day left' other: '{0}-{1} days left' +func (t *translator) AddRange(key interface{}, text string, rule locales.PluralRule, override bool) error { + + var verified bool + + // verify plural rule exists for locale + for _, pr := range t.PluralsRange() { + if pr == rule { + verified = true + break + } + } + + if !verified { + return &ErrRangeTranslation{text: fmt.Sprintf("error: range plural rule '%s' does not exist for locale '%s' key: '%v' text: '%s'", rule, t.Locale(), key, text)} + } + + tarr, ok := t.rangeTanslations[key] + if ok { + // verify not adding a conflicting record + if len(tarr) > 0 && tarr[rule] != nil && !override { + return &ErrConflictingTranslation{locale: t.Locale(), key: key, rule: rule, text: text} + } + + } else { + tarr = make([]*transText, 7) + t.rangeTanslations[key] = tarr + } + + trans := &transText{ + text: text, + indexes: make([]int, 4), + } + + tarr[rule] = trans + + idx := strings.Index(text, paramZero) + if idx == -1 { + tarr[rule] = nil + return &ErrRangeTranslation{text: fmt.Sprintf("error: parameter '%s' not found, are you sure you're adding a Range Translation? locale: '%s' key: '%v' text: '%s'", paramZero, t.Locale(), key, text)} + } + + trans.indexes[0] = idx + trans.indexes[1] = idx + len(paramZero) + + idx = strings.Index(text, paramOne) + if idx == -1 { + tarr[rule] = nil + return &ErrRangeTranslation{text: fmt.Sprintf("error: parameter '%s' not found, a Range Translation requires two parameters. locale: '%s' key: '%v' text: '%s'", paramOne, t.Locale(), key, text)} + } + + trans.indexes[2] = idx + trans.indexes[3] = idx + len(paramOne) + + return nil +} + +// T creates the translation for the locale given the 'key' and params passed in +func (t *translator) T(key interface{}, params ...string) (string, error) { + + trans, ok := t.translations[key] + if !ok { + return unknownTranslation, ErrUnknowTranslation + } + + b := make([]byte, 0, 64) + + var start, end, count int + + for i := 0; i < len(trans.indexes); i++ { + end = trans.indexes[i] + b = append(b, trans.text[start:end]...) + b = append(b, params[count]...) + i++ + start = trans.indexes[i] + count++ + } + + b = append(b, trans.text[start:]...) + + return string(b), nil +} + +// C creates the cardinal translation for the locale given the 'key', 'num' and 'digit' arguments and param passed in +func (t *translator) C(key interface{}, num float64, digits uint64, param string) (string, error) { + + tarr, ok := t.cardinalTanslations[key] + if !ok { + return unknownTranslation, ErrUnknowTranslation + } + + rule := t.CardinalPluralRule(num, digits) + + trans := tarr[rule] + + b := make([]byte, 0, 64) + b = append(b, trans.text[:trans.indexes[0]]...) + b = append(b, param...) + b = append(b, trans.text[trans.indexes[1]:]...) + + return string(b), nil +} + +// O creates the ordinal translation for the locale given the 'key', 'num' and 'digit' arguments and param passed in +func (t *translator) O(key interface{}, num float64, digits uint64, param string) (string, error) { + + tarr, ok := t.ordinalTanslations[key] + if !ok { + return unknownTranslation, ErrUnknowTranslation + } + + rule := t.OrdinalPluralRule(num, digits) + + trans := tarr[rule] + + b := make([]byte, 0, 64) + b = append(b, trans.text[:trans.indexes[0]]...) + b = append(b, param...) + b = append(b, trans.text[trans.indexes[1]:]...) + + return string(b), nil +} + +// R creates the range translation for the locale given the 'key', 'num1', 'digit1', 'num2' and 'digit2' arguments +// and 'param1' and 'param2' passed in +func (t *translator) R(key interface{}, num1 float64, digits1 uint64, num2 float64, digits2 uint64, param1, param2 string) (string, error) { + + tarr, ok := t.rangeTanslations[key] + if !ok { + return unknownTranslation, ErrUnknowTranslation + } + + rule := t.RangePluralRule(num1, digits1, num2, digits2) + + trans := tarr[rule] + + b := make([]byte, 0, 64) + b = append(b, trans.text[:trans.indexes[0]]...) + b = append(b, param1...) + b = append(b, trans.text[trans.indexes[1]:trans.indexes[2]]...) + b = append(b, param2...) + b = append(b, trans.text[trans.indexes[3]:]...) + + return string(b), nil +} + +// VerifyTranslations checks to ensures that no plural rules have been +// missed within the translations. +func (t *translator) VerifyTranslations() error { + + for k, v := range t.cardinalTanslations { + + for _, rule := range t.PluralsCardinal() { + + if v[rule] == nil { + return &ErrMissingPluralTranslation{locale: t.Locale(), translationType: "plural", rule: rule, key: k} + } + } + } + + for k, v := range t.ordinalTanslations { + + for _, rule := range t.PluralsOrdinal() { + + if v[rule] == nil { + return &ErrMissingPluralTranslation{locale: t.Locale(), translationType: "ordinal", rule: rule, key: k} + } + } + } + + for k, v := range t.rangeTanslations { + + for _, rule := range t.PluralsRange() { + + if v[rule] == nil { + return &ErrMissingPluralTranslation{locale: t.Locale(), translationType: "range", rule: rule, key: k} + } + } + } + + return nil +} diff --git a/vendor/github.com/go-playground/universal-translator/universal_translator.go b/vendor/github.com/go-playground/universal-translator/universal_translator.go new file mode 100644 index 0000000000..dbf707f5c7 --- /dev/null +++ b/vendor/github.com/go-playground/universal-translator/universal_translator.go @@ -0,0 +1,113 @@ +package ut + +import ( + "strings" + + "github.com/go-playground/locales" +) + +// UniversalTranslator holds all locale & translation data +type UniversalTranslator struct { + translators map[string]Translator + fallback Translator +} + +// New returns a new UniversalTranslator instance set with +// the fallback locale and locales it should support +func New(fallback locales.Translator, supportedLocales ...locales.Translator) *UniversalTranslator { + + t := &UniversalTranslator{ + translators: make(map[string]Translator), + } + + for _, v := range supportedLocales { + + trans := newTranslator(v) + t.translators[strings.ToLower(trans.Locale())] = trans + + if fallback.Locale() == v.Locale() { + t.fallback = trans + } + } + + if t.fallback == nil && fallback != nil { + t.fallback = newTranslator(fallback) + } + + return t +} + +// FindTranslator trys to find a Translator based on an array of locales +// and returns the first one it can find, otherwise returns the +// fallback translator. +func (t *UniversalTranslator) FindTranslator(locales ...string) (trans Translator, found bool) { + + for _, locale := range locales { + + if trans, found = t.translators[strings.ToLower(locale)]; found { + return + } + } + + return t.fallback, false +} + +// GetTranslator returns the specified translator for the given locale, +// or fallback if not found +func (t *UniversalTranslator) GetTranslator(locale string) (trans Translator, found bool) { + + if trans, found = t.translators[strings.ToLower(locale)]; found { + return + } + + return t.fallback, false +} + +// GetFallback returns the fallback locale +func (t *UniversalTranslator) GetFallback() Translator { + return t.fallback +} + +// AddTranslator adds the supplied translator, if it already exists the override param +// will be checked and if false an error will be returned, otherwise the translator will be +// overridden; if the fallback matches the supplied translator it will be overridden as well +// NOTE: this is normally only used when translator is embedded within a library +func (t *UniversalTranslator) AddTranslator(translator locales.Translator, override bool) error { + + lc := strings.ToLower(translator.Locale()) + _, ok := t.translators[lc] + if ok && !override { + return &ErrExistingTranslator{locale: translator.Locale()} + } + + trans := newTranslator(translator) + + if t.fallback.Locale() == translator.Locale() { + + // because it's optional to have a fallback, I don't impose that limitation + // don't know why you wouldn't but... + if !override { + return &ErrExistingTranslator{locale: translator.Locale()} + } + + t.fallback = trans + } + + t.translators[lc] = trans + + return nil +} + +// VerifyTranslations runs through all locales and identifies any issues +// eg. missing plural rules for a locale +func (t *UniversalTranslator) VerifyTranslations() (err error) { + + for _, trans := range t.translators { + err = trans.VerifyTranslations() + if err != nil { + return + } + } + + return +} diff --git a/vendor/github.com/go-playground/validator/v10/.gitignore b/vendor/github.com/go-playground/validator/v10/.gitignore new file mode 100644 index 0000000000..6305e52900 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/.gitignore @@ -0,0 +1,32 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test +bin + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof +*.test +*.out +*.txt +/**/*.DS_Store +cover.html +README.html +.idea diff --git a/vendor/github.com/go-playground/validator/v10/LICENSE b/vendor/github.com/go-playground/validator/v10/LICENSE new file mode 100644 index 0000000000..6a2ae9aa4d --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 Dean Karn + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/vendor/github.com/go-playground/validator/v10/MAINTAINERS.md b/vendor/github.com/go-playground/validator/v10/MAINTAINERS.md new file mode 100644 index 0000000000..b809c4ce12 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/MAINTAINERS.md @@ -0,0 +1,16 @@ +## Maintainers Guide + +### Semantic Versioning +Semantic versioning as defined [here](https://semver.org) must be strictly adhered to. + +### External Dependencies +Any new external dependencies MUST: +- Have a compatible LICENSE present. +- Be actively maintained. +- Be approved by @go-playground/admins + +### PR Merge Requirements +- Up-to-date branch. +- Passing tests and linting. +- CODEOWNERS approval. +- Tests that cover both the Happy and Unhappy paths. \ No newline at end of file diff --git a/vendor/github.com/go-playground/validator/v10/Makefile b/vendor/github.com/go-playground/validator/v10/Makefile new file mode 100644 index 0000000000..ec3455bd59 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/Makefile @@ -0,0 +1,18 @@ +GOCMD=GO111MODULE=on go + +linters-install: + @golangci-lint --version >/dev/null 2>&1 || { \ + echo "installing linting tools..."; \ + curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s v1.41.1; \ + } + +lint: linters-install + golangci-lint run + +test: + $(GOCMD) test -cover -race ./... + +bench: + $(GOCMD) test -bench=. -benchmem ./... + +.PHONY: test lint linters-install \ No newline at end of file diff --git a/vendor/github.com/go-playground/validator/v10/README.md b/vendor/github.com/go-playground/validator/v10/README.md new file mode 100644 index 0000000000..931b3414a8 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/README.md @@ -0,0 +1,349 @@ +Package validator +================= +[![Join the chat at https://gitter.im/go-playground/validator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-playground/validator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +![Project status](https://img.shields.io/badge/version-10.14.0-green.svg) +[![Build Status](https://travis-ci.org/go-playground/validator.svg?branch=master)](https://travis-ci.org/go-playground/validator) +[![Coverage Status](https://coveralls.io/repos/go-playground/validator/badge.svg?branch=master&service=github)](https://coveralls.io/github/go-playground/validator?branch=master) +[![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/validator)](https://goreportcard.com/report/github.com/go-playground/validator) +[![GoDoc](https://godoc.org/github.com/go-playground/validator?status.svg)](https://pkg.go.dev/github.com/go-playground/validator/v10) +![License](https://img.shields.io/dub/l/vibe-d.svg) + +Package validator implements value validations for structs and individual fields based on tags. + +It has the following **unique** features: + +- Cross Field and Cross Struct validations by using validation tags or custom validators. +- Slice, Array and Map diving, which allows any or all levels of a multidimensional field to be validated. +- Ability to dive into both map keys and values for validation +- Handles type interface by determining it's underlying type prior to validation. +- Handles custom field types such as sql driver Valuer see [Valuer](https://golang.org/src/database/sql/driver/types.go?s=1210:1293#L29) +- Alias validation tags, which allows for mapping of several validations to a single tag for easier defining of validations on structs +- Extraction of custom defined Field Name e.g. can specify to extract the JSON name while validating and have it available in the resulting FieldError +- Customizable i18n aware error messages. +- Default validator for the [gin](https://github.com/gin-gonic/gin) web framework; upgrading from v8 to v9 in gin see [here](https://github.com/go-playground/validator/tree/master/_examples/gin-upgrading-overriding) + +Installation +------------ + +Use go get. + + go get github.com/go-playground/validator/v10 + +Then import the validator package into your own code. + + import "github.com/go-playground/validator/v10" + +Error Return Value +------- + +Validation functions return type error + +They return type error to avoid the issue discussed in the following, where err is always != nil: + +* http://stackoverflow.com/a/29138676/3158232 +* https://github.com/go-playground/validator/issues/134 + +Validator returns only InvalidValidationError for bad validation input, nil or ValidationErrors as type error; so, in your code all you need to do is check if the error returned is not nil, and if it's not check if error is InvalidValidationError ( if necessary, most of the time it isn't ) type cast it to type ValidationErrors like so: + +```go +err := validate.Struct(mystruct) +validationErrors := err.(validator.ValidationErrors) + ``` + +Usage and documentation +------ + +Please see https://pkg.go.dev/github.com/go-playground/validator/v10 for detailed usage docs. + +##### Examples: + +- [Simple](https://github.com/go-playground/validator/blob/master/_examples/simple/main.go) +- [Custom Field Types](https://github.com/go-playground/validator/blob/master/_examples/custom/main.go) +- [Struct Level](https://github.com/go-playground/validator/blob/master/_examples/struct-level/main.go) +- [Translations & Custom Errors](https://github.com/go-playground/validator/blob/master/_examples/translations/main.go) +- [Gin upgrade and/or override validator](https://github.com/go-playground/validator/tree/v9/_examples/gin-upgrading-overriding) +- [wash - an example application putting it all together](https://github.com/bluesuncorp/wash) + +Baked-in Validations +------ + +### Fields: + +| Tag | Description | +| - | - | +| eqcsfield | Field Equals Another Field (relative)| +| eqfield | Field Equals Another Field | +| fieldcontains | Check the indicated characters are present in the Field | +| fieldexcludes | Check the indicated characters are not present in the field | +| gtcsfield | Field Greater Than Another Relative Field | +| gtecsfield | Field Greater Than or Equal To Another Relative Field | +| gtefield | Field Greater Than or Equal To Another Field | +| gtfield | Field Greater Than Another Field | +| ltcsfield | Less Than Another Relative Field | +| ltecsfield | Less Than or Equal To Another Relative Field | +| ltefield | Less Than or Equal To Another Field | +| ltfield | Less Than Another Field | +| necsfield | Field Does Not Equal Another Field (relative) | +| nefield | Field Does Not Equal Another Field | + +### Network: + +| Tag | Description | +| - | - | +| cidr | Classless Inter-Domain Routing CIDR | +| cidrv4 | Classless Inter-Domain Routing CIDRv4 | +| cidrv6 | Classless Inter-Domain Routing CIDRv6 | +| datauri | Data URL | +| fqdn | Full Qualified Domain Name (FQDN) | +| hostname | Hostname RFC 952 | +| hostname_port | HostPort | +| hostname_rfc1123 | Hostname RFC 1123 | +| ip | Internet Protocol Address IP | +| ip4_addr | Internet Protocol Address IPv4 | +| ip6_addr | Internet Protocol Address IPv6 | +| ip_addr | Internet Protocol Address IP | +| ipv4 | Internet Protocol Address IPv4 | +| ipv6 | Internet Protocol Address IPv6 | +| mac | Media Access Control Address MAC | +| tcp4_addr | Transmission Control Protocol Address TCPv4 | +| tcp6_addr | Transmission Control Protocol Address TCPv6 | +| tcp_addr | Transmission Control Protocol Address TCP | +| udp4_addr | User Datagram Protocol Address UDPv4 | +| udp6_addr | User Datagram Protocol Address UDPv6 | +| udp_addr | User Datagram Protocol Address UDP | +| unix_addr | Unix domain socket end point Address | +| uri | URI String | +| url | URL String | +| http_url | HTTP URL String | +| url_encoded | URL Encoded | +| urn_rfc2141 | Urn RFC 2141 String | + +### Strings: + +| Tag | Description | +| - | - | +| alpha | Alpha Only | +| alphanum | Alphanumeric | +| alphanumunicode | Alphanumeric Unicode | +| alphaunicode | Alpha Unicode | +| ascii | ASCII | +| boolean | Boolean | +| contains | Contains | +| containsany | Contains Any | +| containsrune | Contains Rune | +| endsnotwith | Ends Not With | +| endswith | Ends With | +| excludes | Excludes | +| excludesall | Excludes All | +| excludesrune | Excludes Rune | +| lowercase | Lowercase | +| multibyte | Multi-Byte Characters | +| number | Number | +| numeric | Numeric | +| printascii | Printable ASCII | +| startsnotwith | Starts Not With | +| startswith | Starts With | +| uppercase | Uppercase | + +### Format: +| Tag | Description | +| - | - | +| base64 | Base64 String | +| base64url | Base64URL String | +| base64rawurl | Base64RawURL String | +| bic | Business Identifier Code (ISO 9362) | +| bcp47_language_tag | Language tag (BCP 47) | +| btc_addr | Bitcoin Address | +| btc_addr_bech32 | Bitcoin Bech32 Address (segwit) | +| credit_card | Credit Card Number | +| mongodb | MongoDB ObjectID | +| cron | Cron | +| datetime | Datetime | +| e164 | e164 formatted phone number | +| email | E-mail String +| eth_addr | Ethereum Address | +| hexadecimal | Hexadecimal String | +| hexcolor | Hexcolor String | +| hsl | HSL String | +| hsla | HSLA String | +| html | HTML Tags | +| html_encoded | HTML Encoded | +| isbn | International Standard Book Number | +| isbn10 | International Standard Book Number 10 | +| isbn13 | International Standard Book Number 13 | +| iso3166_1_alpha2 | Two-letter country code (ISO 3166-1 alpha-2) | +| iso3166_1_alpha3 | Three-letter country code (ISO 3166-1 alpha-3) | +| iso3166_1_alpha_numeric | Numeric country code (ISO 3166-1 numeric) | +| iso3166_2 | Country subdivision code (ISO 3166-2) | +| iso4217 | Currency code (ISO 4217) | +| json | JSON | +| jwt | JSON Web Token (JWT) | +| latitude | Latitude | +| longitude | Longitude | +| luhn_checksum | Luhn Algorithm Checksum (for strings and (u)int) | +| postcode_iso3166_alpha2 | Postcode | +| postcode_iso3166_alpha2_field | Postcode | +| rgb | RGB String | +| rgba | RGBA String | +| ssn | Social Security Number SSN | +| timezone | Timezone | +| uuid | Universally Unique Identifier UUID | +| uuid3 | Universally Unique Identifier UUID v3 | +| uuid3_rfc4122 | Universally Unique Identifier UUID v3 RFC4122 | +| uuid4 | Universally Unique Identifier UUID v4 | +| uuid4_rfc4122 | Universally Unique Identifier UUID v4 RFC4122 | +| uuid5 | Universally Unique Identifier UUID v5 | +| uuid5_rfc4122 | Universally Unique Identifier UUID v5 RFC4122 | +| uuid_rfc4122 | Universally Unique Identifier UUID RFC4122 | +| md4 | MD4 hash | +| md5 | MD5 hash | +| sha256 | SHA256 hash | +| sha384 | SHA384 hash | +| sha512 | SHA512 hash | +| ripemd128 | RIPEMD-128 hash | +| ripemd128 | RIPEMD-160 hash | +| tiger128 | TIGER128 hash | +| tiger160 | TIGER160 hash | +| tiger192 | TIGER192 hash | +| semver | Semantic Versioning 2.0.0 | +| ulid | Universally Unique Lexicographically Sortable Identifier ULID | +| cve | Common Vulnerabilities and Exposures Identifier (CVE id) | + +### Comparisons: +| Tag | Description | +| - | - | +| eq | Equals | +| eq_ignore_case | Equals ignoring case | +| gt | Greater than| +| gte | Greater than or equal | +| lt | Less Than | +| lte | Less Than or Equal | +| ne | Not Equal | +| ne_ignore_case | Not Equal ignoring case | + +### Other: +| Tag | Description | +| - | - | +| dir | Existing Directory | +| dirpath | Directory Path | +| file | Existing File | +| filepath | File Path | +| image | Image | +| isdefault | Is Default | +| len | Length | +| max | Maximum | +| min | Minimum | +| oneof | One Of | +| required | Required | +| required_if | Required If | +| required_unless | Required Unless | +| required_with | Required With | +| required_with_all | Required With All | +| required_without | Required Without | +| required_without_all | Required Without All | +| excluded_if | Excluded If | +| excluded_unless | Excluded Unless | +| excluded_with | Excluded With | +| excluded_with_all | Excluded With All | +| excluded_without | Excluded Without | +| excluded_without_all | Excluded Without All | +| unique | Unique | + +#### Aliases: +| Tag | Description | +| - | - | +| iscolor | hexcolor\|rgb\|rgba\|hsl\|hsla | +| country_code | iso3166_1_alpha2\|iso3166_1_alpha3\|iso3166_1_alpha_numeric | + +Benchmarks +------ +###### Run on MacBook Pro (15-inch, 2017) go version go1.10.2 darwin/amd64 +```go +goos: darwin +goarch: amd64 +pkg: github.com/go-playground/validator +BenchmarkFieldSuccess-8 20000000 83.6 ns/op 0 B/op 0 allocs/op +BenchmarkFieldSuccessParallel-8 50000000 26.8 ns/op 0 B/op 0 allocs/op +BenchmarkFieldFailure-8 5000000 291 ns/op 208 B/op 4 allocs/op +BenchmarkFieldFailureParallel-8 20000000 107 ns/op 208 B/op 4 allocs/op +BenchmarkFieldArrayDiveSuccess-8 2000000 623 ns/op 201 B/op 11 allocs/op +BenchmarkFieldArrayDiveSuccessParallel-8 10000000 237 ns/op 201 B/op 11 allocs/op +BenchmarkFieldArrayDiveFailure-8 2000000 859 ns/op 412 B/op 16 allocs/op +BenchmarkFieldArrayDiveFailureParallel-8 5000000 335 ns/op 413 B/op 16 allocs/op +BenchmarkFieldMapDiveSuccess-8 1000000 1292 ns/op 432 B/op 18 allocs/op +BenchmarkFieldMapDiveSuccessParallel-8 3000000 467 ns/op 432 B/op 18 allocs/op +BenchmarkFieldMapDiveFailure-8 1000000 1082 ns/op 512 B/op 16 allocs/op +BenchmarkFieldMapDiveFailureParallel-8 5000000 425 ns/op 512 B/op 16 allocs/op +BenchmarkFieldMapDiveWithKeysSuccess-8 1000000 1539 ns/op 480 B/op 21 allocs/op +BenchmarkFieldMapDiveWithKeysSuccessParallel-8 3000000 613 ns/op 480 B/op 21 allocs/op +BenchmarkFieldMapDiveWithKeysFailure-8 1000000 1413 ns/op 721 B/op 21 allocs/op +BenchmarkFieldMapDiveWithKeysFailureParallel-8 3000000 575 ns/op 721 B/op 21 allocs/op +BenchmarkFieldCustomTypeSuccess-8 10000000 216 ns/op 32 B/op 2 allocs/op +BenchmarkFieldCustomTypeSuccessParallel-8 20000000 82.2 ns/op 32 B/op 2 allocs/op +BenchmarkFieldCustomTypeFailure-8 5000000 274 ns/op 208 B/op 4 allocs/op +BenchmarkFieldCustomTypeFailureParallel-8 20000000 116 ns/op 208 B/op 4 allocs/op +BenchmarkFieldOrTagSuccess-8 2000000 740 ns/op 16 B/op 1 allocs/op +BenchmarkFieldOrTagSuccessParallel-8 3000000 474 ns/op 16 B/op 1 allocs/op +BenchmarkFieldOrTagFailure-8 3000000 471 ns/op 224 B/op 5 allocs/op +BenchmarkFieldOrTagFailureParallel-8 3000000 414 ns/op 224 B/op 5 allocs/op +BenchmarkStructLevelValidationSuccess-8 10000000 213 ns/op 32 B/op 2 allocs/op +BenchmarkStructLevelValidationSuccessParallel-8 20000000 91.8 ns/op 32 B/op 2 allocs/op +BenchmarkStructLevelValidationFailure-8 3000000 473 ns/op 304 B/op 8 allocs/op +BenchmarkStructLevelValidationFailureParallel-8 10000000 234 ns/op 304 B/op 8 allocs/op +BenchmarkStructSimpleCustomTypeSuccess-8 5000000 385 ns/op 32 B/op 2 allocs/op +BenchmarkStructSimpleCustomTypeSuccessParallel-8 10000000 161 ns/op 32 B/op 2 allocs/op +BenchmarkStructSimpleCustomTypeFailure-8 2000000 640 ns/op 424 B/op 9 allocs/op +BenchmarkStructSimpleCustomTypeFailureParallel-8 5000000 318 ns/op 440 B/op 10 allocs/op +BenchmarkStructFilteredSuccess-8 2000000 597 ns/op 288 B/op 9 allocs/op +BenchmarkStructFilteredSuccessParallel-8 10000000 266 ns/op 288 B/op 9 allocs/op +BenchmarkStructFilteredFailure-8 3000000 454 ns/op 256 B/op 7 allocs/op +BenchmarkStructFilteredFailureParallel-8 10000000 214 ns/op 256 B/op 7 allocs/op +BenchmarkStructPartialSuccess-8 3000000 502 ns/op 256 B/op 6 allocs/op +BenchmarkStructPartialSuccessParallel-8 10000000 225 ns/op 256 B/op 6 allocs/op +BenchmarkStructPartialFailure-8 2000000 702 ns/op 480 B/op 11 allocs/op +BenchmarkStructPartialFailureParallel-8 5000000 329 ns/op 480 B/op 11 allocs/op +BenchmarkStructExceptSuccess-8 2000000 793 ns/op 496 B/op 12 allocs/op +BenchmarkStructExceptSuccessParallel-8 10000000 193 ns/op 240 B/op 5 allocs/op +BenchmarkStructExceptFailure-8 2000000 639 ns/op 464 B/op 10 allocs/op +BenchmarkStructExceptFailureParallel-8 5000000 300 ns/op 464 B/op 10 allocs/op +BenchmarkStructSimpleCrossFieldSuccess-8 3000000 417 ns/op 72 B/op 3 allocs/op +BenchmarkStructSimpleCrossFieldSuccessParallel-8 10000000 163 ns/op 72 B/op 3 allocs/op +BenchmarkStructSimpleCrossFieldFailure-8 2000000 645 ns/op 304 B/op 8 allocs/op +BenchmarkStructSimpleCrossFieldFailureParallel-8 5000000 285 ns/op 304 B/op 8 allocs/op +BenchmarkStructSimpleCrossStructCrossFieldSuccess-8 3000000 588 ns/op 80 B/op 4 allocs/op +BenchmarkStructSimpleCrossStructCrossFieldSuccessParallel-8 10000000 221 ns/op 80 B/op 4 allocs/op +BenchmarkStructSimpleCrossStructCrossFieldFailure-8 2000000 868 ns/op 320 B/op 9 allocs/op +BenchmarkStructSimpleCrossStructCrossFieldFailureParallel-8 5000000 337 ns/op 320 B/op 9 allocs/op +BenchmarkStructSimpleSuccess-8 5000000 260 ns/op 0 B/op 0 allocs/op +BenchmarkStructSimpleSuccessParallel-8 20000000 90.6 ns/op 0 B/op 0 allocs/op +BenchmarkStructSimpleFailure-8 2000000 619 ns/op 424 B/op 9 allocs/op +BenchmarkStructSimpleFailureParallel-8 5000000 296 ns/op 424 B/op 9 allocs/op +BenchmarkStructComplexSuccess-8 1000000 1454 ns/op 128 B/op 8 allocs/op +BenchmarkStructComplexSuccessParallel-8 3000000 579 ns/op 128 B/op 8 allocs/op +BenchmarkStructComplexFailure-8 300000 4140 ns/op 3041 B/op 53 allocs/op +BenchmarkStructComplexFailureParallel-8 1000000 2127 ns/op 3041 B/op 53 allocs/op +BenchmarkOneof-8 10000000 140 ns/op 0 B/op 0 allocs/op +BenchmarkOneofParallel-8 20000000 70.1 ns/op 0 B/op 0 allocs/op +``` + +Complementary Software +---------------------- + +Here is a list of software that complements using this library either pre or post validation. + +* [form](https://github.com/go-playground/form) - Decodes url.Values into Go value(s) and Encodes Go value(s) into url.Values. Dual Array and Full map support. +* [mold](https://github.com/go-playground/mold) - A general library to help modify or set data within data structures and other objects + +How to Contribute +------ + +Make a pull request... + +License +------- +Distributed under MIT License, please see license file within the code for more details. + +Maintainers +----------- +This project has grown large enough that more than one person is required to properly support the community. +If you are interested in becoming a maintainer please reach out to me https://github.com/deankarn diff --git a/vendor/github.com/go-playground/validator/v10/baked_in.go b/vendor/github.com/go-playground/validator/v10/baked_in.go new file mode 100644 index 0000000000..8e6b169cb3 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/baked_in.go @@ -0,0 +1,2848 @@ +package validator + +import ( + "bytes" + "context" + "crypto/sha256" + "encoding/hex" + "encoding/json" + "fmt" + "io/fs" + "net" + "net/url" + "os" + "reflect" + "strconv" + "strings" + "sync" + "syscall" + "time" + "unicode/utf8" + + "golang.org/x/crypto/sha3" + "golang.org/x/text/language" + + "github.com/gabriel-vasile/mimetype" + "github.com/leodido/go-urn" +) + +// Func accepts a FieldLevel interface for all validation needs. The return +// value should be true when validation succeeds. +type Func func(fl FieldLevel) bool + +// FuncCtx accepts a context.Context and FieldLevel interface for all +// validation needs. The return value should be true when validation succeeds. +type FuncCtx func(ctx context.Context, fl FieldLevel) bool + +// wrapFunc wraps normal Func makes it compatible with FuncCtx +func wrapFunc(fn Func) FuncCtx { + if fn == nil { + return nil // be sure not to wrap a bad function. + } + return func(ctx context.Context, fl FieldLevel) bool { + return fn(fl) + } +} + +var ( + restrictedTags = map[string]struct{}{ + diveTag: {}, + keysTag: {}, + endKeysTag: {}, + structOnlyTag: {}, + omitempty: {}, + skipValidationTag: {}, + utf8HexComma: {}, + utf8Pipe: {}, + noStructLevelTag: {}, + requiredTag: {}, + isdefault: {}, + } + + // bakedInAliases is a default mapping of a single validation tag that + // defines a common or complex set of validation(s) to simplify + // adding validation to structs. + bakedInAliases = map[string]string{ + "iscolor": "hexcolor|rgb|rgba|hsl|hsla", + "country_code": "iso3166_1_alpha2|iso3166_1_alpha3|iso3166_1_alpha_numeric", + } + + // bakedInValidators is the default map of ValidationFunc + // you can add, remove or even replace items to suite your needs, + // or even disregard and use your own map if so desired. + bakedInValidators = map[string]Func{ + "required": hasValue, + "required_if": requiredIf, + "required_unless": requiredUnless, + "skip_unless": skipUnless, + "required_with": requiredWith, + "required_with_all": requiredWithAll, + "required_without": requiredWithout, + "required_without_all": requiredWithoutAll, + "excluded_if": excludedIf, + "excluded_unless": excludedUnless, + "excluded_with": excludedWith, + "excluded_with_all": excludedWithAll, + "excluded_without": excludedWithout, + "excluded_without_all": excludedWithoutAll, + "isdefault": isDefault, + "len": hasLengthOf, + "min": hasMinOf, + "max": hasMaxOf, + "eq": isEq, + "eq_ignore_case": isEqIgnoreCase, + "ne": isNe, + "ne_ignore_case": isNeIgnoreCase, + "lt": isLt, + "lte": isLte, + "gt": isGt, + "gte": isGte, + "eqfield": isEqField, + "eqcsfield": isEqCrossStructField, + "necsfield": isNeCrossStructField, + "gtcsfield": isGtCrossStructField, + "gtecsfield": isGteCrossStructField, + "ltcsfield": isLtCrossStructField, + "ltecsfield": isLteCrossStructField, + "nefield": isNeField, + "gtefield": isGteField, + "gtfield": isGtField, + "ltefield": isLteField, + "ltfield": isLtField, + "fieldcontains": fieldContains, + "fieldexcludes": fieldExcludes, + "alpha": isAlpha, + "alphanum": isAlphanum, + "alphaunicode": isAlphaUnicode, + "alphanumunicode": isAlphanumUnicode, + "boolean": isBoolean, + "numeric": isNumeric, + "number": isNumber, + "hexadecimal": isHexadecimal, + "hexcolor": isHEXColor, + "rgb": isRGB, + "rgba": isRGBA, + "hsl": isHSL, + "hsla": isHSLA, + "e164": isE164, + "email": isEmail, + "url": isURL, + "http_url": isHttpURL, + "uri": isURI, + "urn_rfc2141": isUrnRFC2141, // RFC 2141 + "file": isFile, + "filepath": isFilePath, + "base64": isBase64, + "base64url": isBase64URL, + "base64rawurl": isBase64RawURL, + "contains": contains, + "containsany": containsAny, + "containsrune": containsRune, + "excludes": excludes, + "excludesall": excludesAll, + "excludesrune": excludesRune, + "startswith": startsWith, + "endswith": endsWith, + "startsnotwith": startsNotWith, + "endsnotwith": endsNotWith, + "image": isImage, + "isbn": isISBN, + "isbn10": isISBN10, + "isbn13": isISBN13, + "eth_addr": isEthereumAddress, + "eth_addr_checksum": isEthereumAddressChecksum, + "btc_addr": isBitcoinAddress, + "btc_addr_bech32": isBitcoinBech32Address, + "uuid": isUUID, + "uuid3": isUUID3, + "uuid4": isUUID4, + "uuid5": isUUID5, + "uuid_rfc4122": isUUIDRFC4122, + "uuid3_rfc4122": isUUID3RFC4122, + "uuid4_rfc4122": isUUID4RFC4122, + "uuid5_rfc4122": isUUID5RFC4122, + "ulid": isULID, + "md4": isMD4, + "md5": isMD5, + "sha256": isSHA256, + "sha384": isSHA384, + "sha512": isSHA512, + "ripemd128": isRIPEMD128, + "ripemd160": isRIPEMD160, + "tiger128": isTIGER128, + "tiger160": isTIGER160, + "tiger192": isTIGER192, + "ascii": isASCII, + "printascii": isPrintableASCII, + "multibyte": hasMultiByteCharacter, + "datauri": isDataURI, + "latitude": isLatitude, + "longitude": isLongitude, + "ssn": isSSN, + "ipv4": isIPv4, + "ipv6": isIPv6, + "ip": isIP, + "cidrv4": isCIDRv4, + "cidrv6": isCIDRv6, + "cidr": isCIDR, + "tcp4_addr": isTCP4AddrResolvable, + "tcp6_addr": isTCP6AddrResolvable, + "tcp_addr": isTCPAddrResolvable, + "udp4_addr": isUDP4AddrResolvable, + "udp6_addr": isUDP6AddrResolvable, + "udp_addr": isUDPAddrResolvable, + "ip4_addr": isIP4AddrResolvable, + "ip6_addr": isIP6AddrResolvable, + "ip_addr": isIPAddrResolvable, + "unix_addr": isUnixAddrResolvable, + "mac": isMAC, + "hostname": isHostnameRFC952, // RFC 952 + "hostname_rfc1123": isHostnameRFC1123, // RFC 1123 + "fqdn": isFQDN, + "unique": isUnique, + "oneof": isOneOf, + "html": isHTML, + "html_encoded": isHTMLEncoded, + "url_encoded": isURLEncoded, + "dir": isDir, + "dirpath": isDirPath, + "json": isJSON, + "jwt": isJWT, + "hostname_port": isHostnamePort, + "lowercase": isLowercase, + "uppercase": isUppercase, + "datetime": isDatetime, + "timezone": isTimeZone, + "iso3166_1_alpha2": isIso3166Alpha2, + "iso3166_1_alpha3": isIso3166Alpha3, + "iso3166_1_alpha_numeric": isIso3166AlphaNumeric, + "iso3166_2": isIso31662, + "iso4217": isIso4217, + "iso4217_numeric": isIso4217Numeric, + "bcp47_language_tag": isBCP47LanguageTag, + "postcode_iso3166_alpha2": isPostcodeByIso3166Alpha2, + "postcode_iso3166_alpha2_field": isPostcodeByIso3166Alpha2Field, + "bic": isIsoBicFormat, + "semver": isSemverFormat, + "dns_rfc1035_label": isDnsRFC1035LabelFormat, + "credit_card": isCreditCard, + "cve": isCveFormat, + "luhn_checksum": hasLuhnChecksum, + "mongodb": isMongoDB, + "cron": isCron, + } +) + +var ( + oneofValsCache = map[string][]string{} + oneofValsCacheRWLock = sync.RWMutex{} +) + +func parseOneOfParam2(s string) []string { + oneofValsCacheRWLock.RLock() + vals, ok := oneofValsCache[s] + oneofValsCacheRWLock.RUnlock() + if !ok { + oneofValsCacheRWLock.Lock() + vals = splitParamsRegex.FindAllString(s, -1) + for i := 0; i < len(vals); i++ { + vals[i] = strings.Replace(vals[i], "'", "", -1) + } + oneofValsCache[s] = vals + oneofValsCacheRWLock.Unlock() + } + return vals +} + +func isURLEncoded(fl FieldLevel) bool { + return uRLEncodedRegex.MatchString(fl.Field().String()) +} + +func isHTMLEncoded(fl FieldLevel) bool { + return hTMLEncodedRegex.MatchString(fl.Field().String()) +} + +func isHTML(fl FieldLevel) bool { + return hTMLRegex.MatchString(fl.Field().String()) +} + +func isOneOf(fl FieldLevel) bool { + vals := parseOneOfParam2(fl.Param()) + + field := fl.Field() + + var v string + switch field.Kind() { + case reflect.String: + v = field.String() + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + v = strconv.FormatInt(field.Int(), 10) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + v = strconv.FormatUint(field.Uint(), 10) + default: + panic(fmt.Sprintf("Bad field type %T", field.Interface())) + } + for i := 0; i < len(vals); i++ { + if vals[i] == v { + return true + } + } + return false +} + +// isUnique is the validation function for validating if each array|slice|map value is unique +func isUnique(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + v := reflect.ValueOf(struct{}{}) + + switch field.Kind() { + case reflect.Slice, reflect.Array: + elem := field.Type().Elem() + if elem.Kind() == reflect.Ptr { + elem = elem.Elem() + } + + if param == "" { + m := reflect.MakeMap(reflect.MapOf(elem, v.Type())) + + for i := 0; i < field.Len(); i++ { + m.SetMapIndex(reflect.Indirect(field.Index(i)), v) + } + return field.Len() == m.Len() + } + + sf, ok := elem.FieldByName(param) + if !ok { + panic(fmt.Sprintf("Bad field name %s", param)) + } + + sfTyp := sf.Type + if sfTyp.Kind() == reflect.Ptr { + sfTyp = sfTyp.Elem() + } + + m := reflect.MakeMap(reflect.MapOf(sfTyp, v.Type())) + var fieldlen int + for i := 0; i < field.Len(); i++ { + key := reflect.Indirect(reflect.Indirect(field.Index(i)).FieldByName(param)) + if key.IsValid() { + fieldlen++ + m.SetMapIndex(key, v) + } + } + return fieldlen == m.Len() + case reflect.Map: + var m reflect.Value + if field.Type().Elem().Kind() == reflect.Ptr { + m = reflect.MakeMap(reflect.MapOf(field.Type().Elem().Elem(), v.Type())) + } else { + m = reflect.MakeMap(reflect.MapOf(field.Type().Elem(), v.Type())) + } + + for _, k := range field.MapKeys() { + m.SetMapIndex(reflect.Indirect(field.MapIndex(k)), v) + } + + return field.Len() == m.Len() + default: + if parent := fl.Parent(); parent.Kind() == reflect.Struct { + uniqueField := parent.FieldByName(param) + if uniqueField == reflect.ValueOf(nil) { + panic(fmt.Sprintf("Bad field name provided %s", param)) + } + + if uniqueField.Kind() != field.Kind() { + panic(fmt.Sprintf("Bad field type %T:%T", field.Interface(), uniqueField.Interface())) + } + + return field.Interface() != uniqueField.Interface() + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) + } +} + +// isMAC is the validation function for validating if the field's value is a valid MAC address. +func isMAC(fl FieldLevel) bool { + _, err := net.ParseMAC(fl.Field().String()) + + return err == nil +} + +// isCIDRv4 is the validation function for validating if the field's value is a valid v4 CIDR address. +func isCIDRv4(fl FieldLevel) bool { + ip, _, err := net.ParseCIDR(fl.Field().String()) + + return err == nil && ip.To4() != nil +} + +// isCIDRv6 is the validation function for validating if the field's value is a valid v6 CIDR address. +func isCIDRv6(fl FieldLevel) bool { + ip, _, err := net.ParseCIDR(fl.Field().String()) + + return err == nil && ip.To4() == nil +} + +// isCIDR is the validation function for validating if the field's value is a valid v4 or v6 CIDR address. +func isCIDR(fl FieldLevel) bool { + _, _, err := net.ParseCIDR(fl.Field().String()) + + return err == nil +} + +// isIPv4 is the validation function for validating if a value is a valid v4 IP address. +func isIPv4(fl FieldLevel) bool { + ip := net.ParseIP(fl.Field().String()) + + return ip != nil && ip.To4() != nil +} + +// isIPv6 is the validation function for validating if the field's value is a valid v6 IP address. +func isIPv6(fl FieldLevel) bool { + ip := net.ParseIP(fl.Field().String()) + + return ip != nil && ip.To4() == nil +} + +// isIP is the validation function for validating if the field's value is a valid v4 or v6 IP address. +func isIP(fl FieldLevel) bool { + ip := net.ParseIP(fl.Field().String()) + + return ip != nil +} + +// isSSN is the validation function for validating if the field's value is a valid SSN. +func isSSN(fl FieldLevel) bool { + field := fl.Field() + + if field.Len() != 11 { + return false + } + + return sSNRegex.MatchString(field.String()) +} + +// isLongitude is the validation function for validating if the field's value is a valid longitude coordinate. +func isLongitude(fl FieldLevel) bool { + field := fl.Field() + + var v string + switch field.Kind() { + case reflect.String: + v = field.String() + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + v = strconv.FormatInt(field.Int(), 10) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + v = strconv.FormatUint(field.Uint(), 10) + case reflect.Float32: + v = strconv.FormatFloat(field.Float(), 'f', -1, 32) + case reflect.Float64: + v = strconv.FormatFloat(field.Float(), 'f', -1, 64) + default: + panic(fmt.Sprintf("Bad field type %T", field.Interface())) + } + + return longitudeRegex.MatchString(v) +} + +// isLatitude is the validation function for validating if the field's value is a valid latitude coordinate. +func isLatitude(fl FieldLevel) bool { + field := fl.Field() + + var v string + switch field.Kind() { + case reflect.String: + v = field.String() + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + v = strconv.FormatInt(field.Int(), 10) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + v = strconv.FormatUint(field.Uint(), 10) + case reflect.Float32: + v = strconv.FormatFloat(field.Float(), 'f', -1, 32) + case reflect.Float64: + v = strconv.FormatFloat(field.Float(), 'f', -1, 64) + default: + panic(fmt.Sprintf("Bad field type %T", field.Interface())) + } + + return latitudeRegex.MatchString(v) +} + +// isDataURI is the validation function for validating if the field's value is a valid data URI. +func isDataURI(fl FieldLevel) bool { + uri := strings.SplitN(fl.Field().String(), ",", 2) + + if len(uri) != 2 { + return false + } + + if !dataURIRegex.MatchString(uri[0]) { + return false + } + + return base64Regex.MatchString(uri[1]) +} + +// hasMultiByteCharacter is the validation function for validating if the field's value has a multi byte character. +func hasMultiByteCharacter(fl FieldLevel) bool { + field := fl.Field() + + if field.Len() == 0 { + return true + } + + return multibyteRegex.MatchString(field.String()) +} + +// isPrintableASCII is the validation function for validating if the field's value is a valid printable ASCII character. +func isPrintableASCII(fl FieldLevel) bool { + return printableASCIIRegex.MatchString(fl.Field().String()) +} + +// isASCII is the validation function for validating if the field's value is a valid ASCII character. +func isASCII(fl FieldLevel) bool { + return aSCIIRegex.MatchString(fl.Field().String()) +} + +// isUUID5 is the validation function for validating if the field's value is a valid v5 UUID. +func isUUID5(fl FieldLevel) bool { + return uUID5Regex.MatchString(fl.Field().String()) +} + +// isUUID4 is the validation function for validating if the field's value is a valid v4 UUID. +func isUUID4(fl FieldLevel) bool { + return uUID4Regex.MatchString(fl.Field().String()) +} + +// isUUID3 is the validation function for validating if the field's value is a valid v3 UUID. +func isUUID3(fl FieldLevel) bool { + return uUID3Regex.MatchString(fl.Field().String()) +} + +// isUUID is the validation function for validating if the field's value is a valid UUID of any version. +func isUUID(fl FieldLevel) bool { + return uUIDRegex.MatchString(fl.Field().String()) +} + +// isUUID5RFC4122 is the validation function for validating if the field's value is a valid RFC4122 v5 UUID. +func isUUID5RFC4122(fl FieldLevel) bool { + return uUID5RFC4122Regex.MatchString(fl.Field().String()) +} + +// isUUID4RFC4122 is the validation function for validating if the field's value is a valid RFC4122 v4 UUID. +func isUUID4RFC4122(fl FieldLevel) bool { + return uUID4RFC4122Regex.MatchString(fl.Field().String()) +} + +// isUUID3RFC4122 is the validation function for validating if the field's value is a valid RFC4122 v3 UUID. +func isUUID3RFC4122(fl FieldLevel) bool { + return uUID3RFC4122Regex.MatchString(fl.Field().String()) +} + +// isUUIDRFC4122 is the validation function for validating if the field's value is a valid RFC4122 UUID of any version. +func isUUIDRFC4122(fl FieldLevel) bool { + return uUIDRFC4122Regex.MatchString(fl.Field().String()) +} + +// isULID is the validation function for validating if the field's value is a valid ULID. +func isULID(fl FieldLevel) bool { + return uLIDRegex.MatchString(fl.Field().String()) +} + +// isMD4 is the validation function for validating if the field's value is a valid MD4. +func isMD4(fl FieldLevel) bool { + return md4Regex.MatchString(fl.Field().String()) +} + +// isMD5 is the validation function for validating if the field's value is a valid MD5. +func isMD5(fl FieldLevel) bool { + return md5Regex.MatchString(fl.Field().String()) +} + +// isSHA256 is the validation function for validating if the field's value is a valid SHA256. +func isSHA256(fl FieldLevel) bool { + return sha256Regex.MatchString(fl.Field().String()) +} + +// isSHA384 is the validation function for validating if the field's value is a valid SHA384. +func isSHA384(fl FieldLevel) bool { + return sha384Regex.MatchString(fl.Field().String()) +} + +// isSHA512 is the validation function for validating if the field's value is a valid SHA512. +func isSHA512(fl FieldLevel) bool { + return sha512Regex.MatchString(fl.Field().String()) +} + +// isRIPEMD128 is the validation function for validating if the field's value is a valid PIPEMD128. +func isRIPEMD128(fl FieldLevel) bool { + return ripemd128Regex.MatchString(fl.Field().String()) +} + +// isRIPEMD160 is the validation function for validating if the field's value is a valid PIPEMD160. +func isRIPEMD160(fl FieldLevel) bool { + return ripemd160Regex.MatchString(fl.Field().String()) +} + +// isTIGER128 is the validation function for validating if the field's value is a valid TIGER128. +func isTIGER128(fl FieldLevel) bool { + return tiger128Regex.MatchString(fl.Field().String()) +} + +// isTIGER160 is the validation function for validating if the field's value is a valid TIGER160. +func isTIGER160(fl FieldLevel) bool { + return tiger160Regex.MatchString(fl.Field().String()) +} + +// isTIGER192 is the validation function for validating if the field's value is a valid isTIGER192. +func isTIGER192(fl FieldLevel) bool { + return tiger192Regex.MatchString(fl.Field().String()) +} + +// isISBN is the validation function for validating if the field's value is a valid v10 or v13 ISBN. +func isISBN(fl FieldLevel) bool { + return isISBN10(fl) || isISBN13(fl) +} + +// isISBN13 is the validation function for validating if the field's value is a valid v13 ISBN. +func isISBN13(fl FieldLevel) bool { + s := strings.Replace(strings.Replace(fl.Field().String(), "-", "", 4), " ", "", 4) + + if !iSBN13Regex.MatchString(s) { + return false + } + + var checksum int32 + var i int32 + + factor := []int32{1, 3} + + for i = 0; i < 12; i++ { + checksum += factor[i%2] * int32(s[i]-'0') + } + + return (int32(s[12]-'0'))-((10-(checksum%10))%10) == 0 +} + +// isISBN10 is the validation function for validating if the field's value is a valid v10 ISBN. +func isISBN10(fl FieldLevel) bool { + s := strings.Replace(strings.Replace(fl.Field().String(), "-", "", 3), " ", "", 3) + + if !iSBN10Regex.MatchString(s) { + return false + } + + var checksum int32 + var i int32 + + for i = 0; i < 9; i++ { + checksum += (i + 1) * int32(s[i]-'0') + } + + if s[9] == 'X' { + checksum += 10 * 10 + } else { + checksum += 10 * int32(s[9]-'0') + } + + return checksum%11 == 0 +} + +// isEthereumAddress is the validation function for validating if the field's value is a valid Ethereum address. +func isEthereumAddress(fl FieldLevel) bool { + address := fl.Field().String() + + return ethAddressRegex.MatchString(address) +} + +// isEthereumAddressChecksum is the validation function for validating if the field's value is a valid checksumed Ethereum address. +func isEthereumAddressChecksum(fl FieldLevel) bool { + address := fl.Field().String() + + if !ethAddressRegex.MatchString(address) { + return false + } + // Checksum validation. Reference: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md + address = address[2:] // Skip "0x" prefix. + h := sha3.NewLegacyKeccak256() + // hash.Hash's io.Writer implementation says it never returns an error. https://golang.org/pkg/hash/#Hash + _, _ = h.Write([]byte(strings.ToLower(address))) + hash := hex.EncodeToString(h.Sum(nil)) + + for i := 0; i < len(address); i++ { + if address[i] <= '9' { // Skip 0-9 digits: they don't have upper/lower-case. + continue + } + if hash[i] > '7' && address[i] >= 'a' || hash[i] <= '7' && address[i] <= 'F' { + return false + } + } + + return true +} + +// isBitcoinAddress is the validation function for validating if the field's value is a valid btc address +func isBitcoinAddress(fl FieldLevel) bool { + address := fl.Field().String() + + if !btcAddressRegex.MatchString(address) { + return false + } + + alphabet := []byte("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz") + + decode := [25]byte{} + + for _, n := range []byte(address) { + d := bytes.IndexByte(alphabet, n) + + for i := 24; i >= 0; i-- { + d += 58 * int(decode[i]) + decode[i] = byte(d % 256) + d /= 256 + } + } + + h := sha256.New() + _, _ = h.Write(decode[:21]) + d := h.Sum([]byte{}) + h = sha256.New() + _, _ = h.Write(d) + + validchecksum := [4]byte{} + computedchecksum := [4]byte{} + + copy(computedchecksum[:], h.Sum(d[:0])) + copy(validchecksum[:], decode[21:]) + + return validchecksum == computedchecksum +} + +// isBitcoinBech32Address is the validation function for validating if the field's value is a valid bech32 btc address +func isBitcoinBech32Address(fl FieldLevel) bool { + address := fl.Field().String() + + if !btcLowerAddressRegexBech32.MatchString(address) && !btcUpperAddressRegexBech32.MatchString(address) { + return false + } + + am := len(address) % 8 + + if am == 0 || am == 3 || am == 5 { + return false + } + + address = strings.ToLower(address) + + alphabet := "qpzry9x8gf2tvdw0s3jn54khce6mua7l" + + hr := []int{3, 3, 0, 2, 3} // the human readable part will always be bc + addr := address[3:] + dp := make([]int, 0, len(addr)) + + for _, c := range addr { + dp = append(dp, strings.IndexRune(alphabet, c)) + } + + ver := dp[0] + + if ver < 0 || ver > 16 { + return false + } + + if ver == 0 { + if len(address) != 42 && len(address) != 62 { + return false + } + } + + values := append(hr, dp...) + + GEN := []int{0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3} + + p := 1 + + for _, v := range values { + b := p >> 25 + p = (p&0x1ffffff)<<5 ^ v + + for i := 0; i < 5; i++ { + if (b>>uint(i))&1 == 1 { + p ^= GEN[i] + } + } + } + + if p != 1 { + return false + } + + b := uint(0) + acc := 0 + mv := (1 << 5) - 1 + var sw []int + + for _, v := range dp[1 : len(dp)-6] { + acc = (acc << 5) | v + b += 5 + for b >= 8 { + b -= 8 + sw = append(sw, (acc>>b)&mv) + } + } + + if len(sw) < 2 || len(sw) > 40 { + return false + } + + return true +} + +// excludesRune is the validation function for validating that the field's value does not contain the rune specified within the param. +func excludesRune(fl FieldLevel) bool { + return !containsRune(fl) +} + +// excludesAll is the validation function for validating that the field's value does not contain any of the characters specified within the param. +func excludesAll(fl FieldLevel) bool { + return !containsAny(fl) +} + +// excludes is the validation function for validating that the field's value does not contain the text specified within the param. +func excludes(fl FieldLevel) bool { + return !contains(fl) +} + +// containsRune is the validation function for validating that the field's value contains the rune specified within the param. +func containsRune(fl FieldLevel) bool { + r, _ := utf8.DecodeRuneInString(fl.Param()) + + return strings.ContainsRune(fl.Field().String(), r) +} + +// containsAny is the validation function for validating that the field's value contains any of the characters specified within the param. +func containsAny(fl FieldLevel) bool { + return strings.ContainsAny(fl.Field().String(), fl.Param()) +} + +// contains is the validation function for validating that the field's value contains the text specified within the param. +func contains(fl FieldLevel) bool { + return strings.Contains(fl.Field().String(), fl.Param()) +} + +// startsWith is the validation function for validating that the field's value starts with the text specified within the param. +func startsWith(fl FieldLevel) bool { + return strings.HasPrefix(fl.Field().String(), fl.Param()) +} + +// endsWith is the validation function for validating that the field's value ends with the text specified within the param. +func endsWith(fl FieldLevel) bool { + return strings.HasSuffix(fl.Field().String(), fl.Param()) +} + +// startsNotWith is the validation function for validating that the field's value does not start with the text specified within the param. +func startsNotWith(fl FieldLevel) bool { + return !startsWith(fl) +} + +// endsNotWith is the validation function for validating that the field's value does not end with the text specified within the param. +func endsNotWith(fl FieldLevel) bool { + return !endsWith(fl) +} + +// fieldContains is the validation function for validating if the current field's value contains the field specified by the param's value. +func fieldContains(fl FieldLevel) bool { + field := fl.Field() + + currentField, _, ok := fl.GetStructFieldOK() + + if !ok { + return false + } + + return strings.Contains(field.String(), currentField.String()) +} + +// fieldExcludes is the validation function for validating if the current field's value excludes the field specified by the param's value. +func fieldExcludes(fl FieldLevel) bool { + field := fl.Field() + + currentField, _, ok := fl.GetStructFieldOK() + if !ok { + return true + } + + return !strings.Contains(field.String(), currentField.String()) +} + +// isNeField is the validation function for validating if the current field's value is not equal to the field specified by the param's value. +func isNeField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + currentField, currentKind, ok := fl.GetStructFieldOK() + + if !ok || currentKind != kind { + return true + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return field.Int() != currentField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return field.Uint() != currentField.Uint() + + case reflect.Float32, reflect.Float64: + return field.Float() != currentField.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(field.Len()) != int64(currentField.Len()) + + case reflect.Bool: + return field.Bool() != currentField.Bool() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && currentField.Type().ConvertibleTo(timeType) { + + t := currentField.Interface().(time.Time) + fieldTime := field.Interface().(time.Time) + + return !fieldTime.Equal(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != currentField.Type() { + return true + } + } + + // default reflect.String: + return field.String() != currentField.String() +} + +// isNe is the validation function for validating that the field's value does not equal the provided param value. +func isNe(fl FieldLevel) bool { + return !isEq(fl) +} + +// isNeIgnoreCase is the validation function for validating that the field's string value does not equal the +// provided param value. The comparison is case-insensitive +func isNeIgnoreCase(fl FieldLevel) bool { + return !isEqIgnoreCase(fl) +} + +// isLteCrossStructField is the validation function for validating if the current field's value is less than or equal to the field, within a separate struct, specified by the param's value. +func isLteCrossStructField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + topField, topKind, ok := fl.GetStructFieldOK() + if !ok || topKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return field.Int() <= topField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return field.Uint() <= topField.Uint() + + case reflect.Float32, reflect.Float64: + return field.Float() <= topField.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(field.Len()) <= int64(topField.Len()) + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && topField.Type().ConvertibleTo(timeType) { + + fieldTime := field.Convert(timeType).Interface().(time.Time) + topTime := topField.Convert(timeType).Interface().(time.Time) + + return fieldTime.Before(topTime) || fieldTime.Equal(topTime) + } + + // Not Same underlying type i.e. struct and time + if fieldType != topField.Type() { + return false + } + } + + // default reflect.String: + return field.String() <= topField.String() +} + +// isLtCrossStructField is the validation function for validating if the current field's value is less than the field, within a separate struct, specified by the param's value. +// NOTE: This is exposed for use within your own custom functions and not intended to be called directly. +func isLtCrossStructField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + topField, topKind, ok := fl.GetStructFieldOK() + if !ok || topKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return field.Int() < topField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return field.Uint() < topField.Uint() + + case reflect.Float32, reflect.Float64: + return field.Float() < topField.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(field.Len()) < int64(topField.Len()) + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && topField.Type().ConvertibleTo(timeType) { + + fieldTime := field.Convert(timeType).Interface().(time.Time) + topTime := topField.Convert(timeType).Interface().(time.Time) + + return fieldTime.Before(topTime) + } + + // Not Same underlying type i.e. struct and time + if fieldType != topField.Type() { + return false + } + } + + // default reflect.String: + return field.String() < topField.String() +} + +// isGteCrossStructField is the validation function for validating if the current field's value is greater than or equal to the field, within a separate struct, specified by the param's value. +func isGteCrossStructField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + topField, topKind, ok := fl.GetStructFieldOK() + if !ok || topKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return field.Int() >= topField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return field.Uint() >= topField.Uint() + + case reflect.Float32, reflect.Float64: + return field.Float() >= topField.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(field.Len()) >= int64(topField.Len()) + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && topField.Type().ConvertibleTo(timeType) { + + fieldTime := field.Convert(timeType).Interface().(time.Time) + topTime := topField.Convert(timeType).Interface().(time.Time) + + return fieldTime.After(topTime) || fieldTime.Equal(topTime) + } + + // Not Same underlying type i.e. struct and time + if fieldType != topField.Type() { + return false + } + } + + // default reflect.String: + return field.String() >= topField.String() +} + +// isGtCrossStructField is the validation function for validating if the current field's value is greater than the field, within a separate struct, specified by the param's value. +func isGtCrossStructField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + topField, topKind, ok := fl.GetStructFieldOK() + if !ok || topKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return field.Int() > topField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return field.Uint() > topField.Uint() + + case reflect.Float32, reflect.Float64: + return field.Float() > topField.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(field.Len()) > int64(topField.Len()) + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && topField.Type().ConvertibleTo(timeType) { + + fieldTime := field.Convert(timeType).Interface().(time.Time) + topTime := topField.Convert(timeType).Interface().(time.Time) + + return fieldTime.After(topTime) + } + + // Not Same underlying type i.e. struct and time + if fieldType != topField.Type() { + return false + } + } + + // default reflect.String: + return field.String() > topField.String() +} + +// isNeCrossStructField is the validation function for validating that the current field's value is not equal to the field, within a separate struct, specified by the param's value. +func isNeCrossStructField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + topField, currentKind, ok := fl.GetStructFieldOK() + if !ok || currentKind != kind { + return true + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return topField.Int() != field.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return topField.Uint() != field.Uint() + + case reflect.Float32, reflect.Float64: + return topField.Float() != field.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(topField.Len()) != int64(field.Len()) + + case reflect.Bool: + return topField.Bool() != field.Bool() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && topField.Type().ConvertibleTo(timeType) { + + t := field.Convert(timeType).Interface().(time.Time) + fieldTime := topField.Convert(timeType).Interface().(time.Time) + + return !fieldTime.Equal(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != topField.Type() { + return true + } + } + + // default reflect.String: + return topField.String() != field.String() +} + +// isEqCrossStructField is the validation function for validating that the current field's value is equal to the field, within a separate struct, specified by the param's value. +func isEqCrossStructField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + topField, topKind, ok := fl.GetStructFieldOK() + if !ok || topKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return topField.Int() == field.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return topField.Uint() == field.Uint() + + case reflect.Float32, reflect.Float64: + return topField.Float() == field.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(topField.Len()) == int64(field.Len()) + + case reflect.Bool: + return topField.Bool() == field.Bool() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && topField.Type().ConvertibleTo(timeType) { + + t := field.Convert(timeType).Interface().(time.Time) + fieldTime := topField.Convert(timeType).Interface().(time.Time) + + return fieldTime.Equal(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != topField.Type() { + return false + } + } + + // default reflect.String: + return topField.String() == field.String() +} + +// isEqField is the validation function for validating if the current field's value is equal to the field specified by the param's value. +func isEqField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + currentField, currentKind, ok := fl.GetStructFieldOK() + if !ok || currentKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return field.Int() == currentField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return field.Uint() == currentField.Uint() + + case reflect.Float32, reflect.Float64: + return field.Float() == currentField.Float() + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(field.Len()) == int64(currentField.Len()) + + case reflect.Bool: + return field.Bool() == currentField.Bool() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && currentField.Type().ConvertibleTo(timeType) { + + t := currentField.Convert(timeType).Interface().(time.Time) + fieldTime := field.Convert(timeType).Interface().(time.Time) + + return fieldTime.Equal(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != currentField.Type() { + return false + } + } + + // default reflect.String: + return field.String() == currentField.String() +} + +// isEq is the validation function for validating if the current field's value is equal to the param's value. +func isEq(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + switch field.Kind() { + + case reflect.String: + return field.String() == param + + case reflect.Slice, reflect.Map, reflect.Array: + p := asInt(param) + + return int64(field.Len()) == p + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + p := asIntFromType(field.Type(), param) + + return field.Int() == p + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + p := asUint(param) + + return field.Uint() == p + + case reflect.Float32, reflect.Float64: + p := asFloat(param) + + return field.Float() == p + + case reflect.Bool: + p := asBool(param) + + return field.Bool() == p + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isEqIgnoreCase is the validation function for validating if the current field's string value is +// equal to the param's value. +// The comparison is case-insensitive. +func isEqIgnoreCase(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + switch field.Kind() { + + case reflect.String: + return strings.EqualFold(field.String(), param) + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isPostcodeByIso3166Alpha2 validates by value which is country code in iso 3166 alpha 2 +// example: `postcode_iso3166_alpha2=US` +func isPostcodeByIso3166Alpha2(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + reg, found := postCodeRegexDict[param] + if !found { + return false + } + + return reg.MatchString(field.String()) +} + +// isPostcodeByIso3166Alpha2Field validates by field which represents for a value of country code in iso 3166 alpha 2 +// example: `postcode_iso3166_alpha2_field=CountryCode` +func isPostcodeByIso3166Alpha2Field(fl FieldLevel) bool { + field := fl.Field() + params := parseOneOfParam2(fl.Param()) + + if len(params) != 1 { + return false + } + + currentField, kind, _, found := fl.GetStructFieldOKAdvanced2(fl.Parent(), params[0]) + if !found { + return false + } + + if kind != reflect.String { + panic(fmt.Sprintf("Bad field type %T", currentField.Interface())) + } + + reg, found := postCodeRegexDict[currentField.String()] + if !found { + return false + } + + return reg.MatchString(field.String()) +} + +// isBase64 is the validation function for validating if the current field's value is a valid base 64. +func isBase64(fl FieldLevel) bool { + return base64Regex.MatchString(fl.Field().String()) +} + +// isBase64URL is the validation function for validating if the current field's value is a valid base64 URL safe string. +func isBase64URL(fl FieldLevel) bool { + return base64URLRegex.MatchString(fl.Field().String()) +} + +// isBase64RawURL is the validation function for validating if the current field's value is a valid base64 URL safe string without '=' padding. +func isBase64RawURL(fl FieldLevel) bool { + return base64RawURLRegex.MatchString(fl.Field().String()) +} + +// isURI is the validation function for validating if the current field's value is a valid URI. +func isURI(fl FieldLevel) bool { + field := fl.Field() + + switch field.Kind() { + case reflect.String: + + s := field.String() + + // checks needed as of Go 1.6 because of change https://github.com/golang/go/commit/617c93ce740c3c3cc28cdd1a0d712be183d0b328#diff-6c2d018290e298803c0c9419d8739885L195 + // emulate browser and strip the '#' suffix prior to validation. see issue-#237 + if i := strings.Index(s, "#"); i > -1 { + s = s[:i] + } + + if len(s) == 0 { + return false + } + + _, err := url.ParseRequestURI(s) + + return err == nil + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isURL is the validation function for validating if the current field's value is a valid URL. +func isURL(fl FieldLevel) bool { + field := fl.Field() + + switch field.Kind() { + case reflect.String: + + var i int + s := field.String() + + // checks needed as of Go 1.6 because of change https://github.com/golang/go/commit/617c93ce740c3c3cc28cdd1a0d712be183d0b328#diff-6c2d018290e298803c0c9419d8739885L195 + // emulate browser and strip the '#' suffix prior to validation. see issue-#237 + if i = strings.Index(s, "#"); i > -1 { + s = s[:i] + } + + if len(s) == 0 { + return false + } + + url, err := url.ParseRequestURI(s) + + if err != nil || url.Scheme == "" { + return false + } + + return true + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isHttpURL is the validation function for validating if the current field's value is a valid HTTP(s) URL. +func isHttpURL(fl FieldLevel) bool { + if !isURL(fl) { + return false + } + + field := fl.Field() + switch field.Kind() { + case reflect.String: + + s := strings.ToLower(field.String()) + return strings.HasPrefix(s, "http://") || strings.HasPrefix(s, "https://") + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isUrnRFC2141 is the validation function for validating if the current field's value is a valid URN as per RFC 2141. +func isUrnRFC2141(fl FieldLevel) bool { + field := fl.Field() + + switch field.Kind() { + case reflect.String: + + str := field.String() + + _, match := urn.Parse([]byte(str)) + + return match + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isFile is the validation function for validating if the current field's value is a valid existing file path. +func isFile(fl FieldLevel) bool { + field := fl.Field() + + switch field.Kind() { + case reflect.String: + fileInfo, err := os.Stat(field.String()) + if err != nil { + return false + } + + return !fileInfo.IsDir() + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isImage is the validation function for validating if the current field's value contains the path to a valid image file +func isImage(fl FieldLevel) bool { + mimetypes := map[string]bool{ + "image/bmp": true, + "image/cis-cod": true, + "image/gif": true, + "image/ief": true, + "image/jpeg": true, + "image/jp2": true, + "image/jpx": true, + "image/jpm": true, + "image/pipeg": true, + "image/png": true, + "image/svg+xml": true, + "image/tiff": true, + "image/webp": true, + "image/x-cmu-raster": true, + "image/x-cmx": true, + "image/x-icon": true, + "image/x-portable-anymap": true, + "image/x-portable-bitmap": true, + "image/x-portable-graymap": true, + "image/x-portable-pixmap": true, + "image/x-rgb": true, + "image/x-xbitmap": true, + "image/x-xpixmap": true, + "image/x-xwindowdump": true, + } + field := fl.Field() + + switch field.Kind() { + case reflect.String: + filePath := field.String() + fileInfo, err := os.Stat(filePath) + + if err != nil { + return false + } + + if fileInfo.IsDir() { + return false + } + + file, err := os.Open(filePath) + if err != nil { + return false + } + defer file.Close() + + mime, err := mimetype.DetectReader(file) + if err != nil { + return false + } + + if _, ok := mimetypes[mime.String()]; ok { + return true + } + } + return false +} + +// isFilePath is the validation function for validating if the current field's value is a valid file path. +func isFilePath(fl FieldLevel) bool { + + var exists bool + var err error + + field := fl.Field() + + // If it exists, it obviously is valid. + // This is done first to avoid code duplication and unnecessary additional logic. + if exists = isFile(fl); exists { + return true + } + + // It does not exist but may still be a valid filepath. + switch field.Kind() { + case reflect.String: + // Every OS allows for whitespace, but none + // let you use a file with no filename (to my knowledge). + // Unless you're dealing with raw inodes, but I digress. + if strings.TrimSpace(field.String()) == "" { + return false + } + // We make sure it isn't a directory. + if strings.HasSuffix(field.String(), string(os.PathSeparator)) { + return false + } + if _, err = os.Stat(field.String()); err != nil { + switch t := err.(type) { + case *fs.PathError: + if t.Err == syscall.EINVAL { + // It's definitely an invalid character in the filepath. + return false + } + // It could be a permission error, a does-not-exist error, etc. + // Out-of-scope for this validation, though. + return true + default: + // Something went *seriously* wrong. + /* + Per https://pkg.go.dev/os#Stat: + "If there is an error, it will be of type *PathError." + */ + panic(err) + } + } + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isE164 is the validation function for validating if the current field's value is a valid e.164 formatted phone number. +func isE164(fl FieldLevel) bool { + return e164Regex.MatchString(fl.Field().String()) +} + +// isEmail is the validation function for validating if the current field's value is a valid email address. +func isEmail(fl FieldLevel) bool { + return emailRegex.MatchString(fl.Field().String()) +} + +// isHSLA is the validation function for validating if the current field's value is a valid HSLA color. +func isHSLA(fl FieldLevel) bool { + return hslaRegex.MatchString(fl.Field().String()) +} + +// isHSL is the validation function for validating if the current field's value is a valid HSL color. +func isHSL(fl FieldLevel) bool { + return hslRegex.MatchString(fl.Field().String()) +} + +// isRGBA is the validation function for validating if the current field's value is a valid RGBA color. +func isRGBA(fl FieldLevel) bool { + return rgbaRegex.MatchString(fl.Field().String()) +} + +// isRGB is the validation function for validating if the current field's value is a valid RGB color. +func isRGB(fl FieldLevel) bool { + return rgbRegex.MatchString(fl.Field().String()) +} + +// isHEXColor is the validation function for validating if the current field's value is a valid HEX color. +func isHEXColor(fl FieldLevel) bool { + return hexColorRegex.MatchString(fl.Field().String()) +} + +// isHexadecimal is the validation function for validating if the current field's value is a valid hexadecimal. +func isHexadecimal(fl FieldLevel) bool { + return hexadecimalRegex.MatchString(fl.Field().String()) +} + +// isNumber is the validation function for validating if the current field's value is a valid number. +func isNumber(fl FieldLevel) bool { + switch fl.Field().Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr, reflect.Float32, reflect.Float64: + return true + default: + return numberRegex.MatchString(fl.Field().String()) + } +} + +// isNumeric is the validation function for validating if the current field's value is a valid numeric value. +func isNumeric(fl FieldLevel) bool { + switch fl.Field().Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr, reflect.Float32, reflect.Float64: + return true + default: + return numericRegex.MatchString(fl.Field().String()) + } +} + +// isAlphanum is the validation function for validating if the current field's value is a valid alphanumeric value. +func isAlphanum(fl FieldLevel) bool { + return alphaNumericRegex.MatchString(fl.Field().String()) +} + +// isAlpha is the validation function for validating if the current field's value is a valid alpha value. +func isAlpha(fl FieldLevel) bool { + return alphaRegex.MatchString(fl.Field().String()) +} + +// isAlphanumUnicode is the validation function for validating if the current field's value is a valid alphanumeric unicode value. +func isAlphanumUnicode(fl FieldLevel) bool { + return alphaUnicodeNumericRegex.MatchString(fl.Field().String()) +} + +// isAlphaUnicode is the validation function for validating if the current field's value is a valid alpha unicode value. +func isAlphaUnicode(fl FieldLevel) bool { + return alphaUnicodeRegex.MatchString(fl.Field().String()) +} + +// isBoolean is the validation function for validating if the current field's value is a valid boolean value or can be safely converted to a boolean value. +func isBoolean(fl FieldLevel) bool { + switch fl.Field().Kind() { + case reflect.Bool: + return true + default: + _, err := strconv.ParseBool(fl.Field().String()) + return err == nil + } +} + +// isDefault is the opposite of required aka hasValue +func isDefault(fl FieldLevel) bool { + return !hasValue(fl) +} + +// hasValue is the validation function for validating if the current field's value is not the default static value. +func hasValue(fl FieldLevel) bool { + field := fl.Field() + switch field.Kind() { + case reflect.Slice, reflect.Map, reflect.Ptr, reflect.Interface, reflect.Chan, reflect.Func: + return !field.IsNil() + default: + if fl.(*validate).fldIsPointer && field.Interface() != nil { + return true + } + return field.IsValid() && field.Interface() != reflect.Zero(field.Type()).Interface() + } +} + +// requireCheckFieldKind is a func for check field kind +func requireCheckFieldKind(fl FieldLevel, param string, defaultNotFoundValue bool) bool { + field := fl.Field() + kind := field.Kind() + var nullable, found bool + if len(param) > 0 { + field, kind, nullable, found = fl.GetStructFieldOKAdvanced2(fl.Parent(), param) + if !found { + return defaultNotFoundValue + } + } + switch kind { + case reflect.Invalid: + return defaultNotFoundValue + case reflect.Slice, reflect.Map, reflect.Ptr, reflect.Interface, reflect.Chan, reflect.Func: + return field.IsNil() + default: + if nullable && field.Interface() != nil { + return false + } + return field.IsValid() && field.Interface() == reflect.Zero(field.Type()).Interface() + } +} + +// requireCheckFieldValue is a func for check field value +func requireCheckFieldValue( + fl FieldLevel, param string, value string, defaultNotFoundValue bool, +) bool { + field, kind, _, found := fl.GetStructFieldOKAdvanced2(fl.Parent(), param) + if !found { + return defaultNotFoundValue + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return field.Int() == asInt(value) + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return field.Uint() == asUint(value) + + case reflect.Float32, reflect.Float64: + return field.Float() == asFloat(value) + + case reflect.Slice, reflect.Map, reflect.Array: + return int64(field.Len()) == asInt(value) + + case reflect.Bool: + return field.Bool() == asBool(value) + } + + // default reflect.String: + return field.String() == value +} + +// requiredIf is the validation function +// The field under validation must be present and not empty only if all the other specified fields are equal to the value following with the specified field. +func requiredIf(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + if len(params)%2 != 0 { + panic(fmt.Sprintf("Bad param number for required_if %s", fl.FieldName())) + } + for i := 0; i < len(params); i += 2 { + if !requireCheckFieldValue(fl, params[i], params[i+1], false) { + return true + } + } + return hasValue(fl) +} + +// excludedIf is the validation function +// The field under validation must not be present or is empty only if all the other specified fields are equal to the value following with the specified field. +func excludedIf(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + if len(params)%2 != 0 { + panic(fmt.Sprintf("Bad param number for excluded_if %s", fl.FieldName())) + } + + for i := 0; i < len(params); i += 2 { + if !requireCheckFieldValue(fl, params[i], params[i+1], false) { + return true + } + } + return !hasValue(fl) +} + +// requiredUnless is the validation function +// The field under validation must be present and not empty only unless all the other specified fields are equal to the value following with the specified field. +func requiredUnless(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + if len(params)%2 != 0 { + panic(fmt.Sprintf("Bad param number for required_unless %s", fl.FieldName())) + } + + for i := 0; i < len(params); i += 2 { + if requireCheckFieldValue(fl, params[i], params[i+1], false) { + return true + } + } + return hasValue(fl) +} + +// skipUnless is the validation function +// The field under validation must be present and not empty only unless all the other specified fields are equal to the value following with the specified field. +func skipUnless(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + if len(params)%2 != 0 { + panic(fmt.Sprintf("Bad param number for skip_unless %s", fl.FieldName())) + } + for i := 0; i < len(params); i += 2 { + if !requireCheckFieldValue(fl, params[i], params[i+1], false) { + return true + } + } + return hasValue(fl) +} + +// excludedUnless is the validation function +// The field under validation must not be present or is empty unless all the other specified fields are equal to the value following with the specified field. +func excludedUnless(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + if len(params)%2 != 0 { + panic(fmt.Sprintf("Bad param number for excluded_unless %s", fl.FieldName())) + } + for i := 0; i < len(params); i += 2 { + if !requireCheckFieldValue(fl, params[i], params[i+1], false) { + return !hasValue(fl) + } + } + return true +} + +// excludedWith is the validation function +// The field under validation must not be present or is empty if any of the other specified fields are present. +func excludedWith(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + for _, param := range params { + if !requireCheckFieldKind(fl, param, true) { + return !hasValue(fl) + } + } + return true +} + +// requiredWith is the validation function +// The field under validation must be present and not empty only if any of the other specified fields are present. +func requiredWith(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + for _, param := range params { + if !requireCheckFieldKind(fl, param, true) { + return hasValue(fl) + } + } + return true +} + +// excludedWithAll is the validation function +// The field under validation must not be present or is empty if all of the other specified fields are present. +func excludedWithAll(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + for _, param := range params { + if requireCheckFieldKind(fl, param, true) { + return true + } + } + return !hasValue(fl) +} + +// requiredWithAll is the validation function +// The field under validation must be present and not empty only if all of the other specified fields are present. +func requiredWithAll(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + for _, param := range params { + if requireCheckFieldKind(fl, param, true) { + return true + } + } + return hasValue(fl) +} + +// excludedWithout is the validation function +// The field under validation must not be present or is empty when any of the other specified fields are not present. +func excludedWithout(fl FieldLevel) bool { + if requireCheckFieldKind(fl, strings.TrimSpace(fl.Param()), true) { + return !hasValue(fl) + } + return true +} + +// requiredWithout is the validation function +// The field under validation must be present and not empty only when any of the other specified fields are not present. +func requiredWithout(fl FieldLevel) bool { + if requireCheckFieldKind(fl, strings.TrimSpace(fl.Param()), true) { + return hasValue(fl) + } + return true +} + +// excludedWithoutAll is the validation function +// The field under validation must not be present or is empty when all of the other specified fields are not present. +func excludedWithoutAll(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + for _, param := range params { + if !requireCheckFieldKind(fl, param, true) { + return true + } + } + return !hasValue(fl) +} + +// requiredWithoutAll is the validation function +// The field under validation must be present and not empty only when all of the other specified fields are not present. +func requiredWithoutAll(fl FieldLevel) bool { + params := parseOneOfParam2(fl.Param()) + for _, param := range params { + if !requireCheckFieldKind(fl, param, true) { + return true + } + } + return hasValue(fl) +} + +// isGteField is the validation function for validating if the current field's value is greater than or equal to the field specified by the param's value. +func isGteField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + currentField, currentKind, ok := fl.GetStructFieldOK() + if !ok || currentKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + + return field.Int() >= currentField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + + return field.Uint() >= currentField.Uint() + + case reflect.Float32, reflect.Float64: + + return field.Float() >= currentField.Float() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && currentField.Type().ConvertibleTo(timeType) { + + t := currentField.Convert(timeType).Interface().(time.Time) + fieldTime := field.Convert(timeType).Interface().(time.Time) + + return fieldTime.After(t) || fieldTime.Equal(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != currentField.Type() { + return false + } + } + + // default reflect.String + return len(field.String()) >= len(currentField.String()) +} + +// isGtField is the validation function for validating if the current field's value is greater than the field specified by the param's value. +func isGtField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + currentField, currentKind, ok := fl.GetStructFieldOK() + if !ok || currentKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + + return field.Int() > currentField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + + return field.Uint() > currentField.Uint() + + case reflect.Float32, reflect.Float64: + + return field.Float() > currentField.Float() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && currentField.Type().ConvertibleTo(timeType) { + + t := currentField.Convert(timeType).Interface().(time.Time) + fieldTime := field.Convert(timeType).Interface().(time.Time) + + return fieldTime.After(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != currentField.Type() { + return false + } + } + + // default reflect.String + return len(field.String()) > len(currentField.String()) +} + +// isGte is the validation function for validating if the current field's value is greater than or equal to the param's value. +func isGte(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + switch field.Kind() { + + case reflect.String: + p := asInt(param) + + return int64(utf8.RuneCountInString(field.String())) >= p + + case reflect.Slice, reflect.Map, reflect.Array: + p := asInt(param) + + return int64(field.Len()) >= p + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + p := asIntFromType(field.Type(), param) + + return field.Int() >= p + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + p := asUint(param) + + return field.Uint() >= p + + case reflect.Float32, reflect.Float64: + p := asFloat(param) + + return field.Float() >= p + + case reflect.Struct: + + if field.Type().ConvertibleTo(timeType) { + + now := time.Now().UTC() + t := field.Convert(timeType).Interface().(time.Time) + + return t.After(now) || t.Equal(now) + } + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isGt is the validation function for validating if the current field's value is greater than the param's value. +func isGt(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + switch field.Kind() { + + case reflect.String: + p := asInt(param) + + return int64(utf8.RuneCountInString(field.String())) > p + + case reflect.Slice, reflect.Map, reflect.Array: + p := asInt(param) + + return int64(field.Len()) > p + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + p := asIntFromType(field.Type(), param) + + return field.Int() > p + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + p := asUint(param) + + return field.Uint() > p + + case reflect.Float32, reflect.Float64: + p := asFloat(param) + + return field.Float() > p + case reflect.Struct: + + if field.Type().ConvertibleTo(timeType) { + + return field.Convert(timeType).Interface().(time.Time).After(time.Now().UTC()) + } + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// hasLengthOf is the validation function for validating if the current field's value is equal to the param's value. +func hasLengthOf(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + switch field.Kind() { + + case reflect.String: + p := asInt(param) + + return int64(utf8.RuneCountInString(field.String())) == p + + case reflect.Slice, reflect.Map, reflect.Array: + p := asInt(param) + + return int64(field.Len()) == p + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + p := asIntFromType(field.Type(), param) + + return field.Int() == p + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + p := asUint(param) + + return field.Uint() == p + + case reflect.Float32, reflect.Float64: + p := asFloat(param) + + return field.Float() == p + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// hasMinOf is the validation function for validating if the current field's value is greater than or equal to the param's value. +func hasMinOf(fl FieldLevel) bool { + return isGte(fl) +} + +// isLteField is the validation function for validating if the current field's value is less than or equal to the field specified by the param's value. +func isLteField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + currentField, currentKind, ok := fl.GetStructFieldOK() + if !ok || currentKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + + return field.Int() <= currentField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + + return field.Uint() <= currentField.Uint() + + case reflect.Float32, reflect.Float64: + + return field.Float() <= currentField.Float() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && currentField.Type().ConvertibleTo(timeType) { + + t := currentField.Convert(timeType).Interface().(time.Time) + fieldTime := field.Convert(timeType).Interface().(time.Time) + + return fieldTime.Before(t) || fieldTime.Equal(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != currentField.Type() { + return false + } + } + + // default reflect.String + return len(field.String()) <= len(currentField.String()) +} + +// isLtField is the validation function for validating if the current field's value is less than the field specified by the param's value. +func isLtField(fl FieldLevel) bool { + field := fl.Field() + kind := field.Kind() + + currentField, currentKind, ok := fl.GetStructFieldOK() + if !ok || currentKind != kind { + return false + } + + switch kind { + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + + return field.Int() < currentField.Int() + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + + return field.Uint() < currentField.Uint() + + case reflect.Float32, reflect.Float64: + + return field.Float() < currentField.Float() + + case reflect.Struct: + + fieldType := field.Type() + + if fieldType.ConvertibleTo(timeType) && currentField.Type().ConvertibleTo(timeType) { + + t := currentField.Convert(timeType).Interface().(time.Time) + fieldTime := field.Convert(timeType).Interface().(time.Time) + + return fieldTime.Before(t) + } + + // Not Same underlying type i.e. struct and time + if fieldType != currentField.Type() { + return false + } + } + + // default reflect.String + return len(field.String()) < len(currentField.String()) +} + +// isLte is the validation function for validating if the current field's value is less than or equal to the param's value. +func isLte(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + switch field.Kind() { + + case reflect.String: + p := asInt(param) + + return int64(utf8.RuneCountInString(field.String())) <= p + + case reflect.Slice, reflect.Map, reflect.Array: + p := asInt(param) + + return int64(field.Len()) <= p + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + p := asIntFromType(field.Type(), param) + + return field.Int() <= p + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + p := asUint(param) + + return field.Uint() <= p + + case reflect.Float32, reflect.Float64: + p := asFloat(param) + + return field.Float() <= p + + case reflect.Struct: + + if field.Type().ConvertibleTo(timeType) { + + now := time.Now().UTC() + t := field.Convert(timeType).Interface().(time.Time) + + return t.Before(now) || t.Equal(now) + } + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isLt is the validation function for validating if the current field's value is less than the param's value. +func isLt(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + switch field.Kind() { + + case reflect.String: + p := asInt(param) + + return int64(utf8.RuneCountInString(field.String())) < p + + case reflect.Slice, reflect.Map, reflect.Array: + p := asInt(param) + + return int64(field.Len()) < p + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + p := asIntFromType(field.Type(), param) + + return field.Int() < p + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + p := asUint(param) + + return field.Uint() < p + + case reflect.Float32, reflect.Float64: + p := asFloat(param) + + return field.Float() < p + + case reflect.Struct: + + if field.Type().ConvertibleTo(timeType) { + + return field.Convert(timeType).Interface().(time.Time).Before(time.Now().UTC()) + } + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// hasMaxOf is the validation function for validating if the current field's value is less than or equal to the param's value. +func hasMaxOf(fl FieldLevel) bool { + return isLte(fl) +} + +// isTCP4AddrResolvable is the validation function for validating if the field's value is a resolvable tcp4 address. +func isTCP4AddrResolvable(fl FieldLevel) bool { + if !isIP4Addr(fl) { + return false + } + + _, err := net.ResolveTCPAddr("tcp4", fl.Field().String()) + return err == nil +} + +// isTCP6AddrResolvable is the validation function for validating if the field's value is a resolvable tcp6 address. +func isTCP6AddrResolvable(fl FieldLevel) bool { + if !isIP6Addr(fl) { + return false + } + + _, err := net.ResolveTCPAddr("tcp6", fl.Field().String()) + + return err == nil +} + +// isTCPAddrResolvable is the validation function for validating if the field's value is a resolvable tcp address. +func isTCPAddrResolvable(fl FieldLevel) bool { + if !isIP4Addr(fl) && !isIP6Addr(fl) { + return false + } + + _, err := net.ResolveTCPAddr("tcp", fl.Field().String()) + + return err == nil +} + +// isUDP4AddrResolvable is the validation function for validating if the field's value is a resolvable udp4 address. +func isUDP4AddrResolvable(fl FieldLevel) bool { + if !isIP4Addr(fl) { + return false + } + + _, err := net.ResolveUDPAddr("udp4", fl.Field().String()) + + return err == nil +} + +// isUDP6AddrResolvable is the validation function for validating if the field's value is a resolvable udp6 address. +func isUDP6AddrResolvable(fl FieldLevel) bool { + if !isIP6Addr(fl) { + return false + } + + _, err := net.ResolveUDPAddr("udp6", fl.Field().String()) + + return err == nil +} + +// isUDPAddrResolvable is the validation function for validating if the field's value is a resolvable udp address. +func isUDPAddrResolvable(fl FieldLevel) bool { + if !isIP4Addr(fl) && !isIP6Addr(fl) { + return false + } + + _, err := net.ResolveUDPAddr("udp", fl.Field().String()) + + return err == nil +} + +// isIP4AddrResolvable is the validation function for validating if the field's value is a resolvable ip4 address. +func isIP4AddrResolvable(fl FieldLevel) bool { + if !isIPv4(fl) { + return false + } + + _, err := net.ResolveIPAddr("ip4", fl.Field().String()) + + return err == nil +} + +// isIP6AddrResolvable is the validation function for validating if the field's value is a resolvable ip6 address. +func isIP6AddrResolvable(fl FieldLevel) bool { + if !isIPv6(fl) { + return false + } + + _, err := net.ResolveIPAddr("ip6", fl.Field().String()) + + return err == nil +} + +// isIPAddrResolvable is the validation function for validating if the field's value is a resolvable ip address. +func isIPAddrResolvable(fl FieldLevel) bool { + if !isIP(fl) { + return false + } + + _, err := net.ResolveIPAddr("ip", fl.Field().String()) + + return err == nil +} + +// isUnixAddrResolvable is the validation function for validating if the field's value is a resolvable unix address. +func isUnixAddrResolvable(fl FieldLevel) bool { + _, err := net.ResolveUnixAddr("unix", fl.Field().String()) + + return err == nil +} + +func isIP4Addr(fl FieldLevel) bool { + val := fl.Field().String() + + if idx := strings.LastIndex(val, ":"); idx != -1 { + val = val[0:idx] + } + + ip := net.ParseIP(val) + + return ip != nil && ip.To4() != nil +} + +func isIP6Addr(fl FieldLevel) bool { + val := fl.Field().String() + + if idx := strings.LastIndex(val, ":"); idx != -1 { + if idx != 0 && val[idx-1:idx] == "]" { + val = val[1 : idx-1] + } + } + + ip := net.ParseIP(val) + + return ip != nil && ip.To4() == nil +} + +func isHostnameRFC952(fl FieldLevel) bool { + return hostnameRegexRFC952.MatchString(fl.Field().String()) +} + +func isHostnameRFC1123(fl FieldLevel) bool { + return hostnameRegexRFC1123.MatchString(fl.Field().String()) +} + +func isFQDN(fl FieldLevel) bool { + val := fl.Field().String() + + if val == "" { + return false + } + + return fqdnRegexRFC1123.MatchString(val) +} + +// isDir is the validation function for validating if the current field's value is a valid existing directory. +func isDir(fl FieldLevel) bool { + field := fl.Field() + + if field.Kind() == reflect.String { + fileInfo, err := os.Stat(field.String()) + if err != nil { + return false + } + + return fileInfo.IsDir() + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isDirPath is the validation function for validating if the current field's value is a valid directory. +func isDirPath(fl FieldLevel) bool { + + var exists bool + var err error + + field := fl.Field() + + // If it exists, it obviously is valid. + // This is done first to avoid code duplication and unnecessary additional logic. + if exists = isDir(fl); exists { + return true + } + + // It does not exist but may still be a valid path. + switch field.Kind() { + case reflect.String: + // Every OS allows for whitespace, but none + // let you use a dir with no name (to my knowledge). + // Unless you're dealing with raw inodes, but I digress. + if strings.TrimSpace(field.String()) == "" { + return false + } + if _, err = os.Stat(field.String()); err != nil { + switch t := err.(type) { + case *fs.PathError: + if t.Err == syscall.EINVAL { + // It's definitely an invalid character in the path. + return false + } + // It could be a permission error, a does-not-exist error, etc. + // Out-of-scope for this validation, though. + // Lastly, we make sure it is a directory. + if strings.HasSuffix(field.String(), string(os.PathSeparator)) { + return true + } else { + return false + } + default: + // Something went *seriously* wrong. + /* + Per https://pkg.go.dev/os#Stat: + "If there is an error, it will be of type *PathError." + */ + panic(err) + } + } + // We repeat the check here to make sure it is an explicit directory in case the above os.Stat didn't trigger an error. + if strings.HasSuffix(field.String(), string(os.PathSeparator)) { + return true + } else { + return false + } + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isJSON is the validation function for validating if the current field's value is a valid json string. +func isJSON(fl FieldLevel) bool { + field := fl.Field() + + if field.Kind() == reflect.String { + val := field.String() + return json.Valid([]byte(val)) + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isJWT is the validation function for validating if the current field's value is a valid JWT string. +func isJWT(fl FieldLevel) bool { + return jWTRegex.MatchString(fl.Field().String()) +} + +// isHostnamePort validates a : combination for fields typically used for socket address. +func isHostnamePort(fl FieldLevel) bool { + val := fl.Field().String() + host, port, err := net.SplitHostPort(val) + if err != nil { + return false + } + // Port must be a iny <= 65535. + if portNum, err := strconv.ParseInt( + port, 10, 32, + ); err != nil || portNum > 65535 || portNum < 1 { + return false + } + + // If host is specified, it should match a DNS name + if host != "" { + return hostnameRegexRFC1123.MatchString(host) + } + return true +} + +// isLowercase is the validation function for validating if the current field's value is a lowercase string. +func isLowercase(fl FieldLevel) bool { + field := fl.Field() + + if field.Kind() == reflect.String { + if field.String() == "" { + return false + } + return field.String() == strings.ToLower(field.String()) + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isUppercase is the validation function for validating if the current field's value is an uppercase string. +func isUppercase(fl FieldLevel) bool { + field := fl.Field() + + if field.Kind() == reflect.String { + if field.String() == "" { + return false + } + return field.String() == strings.ToUpper(field.String()) + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isDatetime is the validation function for validating if the current field's value is a valid datetime string. +func isDatetime(fl FieldLevel) bool { + field := fl.Field() + param := fl.Param() + + if field.Kind() == reflect.String { + _, err := time.Parse(param, field.String()) + + return err == nil + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isTimeZone is the validation function for validating if the current field's value is a valid time zone string. +func isTimeZone(fl FieldLevel) bool { + field := fl.Field() + + if field.Kind() == reflect.String { + // empty value is converted to UTC by time.LoadLocation but disallow it as it is not a valid time zone name + if field.String() == "" { + return false + } + + // Local value is converted to the current system time zone by time.LoadLocation but disallow it as it is not a valid time zone name + if strings.ToLower(field.String()) == "local" { + return false + } + + _, err := time.LoadLocation(field.String()) + return err == nil + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isIso3166Alpha2 is the validation function for validating if the current field's value is a valid iso3166-1 alpha-2 country code. +func isIso3166Alpha2(fl FieldLevel) bool { + val := fl.Field().String() + return iso3166_1_alpha2[val] +} + +// isIso3166Alpha3 is the validation function for validating if the current field's value is a valid iso3166-1 alpha-3 country code. +func isIso3166Alpha3(fl FieldLevel) bool { + val := fl.Field().String() + return iso3166_1_alpha3[val] +} + +// isIso3166AlphaNumeric is the validation function for validating if the current field's value is a valid iso3166-1 alpha-numeric country code. +func isIso3166AlphaNumeric(fl FieldLevel) bool { + field := fl.Field() + + var code int + switch field.Kind() { + case reflect.String: + i, err := strconv.Atoi(field.String()) + if err != nil { + return false + } + code = i % 1000 + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + code = int(field.Int() % 1000) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + code = int(field.Uint() % 1000) + default: + panic(fmt.Sprintf("Bad field type %T", field.Interface())) + } + return iso3166_1_alpha_numeric[code] +} + +// isIso31662 is the validation function for validating if the current field's value is a valid iso3166-2 code. +func isIso31662(fl FieldLevel) bool { + val := fl.Field().String() + return iso3166_2[val] +} + +// isIso4217 is the validation function for validating if the current field's value is a valid iso4217 currency code. +func isIso4217(fl FieldLevel) bool { + val := fl.Field().String() + return iso4217[val] +} + +// isIso4217Numeric is the validation function for validating if the current field's value is a valid iso4217 numeric currency code. +func isIso4217Numeric(fl FieldLevel) bool { + field := fl.Field() + + var code int + switch field.Kind() { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + code = int(field.Int()) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + code = int(field.Uint()) + default: + panic(fmt.Sprintf("Bad field type %T", field.Interface())) + } + return iso4217_numeric[code] +} + +// isBCP47LanguageTag is the validation function for validating if the current field's value is a valid BCP 47 language tag, as parsed by language.Parse +func isBCP47LanguageTag(fl FieldLevel) bool { + field := fl.Field() + + if field.Kind() == reflect.String { + _, err := language.Parse(field.String()) + return err == nil + } + + panic(fmt.Sprintf("Bad field type %T", field.Interface())) +} + +// isIsoBicFormat is the validation function for validating if the current field's value is a valid Business Identifier Code (SWIFT code), defined in ISO 9362 +func isIsoBicFormat(fl FieldLevel) bool { + bicString := fl.Field().String() + + return bicRegex.MatchString(bicString) +} + +// isSemverFormat is the validation function for validating if the current field's value is a valid semver version, defined in Semantic Versioning 2.0.0 +func isSemverFormat(fl FieldLevel) bool { + semverString := fl.Field().String() + + return semverRegex.MatchString(semverString) +} + +// isCveFormat is the validation function for validating if the current field's value is a valid cve id, defined in CVE mitre org +func isCveFormat(fl FieldLevel) bool { + cveString := fl.Field().String() + + return cveRegex.MatchString(cveString) +} + +// isDnsRFC1035LabelFormat is the validation function +// for validating if the current field's value is +// a valid dns RFC 1035 label, defined in RFC 1035. +func isDnsRFC1035LabelFormat(fl FieldLevel) bool { + val := fl.Field().String() + return dnsRegexRFC1035Label.MatchString(val) +} + +// digitsHaveLuhnChecksum returns true if and only if the last element of the given digits slice is the Luhn checksum of the previous elements +func digitsHaveLuhnChecksum(digits []string) bool { + size := len(digits) + sum := 0 + for i, digit := range digits { + value, err := strconv.Atoi(digit) + if err != nil { + return false + } + if size%2 == 0 && i%2 == 0 || size%2 == 1 && i%2 == 1 { + v := value * 2 + if v >= 10 { + sum += 1 + (v % 10) + } else { + sum += v + } + } else { + sum += value + } + } + return (sum % 10) == 0 +} + +// isMongoDB is the validation function for validating if the current field's value is valid mongoDB objectID +func isMongoDB(fl FieldLevel) bool { + val := fl.Field().String() + return mongodbRegex.MatchString(val) +} + +// isCreditCard is the validation function for validating if the current field's value is a valid credit card number +func isCreditCard(fl FieldLevel) bool { + val := fl.Field().String() + var creditCard bytes.Buffer + segments := strings.Split(val, " ") + for _, segment := range segments { + if len(segment) < 3 { + return false + } + creditCard.WriteString(segment) + } + + ccDigits := strings.Split(creditCard.String(), "") + size := len(ccDigits) + if size < 12 || size > 19 { + return false + } + + return digitsHaveLuhnChecksum(ccDigits) +} + +// hasLuhnChecksum is the validation for validating if the current field's value has a valid Luhn checksum +func hasLuhnChecksum(fl FieldLevel) bool { + field := fl.Field() + var str string // convert to a string which will then be split into single digits; easier and more readable than shifting/extracting single digits from a number + switch field.Kind() { + case reflect.String: + str = field.String() + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + str = strconv.FormatInt(field.Int(), 10) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + str = strconv.FormatUint(field.Uint(), 10) + default: + panic(fmt.Sprintf("Bad field type %T", field.Interface())) + } + size := len(str) + if size < 2 { // there has to be at least one digit that carries a meaning + the checksum + return false + } + digits := strings.Split(str, "") + return digitsHaveLuhnChecksum(digits) +} + +// isCron is the validation function for validating if the current field's value is a valid cron expression +func isCron(fl FieldLevel) bool { + cronString := fl.Field().String() + return cronRegex.MatchString(cronString) +} diff --git a/vendor/github.com/go-playground/validator/v10/cache.go b/vendor/github.com/go-playground/validator/v10/cache.go new file mode 100644 index 0000000000..bbfd2a4af1 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/cache.go @@ -0,0 +1,327 @@ +package validator + +import ( + "fmt" + "reflect" + "strings" + "sync" + "sync/atomic" +) + +type tagType uint8 + +const ( + typeDefault tagType = iota + typeOmitEmpty + typeIsDefault + typeNoStructLevel + typeStructOnly + typeDive + typeOr + typeKeys + typeEndKeys +) + +const ( + invalidValidation = "Invalid validation tag on field '%s'" + undefinedValidation = "Undefined validation function '%s' on field '%s'" + keysTagNotDefined = "'" + endKeysTag + "' tag encountered without a corresponding '" + keysTag + "' tag" +) + +type structCache struct { + lock sync.Mutex + m atomic.Value // map[reflect.Type]*cStruct +} + +func (sc *structCache) Get(key reflect.Type) (c *cStruct, found bool) { + c, found = sc.m.Load().(map[reflect.Type]*cStruct)[key] + return +} + +func (sc *structCache) Set(key reflect.Type, value *cStruct) { + m := sc.m.Load().(map[reflect.Type]*cStruct) + nm := make(map[reflect.Type]*cStruct, len(m)+1) + for k, v := range m { + nm[k] = v + } + nm[key] = value + sc.m.Store(nm) +} + +type tagCache struct { + lock sync.Mutex + m atomic.Value // map[string]*cTag +} + +func (tc *tagCache) Get(key string) (c *cTag, found bool) { + c, found = tc.m.Load().(map[string]*cTag)[key] + return +} + +func (tc *tagCache) Set(key string, value *cTag) { + m := tc.m.Load().(map[string]*cTag) + nm := make(map[string]*cTag, len(m)+1) + for k, v := range m { + nm[k] = v + } + nm[key] = value + tc.m.Store(nm) +} + +type cStruct struct { + name string + fields []*cField + fn StructLevelFuncCtx +} + +type cField struct { + idx int + name string + altName string + namesEqual bool + cTags *cTag +} + +type cTag struct { + tag string + aliasTag string + actualAliasTag string + param string + keys *cTag // only populated when using tag's 'keys' and 'endkeys' for map key validation + next *cTag + fn FuncCtx + typeof tagType + hasTag bool + hasAlias bool + hasParam bool // true if parameter used eg. eq= where the equal sign has been set + isBlockEnd bool // indicates the current tag represents the last validation in the block + runValidationWhenNil bool +} + +func (v *Validate) extractStructCache(current reflect.Value, sName string) *cStruct { + v.structCache.lock.Lock() + defer v.structCache.lock.Unlock() // leave as defer! because if inner panics, it will never get unlocked otherwise! + + typ := current.Type() + + // could have been multiple trying to access, but once first is done this ensures struct + // isn't parsed again. + cs, ok := v.structCache.Get(typ) + if ok { + return cs + } + + cs = &cStruct{name: sName, fields: make([]*cField, 0), fn: v.structLevelFuncs[typ]} + + numFields := current.NumField() + rules := v.rules[typ] + + var ctag *cTag + var fld reflect.StructField + var tag string + var customName string + + for i := 0; i < numFields; i++ { + + fld = typ.Field(i) + + if !fld.Anonymous && len(fld.PkgPath) > 0 { + continue + } + + if rtag, ok := rules[fld.Name]; ok { + tag = rtag + } else { + tag = fld.Tag.Get(v.tagName) + } + + if tag == skipValidationTag { + continue + } + + customName = fld.Name + + if v.hasTagNameFunc { + name := v.tagNameFunc(fld) + if len(name) > 0 { + customName = name + } + } + + // NOTE: cannot use shared tag cache, because tags may be equal, but things like alias may be different + // and so only struct level caching can be used instead of combined with Field tag caching + + if len(tag) > 0 { + ctag, _ = v.parseFieldTagsRecursive(tag, fld.Name, "", false) + } else { + // even if field doesn't have validations need cTag for traversing to potential inner/nested + // elements of the field. + ctag = new(cTag) + } + + cs.fields = append(cs.fields, &cField{ + idx: i, + name: fld.Name, + altName: customName, + cTags: ctag, + namesEqual: fld.Name == customName, + }) + } + v.structCache.Set(typ, cs) + return cs +} + +func (v *Validate) parseFieldTagsRecursive(tag string, fieldName string, alias string, hasAlias bool) (firstCtag *cTag, current *cTag) { + var t string + noAlias := len(alias) == 0 + tags := strings.Split(tag, tagSeparator) + + for i := 0; i < len(tags); i++ { + t = tags[i] + if noAlias { + alias = t + } + + // check map for alias and process new tags, otherwise process as usual + if tagsVal, found := v.aliases[t]; found { + if i == 0 { + firstCtag, current = v.parseFieldTagsRecursive(tagsVal, fieldName, t, true) + } else { + next, curr := v.parseFieldTagsRecursive(tagsVal, fieldName, t, true) + current.next, current = next, curr + + } + continue + } + + var prevTag tagType + + if i == 0 { + current = &cTag{aliasTag: alias, hasAlias: hasAlias, hasTag: true, typeof: typeDefault} + firstCtag = current + } else { + prevTag = current.typeof + current.next = &cTag{aliasTag: alias, hasAlias: hasAlias, hasTag: true} + current = current.next + } + + switch t { + case diveTag: + current.typeof = typeDive + continue + + case keysTag: + current.typeof = typeKeys + + if i == 0 || prevTag != typeDive { + panic(fmt.Sprintf("'%s' tag must be immediately preceded by the '%s' tag", keysTag, diveTag)) + } + + current.typeof = typeKeys + + // need to pass along only keys tag + // need to increment i to skip over the keys tags + b := make([]byte, 0, 64) + + i++ + + for ; i < len(tags); i++ { + + b = append(b, tags[i]...) + b = append(b, ',') + + if tags[i] == endKeysTag { + break + } + } + + current.keys, _ = v.parseFieldTagsRecursive(string(b[:len(b)-1]), fieldName, "", false) + continue + + case endKeysTag: + current.typeof = typeEndKeys + + // if there are more in tags then there was no keysTag defined + // and an error should be thrown + if i != len(tags)-1 { + panic(keysTagNotDefined) + } + return + + case omitempty: + current.typeof = typeOmitEmpty + continue + + case structOnlyTag: + current.typeof = typeStructOnly + continue + + case noStructLevelTag: + current.typeof = typeNoStructLevel + continue + + default: + if t == isdefault { + current.typeof = typeIsDefault + } + // if a pipe character is needed within the param you must use the utf8Pipe representation "0x7C" + orVals := strings.Split(t, orSeparator) + + for j := 0; j < len(orVals); j++ { + vals := strings.SplitN(orVals[j], tagKeySeparator, 2) + if noAlias { + alias = vals[0] + current.aliasTag = alias + } else { + current.actualAliasTag = t + } + + if j > 0 { + current.next = &cTag{aliasTag: alias, actualAliasTag: current.actualAliasTag, hasAlias: hasAlias, hasTag: true} + current = current.next + } + current.hasParam = len(vals) > 1 + + current.tag = vals[0] + if len(current.tag) == 0 { + panic(strings.TrimSpace(fmt.Sprintf(invalidValidation, fieldName))) + } + + if wrapper, ok := v.validations[current.tag]; ok { + current.fn = wrapper.fn + current.runValidationWhenNil = wrapper.runValidatinOnNil + } else { + panic(strings.TrimSpace(fmt.Sprintf(undefinedValidation, current.tag, fieldName))) + } + + if len(orVals) > 1 { + current.typeof = typeOr + } + + if len(vals) > 1 { + current.param = strings.Replace(strings.Replace(vals[1], utf8HexComma, ",", -1), utf8Pipe, "|", -1) + } + } + current.isBlockEnd = true + } + } + return +} + +func (v *Validate) fetchCacheTag(tag string) *cTag { + // find cached tag + ctag, found := v.tagCache.Get(tag) + if !found { + v.tagCache.lock.Lock() + defer v.tagCache.lock.Unlock() + + // could have been multiple trying to access, but once first is done this ensures tag + // isn't parsed again. + ctag, found = v.tagCache.Get(tag) + if !found { + ctag, _ = v.parseFieldTagsRecursive(tag, "", "", false) + v.tagCache.Set(tag, ctag) + } + } + return ctag +} diff --git a/vendor/github.com/go-playground/validator/v10/country_codes.go b/vendor/github.com/go-playground/validator/v10/country_codes.go new file mode 100644 index 0000000000..0119f0574d --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/country_codes.go @@ -0,0 +1,1150 @@ +package validator + +var iso3166_1_alpha2 = map[string]bool{ + // see: https://www.iso.org/iso-3166-country-codes.html + "AF": true, "AX": true, "AL": true, "DZ": true, "AS": true, + "AD": true, "AO": true, "AI": true, "AQ": true, "AG": true, + "AR": true, "AM": true, "AW": true, "AU": true, "AT": true, + "AZ": true, "BS": true, "BH": true, "BD": true, "BB": true, + "BY": true, "BE": true, "BZ": true, "BJ": true, "BM": true, + "BT": true, "BO": true, "BQ": true, "BA": true, "BW": true, + "BV": true, "BR": true, "IO": true, "BN": true, "BG": true, + "BF": true, "BI": true, "KH": true, "CM": true, "CA": true, + "CV": true, "KY": true, "CF": true, "TD": true, "CL": true, + "CN": true, "CX": true, "CC": true, "CO": true, "KM": true, + "CG": true, "CD": true, "CK": true, "CR": true, "CI": true, + "HR": true, "CU": true, "CW": true, "CY": true, "CZ": true, + "DK": true, "DJ": true, "DM": true, "DO": true, "EC": true, + "EG": true, "SV": true, "GQ": true, "ER": true, "EE": true, + "ET": true, "FK": true, "FO": true, "FJ": true, "FI": true, + "FR": true, "GF": true, "PF": true, "TF": true, "GA": true, + "GM": true, "GE": true, "DE": true, "GH": true, "GI": true, + "GR": true, "GL": true, "GD": true, "GP": true, "GU": true, + "GT": true, "GG": true, "GN": true, "GW": true, "GY": true, + "HT": true, "HM": true, "VA": true, "HN": true, "HK": true, + "HU": true, "IS": true, "IN": true, "ID": true, "IR": true, + "IQ": true, "IE": true, "IM": true, "IL": true, "IT": true, + "JM": true, "JP": true, "JE": true, "JO": true, "KZ": true, + "KE": true, "KI": true, "KP": true, "KR": true, "KW": true, + "KG": true, "LA": true, "LV": true, "LB": true, "LS": true, + "LR": true, "LY": true, "LI": true, "LT": true, "LU": true, + "MO": true, "MK": true, "MG": true, "MW": true, "MY": true, + "MV": true, "ML": true, "MT": true, "MH": true, "MQ": true, + "MR": true, "MU": true, "YT": true, "MX": true, "FM": true, + "MD": true, "MC": true, "MN": true, "ME": true, "MS": true, + "MA": true, "MZ": true, "MM": true, "NA": true, "NR": true, + "NP": true, "NL": true, "NC": true, "NZ": true, "NI": true, + "NE": true, "NG": true, "NU": true, "NF": true, "MP": true, + "NO": true, "OM": true, "PK": true, "PW": true, "PS": true, + "PA": true, "PG": true, "PY": true, "PE": true, "PH": true, + "PN": true, "PL": true, "PT": true, "PR": true, "QA": true, + "RE": true, "RO": true, "RU": true, "RW": true, "BL": true, + "SH": true, "KN": true, "LC": true, "MF": true, "PM": true, + "VC": true, "WS": true, "SM": true, "ST": true, "SA": true, + "SN": true, "RS": true, "SC": true, "SL": true, "SG": true, + "SX": true, "SK": true, "SI": true, "SB": true, "SO": true, + "ZA": true, "GS": true, "SS": true, "ES": true, "LK": true, + "SD": true, "SR": true, "SJ": true, "SZ": true, "SE": true, + "CH": true, "SY": true, "TW": true, "TJ": true, "TZ": true, + "TH": true, "TL": true, "TG": true, "TK": true, "TO": true, + "TT": true, "TN": true, "TR": true, "TM": true, "TC": true, + "TV": true, "UG": true, "UA": true, "AE": true, "GB": true, + "US": true, "UM": true, "UY": true, "UZ": true, "VU": true, + "VE": true, "VN": true, "VG": true, "VI": true, "WF": true, + "EH": true, "YE": true, "ZM": true, "ZW": true, "XK": true, +} + +var iso3166_1_alpha3 = map[string]bool{ + // see: https://www.iso.org/iso-3166-country-codes.html + "AFG": true, "ALB": true, "DZA": true, "ASM": true, "AND": true, + "AGO": true, "AIA": true, "ATA": true, "ATG": true, "ARG": true, + "ARM": true, "ABW": true, "AUS": true, "AUT": true, "AZE": true, + "BHS": true, "BHR": true, "BGD": true, "BRB": true, "BLR": true, + "BEL": true, "BLZ": true, "BEN": true, "BMU": true, "BTN": true, + "BOL": true, "BES": true, "BIH": true, "BWA": true, "BVT": true, + "BRA": true, "IOT": true, "BRN": true, "BGR": true, "BFA": true, + "BDI": true, "CPV": true, "KHM": true, "CMR": true, "CAN": true, + "CYM": true, "CAF": true, "TCD": true, "CHL": true, "CHN": true, + "CXR": true, "CCK": true, "COL": true, "COM": true, "COD": true, + "COG": true, "COK": true, "CRI": true, "HRV": true, "CUB": true, + "CUW": true, "CYP": true, "CZE": true, "CIV": true, "DNK": true, + "DJI": true, "DMA": true, "DOM": true, "ECU": true, "EGY": true, + "SLV": true, "GNQ": true, "ERI": true, "EST": true, "SWZ": true, + "ETH": true, "FLK": true, "FRO": true, "FJI": true, "FIN": true, + "FRA": true, "GUF": true, "PYF": true, "ATF": true, "GAB": true, + "GMB": true, "GEO": true, "DEU": true, "GHA": true, "GIB": true, + "GRC": true, "GRL": true, "GRD": true, "GLP": true, "GUM": true, + "GTM": true, "GGY": true, "GIN": true, "GNB": true, "GUY": true, + "HTI": true, "HMD": true, "VAT": true, "HND": true, "HKG": true, + "HUN": true, "ISL": true, "IND": true, "IDN": true, "IRN": true, + "IRQ": true, "IRL": true, "IMN": true, "ISR": true, "ITA": true, + "JAM": true, "JPN": true, "JEY": true, "JOR": true, "KAZ": true, + "KEN": true, "KIR": true, "PRK": true, "KOR": true, "KWT": true, + "KGZ": true, "LAO": true, "LVA": true, "LBN": true, "LSO": true, + "LBR": true, "LBY": true, "LIE": true, "LTU": true, "LUX": true, + "MAC": true, "MDG": true, "MWI": true, "MYS": true, "MDV": true, + "MLI": true, "MLT": true, "MHL": true, "MTQ": true, "MRT": true, + "MUS": true, "MYT": true, "MEX": true, "FSM": true, "MDA": true, + "MCO": true, "MNG": true, "MNE": true, "MSR": true, "MAR": true, + "MOZ": true, "MMR": true, "NAM": true, "NRU": true, "NPL": true, + "NLD": true, "NCL": true, "NZL": true, "NIC": true, "NER": true, + "NGA": true, "NIU": true, "NFK": true, "MKD": true, "MNP": true, + "NOR": true, "OMN": true, "PAK": true, "PLW": true, "PSE": true, + "PAN": true, "PNG": true, "PRY": true, "PER": true, "PHL": true, + "PCN": true, "POL": true, "PRT": true, "PRI": true, "QAT": true, + "ROU": true, "RUS": true, "RWA": true, "REU": true, "BLM": true, + "SHN": true, "KNA": true, "LCA": true, "MAF": true, "SPM": true, + "VCT": true, "WSM": true, "SMR": true, "STP": true, "SAU": true, + "SEN": true, "SRB": true, "SYC": true, "SLE": true, "SGP": true, + "SXM": true, "SVK": true, "SVN": true, "SLB": true, "SOM": true, + "ZAF": true, "SGS": true, "SSD": true, "ESP": true, "LKA": true, + "SDN": true, "SUR": true, "SJM": true, "SWE": true, "CHE": true, + "SYR": true, "TWN": true, "TJK": true, "TZA": true, "THA": true, + "TLS": true, "TGO": true, "TKL": true, "TON": true, "TTO": true, + "TUN": true, "TUR": true, "TKM": true, "TCA": true, "TUV": true, + "UGA": true, "UKR": true, "ARE": true, "GBR": true, "UMI": true, + "USA": true, "URY": true, "UZB": true, "VUT": true, "VEN": true, + "VNM": true, "VGB": true, "VIR": true, "WLF": true, "ESH": true, + "YEM": true, "ZMB": true, "ZWE": true, "ALA": true, "UNK": true, +} +var iso3166_1_alpha_numeric = map[int]bool{ + // see: https://www.iso.org/iso-3166-country-codes.html + 4: true, 8: true, 12: true, 16: true, 20: true, + 24: true, 660: true, 10: true, 28: true, 32: true, + 51: true, 533: true, 36: true, 40: true, 31: true, + 44: true, 48: true, 50: true, 52: true, 112: true, + 56: true, 84: true, 204: true, 60: true, 64: true, + 68: true, 535: true, 70: true, 72: true, 74: true, + 76: true, 86: true, 96: true, 100: true, 854: true, + 108: true, 132: true, 116: true, 120: true, 124: true, + 136: true, 140: true, 148: true, 152: true, 156: true, + 162: true, 166: true, 170: true, 174: true, 180: true, + 178: true, 184: true, 188: true, 191: true, 192: true, + 531: true, 196: true, 203: true, 384: true, 208: true, + 262: true, 212: true, 214: true, 218: true, 818: true, + 222: true, 226: true, 232: true, 233: true, 748: true, + 231: true, 238: true, 234: true, 242: true, 246: true, + 250: true, 254: true, 258: true, 260: true, 266: true, + 270: true, 268: true, 276: true, 288: true, 292: true, + 300: true, 304: true, 308: true, 312: true, 316: true, + 320: true, 831: true, 324: true, 624: true, 328: true, + 332: true, 334: true, 336: true, 340: true, 344: true, + 348: true, 352: true, 356: true, 360: true, 364: true, + 368: true, 372: true, 833: true, 376: true, 380: true, + 388: true, 392: true, 832: true, 400: true, 398: true, + 404: true, 296: true, 408: true, 410: true, 414: true, + 417: true, 418: true, 428: true, 422: true, 426: true, + 430: true, 434: true, 438: true, 440: true, 442: true, + 446: true, 450: true, 454: true, 458: true, 462: true, + 466: true, 470: true, 584: true, 474: true, 478: true, + 480: true, 175: true, 484: true, 583: true, 498: true, + 492: true, 496: true, 499: true, 500: true, 504: true, + 508: true, 104: true, 516: true, 520: true, 524: true, + 528: true, 540: true, 554: true, 558: true, 562: true, + 566: true, 570: true, 574: true, 807: true, 580: true, + 578: true, 512: true, 586: true, 585: true, 275: true, + 591: true, 598: true, 600: true, 604: true, 608: true, + 612: true, 616: true, 620: true, 630: true, 634: true, + 642: true, 643: true, 646: true, 638: true, 652: true, + 654: true, 659: true, 662: true, 663: true, 666: true, + 670: true, 882: true, 674: true, 678: true, 682: true, + 686: true, 688: true, 690: true, 694: true, 702: true, + 534: true, 703: true, 705: true, 90: true, 706: true, + 710: true, 239: true, 728: true, 724: true, 144: true, + 729: true, 740: true, 744: true, 752: true, 756: true, + 760: true, 158: true, 762: true, 834: true, 764: true, + 626: true, 768: true, 772: true, 776: true, 780: true, + 788: true, 792: true, 795: true, 796: true, 798: true, + 800: true, 804: true, 784: true, 826: true, 581: true, + 840: true, 858: true, 860: true, 548: true, 862: true, + 704: true, 92: true, 850: true, 876: true, 732: true, + 887: true, 894: true, 716: true, 248: true, 153: true, +} + +var iso3166_2 = map[string]bool{ + "AD-02": true, "AD-03": true, "AD-04": true, "AD-05": true, "AD-06": true, + "AD-07": true, "AD-08": true, "AE-AJ": true, "AE-AZ": true, "AE-DU": true, + "AE-FU": true, "AE-RK": true, "AE-SH": true, "AE-UQ": true, "AF-BAL": true, + "AF-BAM": true, "AF-BDG": true, "AF-BDS": true, "AF-BGL": true, "AF-DAY": true, + "AF-FRA": true, "AF-FYB": true, "AF-GHA": true, "AF-GHO": true, "AF-HEL": true, + "AF-HER": true, "AF-JOW": true, "AF-KAB": true, "AF-KAN": true, "AF-KAP": true, + "AF-KDZ": true, "AF-KHO": true, "AF-KNR": true, "AF-LAG": true, "AF-LOG": true, + "AF-NAN": true, "AF-NIM": true, "AF-NUR": true, "AF-PAN": true, "AF-PAR": true, + "AF-PIA": true, "AF-PKA": true, "AF-SAM": true, "AF-SAR": true, "AF-TAK": true, + "AF-URU": true, "AF-WAR": true, "AF-ZAB": true, "AG-03": true, "AG-04": true, + "AG-05": true, "AG-06": true, "AG-07": true, "AG-08": true, "AG-10": true, + "AG-11": true, "AL-01": true, "AL-02": true, "AL-03": true, "AL-04": true, + "AL-05": true, "AL-06": true, "AL-07": true, "AL-08": true, "AL-09": true, + "AL-10": true, "AL-11": true, "AL-12": true, "AL-BR": true, "AL-BU": true, + "AL-DI": true, "AL-DL": true, "AL-DR": true, "AL-DV": true, "AL-EL": true, + "AL-ER": true, "AL-FR": true, "AL-GJ": true, "AL-GR": true, "AL-HA": true, + "AL-KA": true, "AL-KB": true, "AL-KC": true, "AL-KO": true, "AL-KR": true, + "AL-KU": true, "AL-LB": true, "AL-LE": true, "AL-LU": true, "AL-MK": true, + "AL-MM": true, "AL-MR": true, "AL-MT": true, "AL-PG": true, "AL-PQ": true, + "AL-PR": true, "AL-PU": true, "AL-SH": true, "AL-SK": true, "AL-SR": true, + "AL-TE": true, "AL-TP": true, "AL-TR": true, "AL-VL": true, "AM-AG": true, + "AM-AR": true, "AM-AV": true, "AM-ER": true, "AM-GR": true, "AM-KT": true, + "AM-LO": true, "AM-SH": true, "AM-SU": true, "AM-TV": true, "AM-VD": true, + "AO-BGO": true, "AO-BGU": true, "AO-BIE": true, "AO-CAB": true, "AO-CCU": true, + "AO-CNN": true, "AO-CNO": true, "AO-CUS": true, "AO-HUA": true, "AO-HUI": true, + "AO-LNO": true, "AO-LSU": true, "AO-LUA": true, "AO-MAL": true, "AO-MOX": true, + "AO-NAM": true, "AO-UIG": true, "AO-ZAI": true, "AR-A": true, "AR-B": true, + "AR-C": true, "AR-D": true, "AR-E": true, "AR-F": true, "AR-G": true, "AR-H": true, + "AR-J": true, "AR-K": true, "AR-L": true, "AR-M": true, "AR-N": true, + "AR-P": true, "AR-Q": true, "AR-R": true, "AR-S": true, "AR-T": true, + "AR-U": true, "AR-V": true, "AR-W": true, "AR-X": true, "AR-Y": true, + "AR-Z": true, "AT-1": true, "AT-2": true, "AT-3": true, "AT-4": true, + "AT-5": true, "AT-6": true, "AT-7": true, "AT-8": true, "AT-9": true, + "AU-ACT": true, "AU-NSW": true, "AU-NT": true, "AU-QLD": true, "AU-SA": true, + "AU-TAS": true, "AU-VIC": true, "AU-WA": true, "AZ-ABS": true, "AZ-AGA": true, + "AZ-AGC": true, "AZ-AGM": true, "AZ-AGS": true, "AZ-AGU": true, "AZ-AST": true, + "AZ-BA": true, "AZ-BAB": true, "AZ-BAL": true, "AZ-BAR": true, "AZ-BEY": true, + "AZ-BIL": true, "AZ-CAB": true, "AZ-CAL": true, "AZ-CUL": true, "AZ-DAS": true, + "AZ-FUZ": true, "AZ-GA": true, "AZ-GAD": true, "AZ-GOR": true, "AZ-GOY": true, + "AZ-GYG": true, "AZ-HAC": true, "AZ-IMI": true, "AZ-ISM": true, "AZ-KAL": true, + "AZ-KAN": true, "AZ-KUR": true, "AZ-LA": true, "AZ-LAC": true, "AZ-LAN": true, + "AZ-LER": true, "AZ-MAS": true, "AZ-MI": true, "AZ-NA": true, "AZ-NEF": true, + "AZ-NV": true, "AZ-NX": true, "AZ-OGU": true, "AZ-ORD": true, "AZ-QAB": true, + "AZ-QAX": true, "AZ-QAZ": true, "AZ-QBA": true, "AZ-QBI": true, "AZ-QOB": true, + "AZ-QUS": true, "AZ-SA": true, "AZ-SAB": true, "AZ-SAD": true, "AZ-SAH": true, + "AZ-SAK": true, "AZ-SAL": true, "AZ-SAR": true, "AZ-SAT": true, "AZ-SBN": true, + "AZ-SIY": true, "AZ-SKR": true, "AZ-SM": true, "AZ-SMI": true, "AZ-SMX": true, + "AZ-SR": true, "AZ-SUS": true, "AZ-TAR": true, "AZ-TOV": true, "AZ-UCA": true, + "AZ-XA": true, "AZ-XAC": true, "AZ-XCI": true, "AZ-XIZ": true, "AZ-XVD": true, + "AZ-YAR": true, "AZ-YE": true, "AZ-YEV": true, "AZ-ZAN": true, "AZ-ZAQ": true, + "AZ-ZAR": true, "BA-01": true, "BA-02": true, "BA-03": true, "BA-04": true, + "BA-05": true, "BA-06": true, "BA-07": true, "BA-08": true, "BA-09": true, + "BA-10": true, "BA-BIH": true, "BA-BRC": true, "BA-SRP": true, "BB-01": true, + "BB-02": true, "BB-03": true, "BB-04": true, "BB-05": true, "BB-06": true, + "BB-07": true, "BB-08": true, "BB-09": true, "BB-10": true, "BB-11": true, + "BD-01": true, "BD-02": true, "BD-03": true, "BD-04": true, "BD-05": true, + "BD-06": true, "BD-07": true, "BD-08": true, "BD-09": true, "BD-10": true, + "BD-11": true, "BD-12": true, "BD-13": true, "BD-14": true, "BD-15": true, + "BD-16": true, "BD-17": true, "BD-18": true, "BD-19": true, "BD-20": true, + "BD-21": true, "BD-22": true, "BD-23": true, "BD-24": true, "BD-25": true, + "BD-26": true, "BD-27": true, "BD-28": true, "BD-29": true, "BD-30": true, + "BD-31": true, "BD-32": true, "BD-33": true, "BD-34": true, "BD-35": true, + "BD-36": true, "BD-37": true, "BD-38": true, "BD-39": true, "BD-40": true, + "BD-41": true, "BD-42": true, "BD-43": true, "BD-44": true, "BD-45": true, + "BD-46": true, "BD-47": true, "BD-48": true, "BD-49": true, "BD-50": true, + "BD-51": true, "BD-52": true, "BD-53": true, "BD-54": true, "BD-55": true, + "BD-56": true, "BD-57": true, "BD-58": true, "BD-59": true, "BD-60": true, + "BD-61": true, "BD-62": true, "BD-63": true, "BD-64": true, "BD-A": true, + "BD-B": true, "BD-C": true, "BD-D": true, "BD-E": true, "BD-F": true, + "BD-G": true, "BE-BRU": true, "BE-VAN": true, "BE-VBR": true, "BE-VLG": true, + "BE-VLI": true, "BE-VOV": true, "BE-VWV": true, "BE-WAL": true, "BE-WBR": true, + "BE-WHT": true, "BE-WLG": true, "BE-WLX": true, "BE-WNA": true, "BF-01": true, + "BF-02": true, "BF-03": true, "BF-04": true, "BF-05": true, "BF-06": true, + "BF-07": true, "BF-08": true, "BF-09": true, "BF-10": true, "BF-11": true, + "BF-12": true, "BF-13": true, "BF-BAL": true, "BF-BAM": true, "BF-BAN": true, + "BF-BAZ": true, "BF-BGR": true, "BF-BLG": true, "BF-BLK": true, "BF-COM": true, + "BF-GAN": true, "BF-GNA": true, "BF-GOU": true, "BF-HOU": true, "BF-IOB": true, + "BF-KAD": true, "BF-KEN": true, "BF-KMD": true, "BF-KMP": true, "BF-KOP": true, + "BF-KOS": true, "BF-KOT": true, "BF-KOW": true, "BF-LER": true, "BF-LOR": true, + "BF-MOU": true, "BF-NAM": true, "BF-NAO": true, "BF-NAY": true, "BF-NOU": true, + "BF-OUB": true, "BF-OUD": true, "BF-PAS": true, "BF-PON": true, "BF-SEN": true, + "BF-SIS": true, "BF-SMT": true, "BF-SNG": true, "BF-SOM": true, "BF-SOR": true, + "BF-TAP": true, "BF-TUI": true, "BF-YAG": true, "BF-YAT": true, "BF-ZIR": true, + "BF-ZON": true, "BF-ZOU": true, "BG-01": true, "BG-02": true, "BG-03": true, + "BG-04": true, "BG-05": true, "BG-06": true, "BG-07": true, "BG-08": true, + "BG-09": true, "BG-10": true, "BG-11": true, "BG-12": true, "BG-13": true, + "BG-14": true, "BG-15": true, "BG-16": true, "BG-17": true, "BG-18": true, + "BG-19": true, "BG-20": true, "BG-21": true, "BG-22": true, "BG-23": true, + "BG-24": true, "BG-25": true, "BG-26": true, "BG-27": true, "BG-28": true, + "BH-13": true, "BH-14": true, "BH-15": true, "BH-16": true, "BH-17": true, + "BI-BB": true, "BI-BL": true, "BI-BM": true, "BI-BR": true, "BI-CA": true, + "BI-CI": true, "BI-GI": true, "BI-KI": true, "BI-KR": true, "BI-KY": true, + "BI-MA": true, "BI-MU": true, "BI-MW": true, "BI-NG": true, "BI-RM": true, "BI-RT": true, + "BI-RY": true, "BJ-AK": true, "BJ-AL": true, "BJ-AQ": true, "BJ-BO": true, + "BJ-CO": true, "BJ-DO": true, "BJ-KO": true, "BJ-LI": true, "BJ-MO": true, + "BJ-OU": true, "BJ-PL": true, "BJ-ZO": true, "BN-BE": true, "BN-BM": true, + "BN-TE": true, "BN-TU": true, "BO-B": true, "BO-C": true, "BO-H": true, + "BO-L": true, "BO-N": true, "BO-O": true, "BO-P": true, "BO-S": true, + "BO-T": true, "BQ-BO": true, "BQ-SA": true, "BQ-SE": true, "BR-AC": true, + "BR-AL": true, "BR-AM": true, "BR-AP": true, "BR-BA": true, "BR-CE": true, + "BR-DF": true, "BR-ES": true, "BR-FN": true, "BR-GO": true, "BR-MA": true, + "BR-MG": true, "BR-MS": true, "BR-MT": true, "BR-PA": true, "BR-PB": true, + "BR-PE": true, "BR-PI": true, "BR-PR": true, "BR-RJ": true, "BR-RN": true, + "BR-RO": true, "BR-RR": true, "BR-RS": true, "BR-SC": true, "BR-SE": true, + "BR-SP": true, "BR-TO": true, "BS-AK": true, "BS-BI": true, "BS-BP": true, + "BS-BY": true, "BS-CE": true, "BS-CI": true, "BS-CK": true, "BS-CO": true, + "BS-CS": true, "BS-EG": true, "BS-EX": true, "BS-FP": true, "BS-GC": true, + "BS-HI": true, "BS-HT": true, "BS-IN": true, "BS-LI": true, "BS-MC": true, + "BS-MG": true, "BS-MI": true, "BS-NE": true, "BS-NO": true, "BS-NP": true, "BS-NS": true, + "BS-RC": true, "BS-RI": true, "BS-SA": true, "BS-SE": true, "BS-SO": true, + "BS-SS": true, "BS-SW": true, "BS-WG": true, "BT-11": true, "BT-12": true, + "BT-13": true, "BT-14": true, "BT-15": true, "BT-21": true, "BT-22": true, + "BT-23": true, "BT-24": true, "BT-31": true, "BT-32": true, "BT-33": true, + "BT-34": true, "BT-41": true, "BT-42": true, "BT-43": true, "BT-44": true, + "BT-45": true, "BT-GA": true, "BT-TY": true, "BW-CE": true, "BW-CH": true, "BW-GH": true, + "BW-KG": true, "BW-KL": true, "BW-KW": true, "BW-NE": true, "BW-NW": true, + "BW-SE": true, "BW-SO": true, "BY-BR": true, "BY-HM": true, "BY-HO": true, + "BY-HR": true, "BY-MA": true, "BY-MI": true, "BY-VI": true, "BZ-BZ": true, + "BZ-CY": true, "BZ-CZL": true, "BZ-OW": true, "BZ-SC": true, "BZ-TOL": true, + "CA-AB": true, "CA-BC": true, "CA-MB": true, "CA-NB": true, "CA-NL": true, + "CA-NS": true, "CA-NT": true, "CA-NU": true, "CA-ON": true, "CA-PE": true, + "CA-QC": true, "CA-SK": true, "CA-YT": true, "CD-BC": true, "CD-BN": true, + "CD-EQ": true, "CD-HK": true, "CD-IT": true, "CD-KA": true, "CD-KC": true, "CD-KE": true, "CD-KG": true, "CD-KN": true, + "CD-KW": true, "CD-KS": true, "CD-LU": true, "CD-MA": true, "CD-NK": true, "CD-OR": true, "CD-SA": true, "CD-SK": true, + "CD-TA": true, "CD-TO": true, "CF-AC": true, "CF-BB": true, "CF-BGF": true, "CF-BK": true, "CF-HK": true, "CF-HM": true, + "CF-HS": true, "CF-KB": true, "CF-KG": true, "CF-LB": true, "CF-MB": true, + "CF-MP": true, "CF-NM": true, "CF-OP": true, "CF-SE": true, "CF-UK": true, + "CF-VK": true, "CG-11": true, "CG-12": true, "CG-13": true, "CG-14": true, + "CG-15": true, "CG-16": true, "CG-2": true, "CG-5": true, "CG-7": true, "CG-8": true, + "CG-9": true, "CG-BZV": true, "CH-AG": true, "CH-AI": true, "CH-AR": true, + "CH-BE": true, "CH-BL": true, "CH-BS": true, "CH-FR": true, "CH-GE": true, + "CH-GL": true, "CH-GR": true, "CH-JU": true, "CH-LU": true, "CH-NE": true, + "CH-NW": true, "CH-OW": true, "CH-SG": true, "CH-SH": true, "CH-SO": true, + "CH-SZ": true, "CH-TG": true, "CH-TI": true, "CH-UR": true, "CH-VD": true, + "CH-VS": true, "CH-ZG": true, "CH-ZH": true, "CI-AB": true, "CI-BS": true, + "CI-CM": true, "CI-DN": true, "CI-GD": true, "CI-LC": true, "CI-LG": true, + "CI-MG": true, "CI-SM": true, "CI-SV": true, "CI-VB": true, "CI-WR": true, + "CI-YM": true, "CI-ZZ": true, "CL-AI": true, "CL-AN": true, "CL-AP": true, + "CL-AR": true, "CL-AT": true, "CL-BI": true, "CL-CO": true, "CL-LI": true, + "CL-LL": true, "CL-LR": true, "CL-MA": true, "CL-ML": true, "CL-NB": true, "CL-RM": true, + "CL-TA": true, "CL-VS": true, "CM-AD": true, "CM-CE": true, "CM-EN": true, + "CM-ES": true, "CM-LT": true, "CM-NO": true, "CM-NW": true, "CM-OU": true, + "CM-SU": true, "CM-SW": true, "CN-AH": true, "CN-BJ": true, "CN-CQ": true, + "CN-FJ": true, "CN-GS": true, "CN-GD": true, "CN-GX": true, "CN-GZ": true, + "CN-HI": true, "CN-HE": true, "CN-HL": true, "CN-HA": true, "CN-HB": true, + "CN-HN": true, "CN-JS": true, "CN-JX": true, "CN-JL": true, "CN-LN": true, + "CN-NM": true, "CN-NX": true, "CN-QH": true, "CN-SN": true, "CN-SD": true, "CN-SH": true, + "CN-SX": true, "CN-SC": true, "CN-TJ": true, "CN-XJ": true, "CN-XZ": true, "CN-YN": true, + "CN-ZJ": true, "CO-AMA": true, "CO-ANT": true, "CO-ARA": true, "CO-ATL": true, + "CO-BOL": true, "CO-BOY": true, "CO-CAL": true, "CO-CAQ": true, "CO-CAS": true, + "CO-CAU": true, "CO-CES": true, "CO-CHO": true, "CO-COR": true, "CO-CUN": true, + "CO-DC": true, "CO-GUA": true, "CO-GUV": true, "CO-HUI": true, "CO-LAG": true, + "CO-MAG": true, "CO-MET": true, "CO-NAR": true, "CO-NSA": true, "CO-PUT": true, + "CO-QUI": true, "CO-RIS": true, "CO-SAN": true, "CO-SAP": true, "CO-SUC": true, + "CO-TOL": true, "CO-VAC": true, "CO-VAU": true, "CO-VID": true, "CR-A": true, + "CR-C": true, "CR-G": true, "CR-H": true, "CR-L": true, "CR-P": true, + "CR-SJ": true, "CU-01": true, "CU-02": true, "CU-03": true, "CU-04": true, + "CU-05": true, "CU-06": true, "CU-07": true, "CU-08": true, "CU-09": true, + "CU-10": true, "CU-11": true, "CU-12": true, "CU-13": true, "CU-14": true, "CU-15": true, + "CU-16": true, "CU-99": true, "CV-B": true, "CV-BR": true, "CV-BV": true, "CV-CA": true, + "CV-CF": true, "CV-CR": true, "CV-MA": true, "CV-MO": true, "CV-PA": true, + "CV-PN": true, "CV-PR": true, "CV-RB": true, "CV-RG": true, "CV-RS": true, + "CV-S": true, "CV-SD": true, "CV-SF": true, "CV-SL": true, "CV-SM": true, + "CV-SO": true, "CV-SS": true, "CV-SV": true, "CV-TA": true, "CV-TS": true, + "CY-01": true, "CY-02": true, "CY-03": true, "CY-04": true, "CY-05": true, + "CY-06": true, "CZ-10": true, "CZ-101": true, "CZ-102": true, "CZ-103": true, + "CZ-104": true, "CZ-105": true, "CZ-106": true, "CZ-107": true, "CZ-108": true, + "CZ-109": true, "CZ-110": true, "CZ-111": true, "CZ-112": true, "CZ-113": true, + "CZ-114": true, "CZ-115": true, "CZ-116": true, "CZ-117": true, "CZ-118": true, + "CZ-119": true, "CZ-120": true, "CZ-121": true, "CZ-122": true, "CZ-20": true, + "CZ-201": true, "CZ-202": true, "CZ-203": true, "CZ-204": true, "CZ-205": true, + "CZ-206": true, "CZ-207": true, "CZ-208": true, "CZ-209": true, "CZ-20A": true, + "CZ-20B": true, "CZ-20C": true, "CZ-31": true, "CZ-311": true, "CZ-312": true, + "CZ-313": true, "CZ-314": true, "CZ-315": true, "CZ-316": true, "CZ-317": true, + "CZ-32": true, "CZ-321": true, "CZ-322": true, "CZ-323": true, "CZ-324": true, + "CZ-325": true, "CZ-326": true, "CZ-327": true, "CZ-41": true, "CZ-411": true, + "CZ-412": true, "CZ-413": true, "CZ-42": true, "CZ-421": true, "CZ-422": true, + "CZ-423": true, "CZ-424": true, "CZ-425": true, "CZ-426": true, "CZ-427": true, + "CZ-51": true, "CZ-511": true, "CZ-512": true, "CZ-513": true, "CZ-514": true, + "CZ-52": true, "CZ-521": true, "CZ-522": true, "CZ-523": true, "CZ-524": true, + "CZ-525": true, "CZ-53": true, "CZ-531": true, "CZ-532": true, "CZ-533": true, + "CZ-534": true, "CZ-63": true, "CZ-631": true, "CZ-632": true, "CZ-633": true, + "CZ-634": true, "CZ-635": true, "CZ-64": true, "CZ-641": true, "CZ-642": true, + "CZ-643": true, "CZ-644": true, "CZ-645": true, "CZ-646": true, "CZ-647": true, + "CZ-71": true, "CZ-711": true, "CZ-712": true, "CZ-713": true, "CZ-714": true, + "CZ-715": true, "CZ-72": true, "CZ-721": true, "CZ-722": true, "CZ-723": true, + "CZ-724": true, "CZ-80": true, "CZ-801": true, "CZ-802": true, "CZ-803": true, + "CZ-804": true, "CZ-805": true, "CZ-806": true, "DE-BB": true, "DE-BE": true, + "DE-BW": true, "DE-BY": true, "DE-HB": true, "DE-HE": true, "DE-HH": true, + "DE-MV": true, "DE-NI": true, "DE-NW": true, "DE-RP": true, "DE-SH": true, + "DE-SL": true, "DE-SN": true, "DE-ST": true, "DE-TH": true, "DJ-AR": true, + "DJ-AS": true, "DJ-DI": true, "DJ-DJ": true, "DJ-OB": true, "DJ-TA": true, + "DK-81": true, "DK-82": true, "DK-83": true, "DK-84": true, "DK-85": true, + "DM-01": true, "DM-02": true, "DM-03": true, "DM-04": true, "DM-05": true, + "DM-06": true, "DM-07": true, "DM-08": true, "DM-09": true, "DM-10": true, + "DO-01": true, "DO-02": true, "DO-03": true, "DO-04": true, "DO-05": true, + "DO-06": true, "DO-07": true, "DO-08": true, "DO-09": true, "DO-10": true, + "DO-11": true, "DO-12": true, "DO-13": true, "DO-14": true, "DO-15": true, + "DO-16": true, "DO-17": true, "DO-18": true, "DO-19": true, "DO-20": true, + "DO-21": true, "DO-22": true, "DO-23": true, "DO-24": true, "DO-25": true, + "DO-26": true, "DO-27": true, "DO-28": true, "DO-29": true, "DO-30": true, "DO-31": true, + "DZ-01": true, "DZ-02": true, "DZ-03": true, "DZ-04": true, "DZ-05": true, + "DZ-06": true, "DZ-07": true, "DZ-08": true, "DZ-09": true, "DZ-10": true, + "DZ-11": true, "DZ-12": true, "DZ-13": true, "DZ-14": true, "DZ-15": true, + "DZ-16": true, "DZ-17": true, "DZ-18": true, "DZ-19": true, "DZ-20": true, + "DZ-21": true, "DZ-22": true, "DZ-23": true, "DZ-24": true, "DZ-25": true, + "DZ-26": true, "DZ-27": true, "DZ-28": true, "DZ-29": true, "DZ-30": true, + "DZ-31": true, "DZ-32": true, "DZ-33": true, "DZ-34": true, "DZ-35": true, + "DZ-36": true, "DZ-37": true, "DZ-38": true, "DZ-39": true, "DZ-40": true, + "DZ-41": true, "DZ-42": true, "DZ-43": true, "DZ-44": true, "DZ-45": true, + "DZ-46": true, "DZ-47": true, "DZ-48": true, "DZ-49": true, "DZ-51": true, + "DZ-53": true, "DZ-55": true, "DZ-56": true, "DZ-57": true, "EC-A": true, "EC-B": true, + "EC-C": true, "EC-D": true, "EC-E": true, "EC-F": true, "EC-G": true, + "EC-H": true, "EC-I": true, "EC-L": true, "EC-M": true, "EC-N": true, + "EC-O": true, "EC-P": true, "EC-R": true, "EC-S": true, "EC-SD": true, + "EC-SE": true, "EC-T": true, "EC-U": true, "EC-W": true, "EC-X": true, + "EC-Y": true, "EC-Z": true, "EE-37": true, "EE-39": true, "EE-44": true, "EE-45": true, + "EE-49": true, "EE-50": true, "EE-51": true, "EE-52": true, "EE-56": true, "EE-57": true, + "EE-59": true, "EE-60": true, "EE-64": true, "EE-65": true, "EE-67": true, "EE-68": true, + "EE-70": true, "EE-71": true, "EE-74": true, "EE-78": true, "EE-79": true, "EE-81": true, "EE-82": true, + "EE-84": true, "EE-86": true, "EE-87": true, "EG-ALX": true, "EG-ASN": true, "EG-AST": true, + "EG-BA": true, "EG-BH": true, "EG-BNS": true, "EG-C": true, "EG-DK": true, + "EG-DT": true, "EG-FYM": true, "EG-GH": true, "EG-GZ": true, "EG-HU": true, + "EG-IS": true, "EG-JS": true, "EG-KB": true, "EG-KFS": true, "EG-KN": true, + "EG-LX": true, "EG-MN": true, "EG-MNF": true, "EG-MT": true, "EG-PTS": true, "EG-SHG": true, + "EG-SHR": true, "EG-SIN": true, "EG-SU": true, "EG-SUZ": true, "EG-WAD": true, + "ER-AN": true, "ER-DK": true, "ER-DU": true, "ER-GB": true, "ER-MA": true, + "ER-SK": true, "ES-A": true, "ES-AB": true, "ES-AL": true, "ES-AN": true, + "ES-AR": true, "ES-AS": true, "ES-AV": true, "ES-B": true, "ES-BA": true, + "ES-BI": true, "ES-BU": true, "ES-C": true, "ES-CA": true, "ES-CB": true, + "ES-CC": true, "ES-CE": true, "ES-CL": true, "ES-CM": true, "ES-CN": true, + "ES-CO": true, "ES-CR": true, "ES-CS": true, "ES-CT": true, "ES-CU": true, + "ES-EX": true, "ES-GA": true, "ES-GC": true, "ES-GI": true, "ES-GR": true, + "ES-GU": true, "ES-H": true, "ES-HU": true, "ES-IB": true, "ES-J": true, + "ES-L": true, "ES-LE": true, "ES-LO": true, "ES-LU": true, "ES-M": true, + "ES-MA": true, "ES-MC": true, "ES-MD": true, "ES-ML": true, "ES-MU": true, + "ES-NA": true, "ES-NC": true, "ES-O": true, "ES-OR": true, "ES-P": true, + "ES-PM": true, "ES-PO": true, "ES-PV": true, "ES-RI": true, "ES-S": true, + "ES-SA": true, "ES-SE": true, "ES-SG": true, "ES-SO": true, "ES-SS": true, + "ES-T": true, "ES-TE": true, "ES-TF": true, "ES-TO": true, "ES-V": true, + "ES-VA": true, "ES-VC": true, "ES-VI": true, "ES-Z": true, "ES-ZA": true, + "ET-AA": true, "ET-AF": true, "ET-AM": true, "ET-BE": true, "ET-DD": true, + "ET-GA": true, "ET-HA": true, "ET-OR": true, "ET-SN": true, "ET-SO": true, + "ET-TI": true, "FI-01": true, "FI-02": true, "FI-03": true, "FI-04": true, + "FI-05": true, "FI-06": true, "FI-07": true, "FI-08": true, "FI-09": true, + "FI-10": true, "FI-11": true, "FI-12": true, "FI-13": true, "FI-14": true, + "FI-15": true, "FI-16": true, "FI-17": true, "FI-18": true, "FI-19": true, + "FJ-C": true, "FJ-E": true, "FJ-N": true, "FJ-R": true, "FJ-W": true, + "FM-KSA": true, "FM-PNI": true, "FM-TRK": true, "FM-YAP": true, "FR-01": true, + "FR-02": true, "FR-03": true, "FR-04": true, "FR-05": true, "FR-06": true, + "FR-07": true, "FR-08": true, "FR-09": true, "FR-10": true, "FR-11": true, + "FR-12": true, "FR-13": true, "FR-14": true, "FR-15": true, "FR-16": true, + "FR-17": true, "FR-18": true, "FR-19": true, "FR-20R": true, "FR-21": true, "FR-22": true, + "FR-23": true, "FR-24": true, "FR-25": true, "FR-26": true, "FR-27": true, + "FR-28": true, "FR-29": true, "FR-2A": true, "FR-2B": true, "FR-30": true, + "FR-31": true, "FR-32": true, "FR-33": true, "FR-34": true, "FR-35": true, + "FR-36": true, "FR-37": true, "FR-38": true, "FR-39": true, "FR-40": true, + "FR-41": true, "FR-42": true, "FR-43": true, "FR-44": true, "FR-45": true, + "FR-46": true, "FR-47": true, "FR-48": true, "FR-49": true, "FR-50": true, + "FR-51": true, "FR-52": true, "FR-53": true, "FR-54": true, "FR-55": true, + "FR-56": true, "FR-57": true, "FR-58": true, "FR-59": true, "FR-60": true, + "FR-61": true, "FR-62": true, "FR-63": true, "FR-64": true, "FR-65": true, + "FR-66": true, "FR-67": true, "FR-68": true, "FR-69": true, "FR-70": true, + "FR-71": true, "FR-72": true, "FR-73": true, "FR-74": true, "FR-75": true, + "FR-76": true, "FR-77": true, "FR-78": true, "FR-79": true, "FR-80": true, + "FR-81": true, "FR-82": true, "FR-83": true, "FR-84": true, "FR-85": true, + "FR-86": true, "FR-87": true, "FR-88": true, "FR-89": true, "FR-90": true, + "FR-91": true, "FR-92": true, "FR-93": true, "FR-94": true, "FR-95": true, + "FR-ARA": true, "FR-BFC": true, "FR-BL": true, "FR-BRE": true, "FR-COR": true, + "FR-CP": true, "FR-CVL": true, "FR-GES": true, "FR-GF": true, "FR-GP": true, + "FR-GUA": true, "FR-HDF": true, "FR-IDF": true, "FR-LRE": true, "FR-MAY": true, + "FR-MF": true, "FR-MQ": true, "FR-NAQ": true, "FR-NC": true, "FR-NOR": true, + "FR-OCC": true, "FR-PAC": true, "FR-PDL": true, "FR-PF": true, "FR-PM": true, + "FR-RE": true, "FR-TF": true, "FR-WF": true, "FR-YT": true, "GA-1": true, + "GA-2": true, "GA-3": true, "GA-4": true, "GA-5": true, "GA-6": true, + "GA-7": true, "GA-8": true, "GA-9": true, "GB-ABC": true, "GB-ABD": true, + "GB-ABE": true, "GB-AGB": true, "GB-AGY": true, "GB-AND": true, "GB-ANN": true, + "GB-ANS": true, "GB-BAS": true, "GB-BBD": true, "GB-BDF": true, "GB-BDG": true, + "GB-BEN": true, "GB-BEX": true, "GB-BFS": true, "GB-BGE": true, "GB-BGW": true, + "GB-BIR": true, "GB-BKM": true, "GB-BMH": true, "GB-BNE": true, "GB-BNH": true, + "GB-BNS": true, "GB-BOL": true, "GB-BPL": true, "GB-BRC": true, "GB-BRD": true, + "GB-BRY": true, "GB-BST": true, "GB-BUR": true, "GB-CAM": true, "GB-CAY": true, + "GB-CBF": true, "GB-CCG": true, "GB-CGN": true, "GB-CHE": true, "GB-CHW": true, + "GB-CLD": true, "GB-CLK": true, "GB-CMA": true, "GB-CMD": true, "GB-CMN": true, + "GB-CON": true, "GB-COV": true, "GB-CRF": true, "GB-CRY": true, "GB-CWY": true, + "GB-DAL": true, "GB-DBY": true, "GB-DEN": true, "GB-DER": true, "GB-DEV": true, + "GB-DGY": true, "GB-DNC": true, "GB-DND": true, "GB-DOR": true, "GB-DRS": true, + "GB-DUD": true, "GB-DUR": true, "GB-EAL": true, "GB-EAW": true, "GB-EAY": true, + "GB-EDH": true, "GB-EDU": true, "GB-ELN": true, "GB-ELS": true, "GB-ENF": true, + "GB-ENG": true, "GB-ERW": true, "GB-ERY": true, "GB-ESS": true, "GB-ESX": true, + "GB-FAL": true, "GB-FIF": true, "GB-FLN": true, "GB-FMO": true, "GB-GAT": true, + "GB-GBN": true, "GB-GLG": true, "GB-GLS": true, "GB-GRE": true, "GB-GWN": true, + "GB-HAL": true, "GB-HAM": true, "GB-HAV": true, "GB-HCK": true, "GB-HEF": true, + "GB-HIL": true, "GB-HLD": true, "GB-HMF": true, "GB-HNS": true, "GB-HPL": true, + "GB-HRT": true, "GB-HRW": true, "GB-HRY": true, "GB-IOS": true, "GB-IOW": true, + "GB-ISL": true, "GB-IVC": true, "GB-KEC": true, "GB-KEN": true, "GB-KHL": true, + "GB-KIR": true, "GB-KTT": true, "GB-KWL": true, "GB-LAN": true, "GB-LBC": true, + "GB-LBH": true, "GB-LCE": true, "GB-LDS": true, "GB-LEC": true, "GB-LEW": true, + "GB-LIN": true, "GB-LIV": true, "GB-LND": true, "GB-LUT": true, "GB-MAN": true, + "GB-MDB": true, "GB-MDW": true, "GB-MEA": true, "GB-MIK": true, "GD-01": true, + "GB-MLN": true, "GB-MON": true, "GB-MRT": true, "GB-MRY": true, "GB-MTY": true, + "GB-MUL": true, "GB-NAY": true, "GB-NBL": true, "GB-NEL": true, "GB-NET": true, + "GB-NFK": true, "GB-NGM": true, "GB-NIR": true, "GB-NLK": true, "GB-NLN": true, + "GB-NMD": true, "GB-NSM": true, "GB-NTH": true, "GB-NTL": true, "GB-NTT": true, + "GB-NTY": true, "GB-NWM": true, "GB-NWP": true, "GB-NYK": true, "GB-OLD": true, + "GB-ORK": true, "GB-OXF": true, "GB-PEM": true, "GB-PKN": true, "GB-PLY": true, + "GB-POL": true, "GB-POR": true, "GB-POW": true, "GB-PTE": true, "GB-RCC": true, + "GB-RCH": true, "GB-RCT": true, "GB-RDB": true, "GB-RDG": true, "GB-RFW": true, + "GB-RIC": true, "GB-ROT": true, "GB-RUT": true, "GB-SAW": true, "GB-SAY": true, + "GB-SCB": true, "GB-SCT": true, "GB-SFK": true, "GB-SFT": true, "GB-SGC": true, + "GB-SHF": true, "GB-SHN": true, "GB-SHR": true, "GB-SKP": true, "GB-SLF": true, + "GB-SLG": true, "GB-SLK": true, "GB-SND": true, "GB-SOL": true, "GB-SOM": true, + "GB-SOS": true, "GB-SRY": true, "GB-STE": true, "GB-STG": true, "GB-STH": true, + "GB-STN": true, "GB-STS": true, "GB-STT": true, "GB-STY": true, "GB-SWA": true, + "GB-SWD": true, "GB-SWK": true, "GB-TAM": true, "GB-TFW": true, "GB-THR": true, + "GB-TOB": true, "GB-TOF": true, "GB-TRF": true, "GB-TWH": true, "GB-UKM": true, + "GB-VGL": true, "GB-WAR": true, "GB-WBK": true, "GB-WDU": true, "GB-WFT": true, + "GB-WGN": true, "GB-WIL": true, "GB-WKF": true, "GB-WLL": true, "GB-WLN": true, + "GB-WLS": true, "GB-WLV": true, "GB-WND": true, "GB-WNM": true, "GB-WOK": true, + "GB-WOR": true, "GB-WRL": true, "GB-WRT": true, "GB-WRX": true, "GB-WSM": true, + "GB-WSX": true, "GB-YOR": true, "GB-ZET": true, "GD-02": true, "GD-03": true, + "GD-04": true, "GD-05": true, "GD-06": true, "GD-10": true, "GE-AB": true, + "GE-AJ": true, "GE-GU": true, "GE-IM": true, "GE-KA": true, "GE-KK": true, + "GE-MM": true, "GE-RL": true, "GE-SJ": true, "GE-SK": true, "GE-SZ": true, + "GE-TB": true, "GH-AA": true, "GH-AH": true, "GH-AF": true, "GH-BA": true, "GH-BO": true, "GH-BE": true, "GH-CP": true, + "GH-EP": true, "GH-NP": true, "GH-TV": true, "GH-UE": true, "GH-UW": true, + "GH-WP": true, "GL-AV": true, "GL-KU": true, "GL-QA": true, "GL-QT": true, "GL-QE": true, "GL-SM": true, + "GM-B": true, "GM-L": true, "GM-M": true, "GM-N": true, "GM-U": true, + "GM-W": true, "GN-B": true, "GN-BE": true, "GN-BF": true, "GN-BK": true, + "GN-C": true, "GN-CO": true, "GN-D": true, "GN-DB": true, "GN-DI": true, + "GN-DL": true, "GN-DU": true, "GN-F": true, "GN-FA": true, "GN-FO": true, + "GN-FR": true, "GN-GA": true, "GN-GU": true, "GN-K": true, "GN-KA": true, + "GN-KB": true, "GN-KD": true, "GN-KE": true, "GN-KN": true, "GN-KO": true, + "GN-KS": true, "GN-L": true, "GN-LA": true, "GN-LE": true, "GN-LO": true, + "GN-M": true, "GN-MC": true, "GN-MD": true, "GN-ML": true, "GN-MM": true, + "GN-N": true, "GN-NZ": true, "GN-PI": true, "GN-SI": true, "GN-TE": true, + "GN-TO": true, "GN-YO": true, "GQ-AN": true, "GQ-BN": true, "GQ-BS": true, + "GQ-C": true, "GQ-CS": true, "GQ-I": true, "GQ-KN": true, "GQ-LI": true, + "GQ-WN": true, "GR-01": true, "GR-03": true, "GR-04": true, "GR-05": true, + "GR-06": true, "GR-07": true, "GR-11": true, "GR-12": true, "GR-13": true, + "GR-14": true, "GR-15": true, "GR-16": true, "GR-17": true, "GR-21": true, + "GR-22": true, "GR-23": true, "GR-24": true, "GR-31": true, "GR-32": true, + "GR-33": true, "GR-34": true, "GR-41": true, "GR-42": true, "GR-43": true, + "GR-44": true, "GR-51": true, "GR-52": true, "GR-53": true, "GR-54": true, + "GR-55": true, "GR-56": true, "GR-57": true, "GR-58": true, "GR-59": true, + "GR-61": true, "GR-62": true, "GR-63": true, "GR-64": true, "GR-69": true, + "GR-71": true, "GR-72": true, "GR-73": true, "GR-81": true, "GR-82": true, + "GR-83": true, "GR-84": true, "GR-85": true, "GR-91": true, "GR-92": true, + "GR-93": true, "GR-94": true, "GR-A": true, "GR-A1": true, "GR-B": true, + "GR-C": true, "GR-D": true, "GR-E": true, "GR-F": true, "GR-G": true, + "GR-H": true, "GR-I": true, "GR-J": true, "GR-K": true, "GR-L": true, + "GR-M": true, "GT-01": true, "GT-02": true, "GT-03": true, "GT-04": true, + "GT-05": true, "GT-06": true, "GT-07": true, "GT-08": true, "GT-09": true, + "GT-10": true, "GT-11": true, "GT-12": true, "GT-13": true, "GT-14": true, + "GT-15": true, "GT-16": true, "GT-17": true, "GT-18": true, "GT-19": true, + "GT-20": true, "GT-21": true, "GT-22": true, "GW-BA": true, "GW-BL": true, + "GW-BM": true, "GW-BS": true, "GW-CA": true, "GW-GA": true, "GW-L": true, + "GW-N": true, "GW-OI": true, "GW-QU": true, "GW-S": true, "GW-TO": true, + "GY-BA": true, "GY-CU": true, "GY-DE": true, "GY-EB": true, "GY-ES": true, + "GY-MA": true, "GY-PM": true, "GY-PT": true, "GY-UD": true, "GY-UT": true, + "HN-AT": true, "HN-CH": true, "HN-CL": true, "HN-CM": true, "HN-CP": true, + "HN-CR": true, "HN-EP": true, "HN-FM": true, "HN-GD": true, "HN-IB": true, + "HN-IN": true, "HN-LE": true, "HN-LP": true, "HN-OC": true, "HN-OL": true, + "HN-SB": true, "HN-VA": true, "HN-YO": true, "HR-01": true, "HR-02": true, + "HR-03": true, "HR-04": true, "HR-05": true, "HR-06": true, "HR-07": true, + "HR-08": true, "HR-09": true, "HR-10": true, "HR-11": true, "HR-12": true, + "HR-13": true, "HR-14": true, "HR-15": true, "HR-16": true, "HR-17": true, + "HR-18": true, "HR-19": true, "HR-20": true, "HR-21": true, "HT-AR": true, + "HT-CE": true, "HT-GA": true, "HT-ND": true, "HT-NE": true, "HT-NO": true, "HT-NI": true, + "HT-OU": true, "HT-SD": true, "HT-SE": true, "HU-BA": true, "HU-BC": true, + "HU-BE": true, "HU-BK": true, "HU-BU": true, "HU-BZ": true, "HU-CS": true, + "HU-DE": true, "HU-DU": true, "HU-EG": true, "HU-ER": true, "HU-FE": true, + "HU-GS": true, "HU-GY": true, "HU-HB": true, "HU-HE": true, "HU-HV": true, + "HU-JN": true, "HU-KE": true, "HU-KM": true, "HU-KV": true, "HU-MI": true, + "HU-NK": true, "HU-NO": true, "HU-NY": true, "HU-PE": true, "HU-PS": true, + "HU-SD": true, "HU-SF": true, "HU-SH": true, "HU-SK": true, "HU-SN": true, + "HU-SO": true, "HU-SS": true, "HU-ST": true, "HU-SZ": true, "HU-TB": true, + "HU-TO": true, "HU-VA": true, "HU-VE": true, "HU-VM": true, "HU-ZA": true, + "HU-ZE": true, "ID-AC": true, "ID-BA": true, "ID-BB": true, "ID-BE": true, + "ID-BT": true, "ID-GO": true, "ID-IJ": true, "ID-JA": true, "ID-JB": true, + "ID-JI": true, "ID-JK": true, "ID-JT": true, "ID-JW": true, "ID-KA": true, + "ID-KB": true, "ID-KI": true, "ID-KU": true, "ID-KR": true, "ID-KS": true, + "ID-KT": true, "ID-LA": true, "ID-MA": true, "ID-ML": true, "ID-MU": true, + "ID-NB": true, "ID-NT": true, "ID-NU": true, "ID-PA": true, "ID-PB": true, + "ID-PE": true, "ID-PP": true, "ID-PS": true, "ID-PT": true, "ID-RI": true, + "ID-SA": true, "ID-SB": true, "ID-SG": true, "ID-SL": true, "ID-SM": true, + "ID-SN": true, "ID-SR": true, "ID-SS": true, "ID-ST": true, "ID-SU": true, + "ID-YO": true, "IE-C": true, "IE-CE": true, "IE-CN": true, "IE-CO": true, + "IE-CW": true, "IE-D": true, "IE-DL": true, "IE-G": true, "IE-KE": true, + "IE-KK": true, "IE-KY": true, "IE-L": true, "IE-LD": true, "IE-LH": true, + "IE-LK": true, "IE-LM": true, "IE-LS": true, "IE-M": true, "IE-MH": true, + "IE-MN": true, "IE-MO": true, "IE-OY": true, "IE-RN": true, "IE-SO": true, + "IE-TA": true, "IE-U": true, "IE-WD": true, "IE-WH": true, "IE-WW": true, + "IE-WX": true, "IL-D": true, "IL-HA": true, "IL-JM": true, "IL-M": true, + "IL-TA": true, "IL-Z": true, "IN-AN": true, "IN-AP": true, "IN-AR": true, + "IN-AS": true, "IN-BR": true, "IN-CH": true, "IN-CT": true, "IN-DH": true, + "IN-DL": true, "IN-DN": true, "IN-GA": true, "IN-GJ": true, "IN-HP": true, + "IN-HR": true, "IN-JH": true, "IN-JK": true, "IN-KA": true, "IN-KL": true, + "IN-LD": true, "IN-MH": true, "IN-ML": true, "IN-MN": true, "IN-MP": true, + "IN-MZ": true, "IN-NL": true, "IN-TG": true, "IN-OR": true, "IN-PB": true, "IN-PY": true, + "IN-RJ": true, "IN-SK": true, "IN-TN": true, "IN-TR": true, "IN-UP": true, + "IN-UT": true, "IN-WB": true, "IQ-AN": true, "IQ-AR": true, "IQ-BA": true, + "IQ-BB": true, "IQ-BG": true, "IQ-DA": true, "IQ-DI": true, "IQ-DQ": true, + "IQ-KA": true, "IQ-KI": true, "IQ-MA": true, "IQ-MU": true, "IQ-NA": true, "IQ-NI": true, + "IQ-QA": true, "IQ-SD": true, "IQ-SW": true, "IQ-SU": true, "IQ-TS": true, "IQ-WA": true, + "IR-00": true, "IR-01": true, "IR-02": true, "IR-03": true, "IR-04": true, "IR-05": true, + "IR-06": true, "IR-07": true, "IR-08": true, "IR-09": true, "IR-10": true, "IR-11": true, + "IR-12": true, "IR-13": true, "IR-14": true, "IR-15": true, "IR-16": true, + "IR-17": true, "IR-18": true, "IR-19": true, "IR-20": true, "IR-21": true, + "IR-22": true, "IR-23": true, "IR-24": true, "IR-25": true, "IR-26": true, + "IR-27": true, "IR-28": true, "IR-29": true, "IR-30": true, "IR-31": true, + "IS-0": true, "IS-1": true, "IS-2": true, "IS-3": true, "IS-4": true, + "IS-5": true, "IS-6": true, "IS-7": true, "IS-8": true, "IT-21": true, + "IT-23": true, "IT-25": true, "IT-32": true, "IT-34": true, "IT-36": true, + "IT-42": true, "IT-45": true, "IT-52": true, "IT-55": true, "IT-57": true, + "IT-62": true, "IT-65": true, "IT-67": true, "IT-72": true, "IT-75": true, + "IT-77": true, "IT-78": true, "IT-82": true, "IT-88": true, "IT-AG": true, + "IT-AL": true, "IT-AN": true, "IT-AO": true, "IT-AP": true, "IT-AQ": true, + "IT-AR": true, "IT-AT": true, "IT-AV": true, "IT-BA": true, "IT-BG": true, + "IT-BI": true, "IT-BL": true, "IT-BN": true, "IT-BO": true, "IT-BR": true, + "IT-BS": true, "IT-BT": true, "IT-BZ": true, "IT-CA": true, "IT-CB": true, + "IT-CE": true, "IT-CH": true, "IT-CI": true, "IT-CL": true, "IT-CN": true, + "IT-CO": true, "IT-CR": true, "IT-CS": true, "IT-CT": true, "IT-CZ": true, + "IT-EN": true, "IT-FC": true, "IT-FE": true, "IT-FG": true, "IT-FI": true, + "IT-FM": true, "IT-FR": true, "IT-GE": true, "IT-GO": true, "IT-GR": true, + "IT-IM": true, "IT-IS": true, "IT-KR": true, "IT-LC": true, "IT-LE": true, + "IT-LI": true, "IT-LO": true, "IT-LT": true, "IT-LU": true, "IT-MB": true, + "IT-MC": true, "IT-ME": true, "IT-MI": true, "IT-MN": true, "IT-MO": true, + "IT-MS": true, "IT-MT": true, "IT-NA": true, "IT-NO": true, "IT-NU": true, + "IT-OG": true, "IT-OR": true, "IT-OT": true, "IT-PA": true, "IT-PC": true, + "IT-PD": true, "IT-PE": true, "IT-PG": true, "IT-PI": true, "IT-PN": true, + "IT-PO": true, "IT-PR": true, "IT-PT": true, "IT-PU": true, "IT-PV": true, + "IT-PZ": true, "IT-RA": true, "IT-RC": true, "IT-RE": true, "IT-RG": true, + "IT-RI": true, "IT-RM": true, "IT-RN": true, "IT-RO": true, "IT-SA": true, + "IT-SI": true, "IT-SO": true, "IT-SP": true, "IT-SR": true, "IT-SS": true, + "IT-SV": true, "IT-TA": true, "IT-TE": true, "IT-TN": true, "IT-TO": true, + "IT-TP": true, "IT-TR": true, "IT-TS": true, "IT-TV": true, "IT-UD": true, + "IT-VA": true, "IT-VB": true, "IT-VC": true, "IT-VE": true, "IT-VI": true, + "IT-VR": true, "IT-VS": true, "IT-VT": true, "IT-VV": true, "JM-01": true, + "JM-02": true, "JM-03": true, "JM-04": true, "JM-05": true, "JM-06": true, + "JM-07": true, "JM-08": true, "JM-09": true, "JM-10": true, "JM-11": true, + "JM-12": true, "JM-13": true, "JM-14": true, "JO-AJ": true, "JO-AM": true, + "JO-AQ": true, "JO-AT": true, "JO-AZ": true, "JO-BA": true, "JO-IR": true, + "JO-JA": true, "JO-KA": true, "JO-MA": true, "JO-MD": true, "JO-MN": true, + "JP-01": true, "JP-02": true, "JP-03": true, "JP-04": true, "JP-05": true, + "JP-06": true, "JP-07": true, "JP-08": true, "JP-09": true, "JP-10": true, + "JP-11": true, "JP-12": true, "JP-13": true, "JP-14": true, "JP-15": true, + "JP-16": true, "JP-17": true, "JP-18": true, "JP-19": true, "JP-20": true, + "JP-21": true, "JP-22": true, "JP-23": true, "JP-24": true, "JP-25": true, + "JP-26": true, "JP-27": true, "JP-28": true, "JP-29": true, "JP-30": true, + "JP-31": true, "JP-32": true, "JP-33": true, "JP-34": true, "JP-35": true, + "JP-36": true, "JP-37": true, "JP-38": true, "JP-39": true, "JP-40": true, + "JP-41": true, "JP-42": true, "JP-43": true, "JP-44": true, "JP-45": true, + "JP-46": true, "JP-47": true, "KE-01": true, "KE-02": true, "KE-03": true, + "KE-04": true, "KE-05": true, "KE-06": true, "KE-07": true, "KE-08": true, + "KE-09": true, "KE-10": true, "KE-11": true, "KE-12": true, "KE-13": true, + "KE-14": true, "KE-15": true, "KE-16": true, "KE-17": true, "KE-18": true, + "KE-19": true, "KE-20": true, "KE-21": true, "KE-22": true, "KE-23": true, + "KE-24": true, "KE-25": true, "KE-26": true, "KE-27": true, "KE-28": true, + "KE-29": true, "KE-30": true, "KE-31": true, "KE-32": true, "KE-33": true, + "KE-34": true, "KE-35": true, "KE-36": true, "KE-37": true, "KE-38": true, + "KE-39": true, "KE-40": true, "KE-41": true, "KE-42": true, "KE-43": true, + "KE-44": true, "KE-45": true, "KE-46": true, "KE-47": true, "KG-B": true, + "KG-C": true, "KG-GB": true, "KG-GO": true, "KG-J": true, "KG-N": true, "KG-O": true, + "KG-T": true, "KG-Y": true, "KH-1": true, "KH-10": true, "KH-11": true, + "KH-12": true, "KH-13": true, "KH-14": true, "KH-15": true, "KH-16": true, + "KH-17": true, "KH-18": true, "KH-19": true, "KH-2": true, "KH-20": true, + "KH-21": true, "KH-22": true, "KH-23": true, "KH-24": true, "KH-3": true, + "KH-4": true, "KH-5": true, "KH-6": true, "KH-7": true, "KH-8": true, + "KH-9": true, "KI-G": true, "KI-L": true, "KI-P": true, "KM-A": true, + "KM-G": true, "KM-M": true, "KN-01": true, "KN-02": true, "KN-03": true, + "KN-04": true, "KN-05": true, "KN-06": true, "KN-07": true, "KN-08": true, + "KN-09": true, "KN-10": true, "KN-11": true, "KN-12": true, "KN-13": true, + "KN-15": true, "KN-K": true, "KN-N": true, "KP-01": true, "KP-02": true, + "KP-03": true, "KP-04": true, "KP-05": true, "KP-06": true, "KP-07": true, + "KP-08": true, "KP-09": true, "KP-10": true, "KP-13": true, "KR-11": true, + "KR-26": true, "KR-27": true, "KR-28": true, "KR-29": true, "KR-30": true, + "KR-31": true, "KR-41": true, "KR-42": true, "KR-43": true, "KR-44": true, + "KR-45": true, "KR-46": true, "KR-47": true, "KR-48": true, "KR-49": true, + "KW-AH": true, "KW-FA": true, "KW-HA": true, "KW-JA": true, "KW-KU": true, + "KW-MU": true, "KZ-10": true, "KZ-75": true, "KZ-19": true, "KZ-11": true, + "KZ-15": true, "KZ-71": true, "KZ-23": true, "KZ-27": true, "KZ-47": true, + "KZ-55": true, "KZ-35": true, "KZ-39": true, "KZ-43": true, "KZ-63": true, + "KZ-79": true, "KZ-59": true, "KZ-61": true, "KZ-62": true, "KZ-31": true, + "KZ-33": true, "LA-AT": true, "LA-BK": true, "LA-BL": true, + "LA-CH": true, "LA-HO": true, "LA-KH": true, "LA-LM": true, "LA-LP": true, + "LA-OU": true, "LA-PH": true, "LA-SL": true, "LA-SV": true, "LA-VI": true, + "LA-VT": true, "LA-XA": true, "LA-XE": true, "LA-XI": true, "LA-XS": true, + "LB-AK": true, "LB-AS": true, "LB-BA": true, "LB-BH": true, "LB-BI": true, + "LB-JA": true, "LB-JL": true, "LB-NA": true, "LC-01": true, "LC-02": true, + "LC-03": true, "LC-05": true, "LC-06": true, "LC-07": true, "LC-08": true, + "LC-10": true, "LC-11": true, "LI-01": true, "LI-02": true, + "LI-03": true, "LI-04": true, "LI-05": true, "LI-06": true, "LI-07": true, + "LI-08": true, "LI-09": true, "LI-10": true, "LI-11": true, "LK-1": true, + "LK-11": true, "LK-12": true, "LK-13": true, "LK-2": true, "LK-21": true, + "LK-22": true, "LK-23": true, "LK-3": true, "LK-31": true, "LK-32": true, + "LK-33": true, "LK-4": true, "LK-41": true, "LK-42": true, "LK-43": true, + "LK-44": true, "LK-45": true, "LK-5": true, "LK-51": true, "LK-52": true, + "LK-53": true, "LK-6": true, "LK-61": true, "LK-62": true, "LK-7": true, + "LK-71": true, "LK-72": true, "LK-8": true, "LK-81": true, "LK-82": true, + "LK-9": true, "LK-91": true, "LK-92": true, "LR-BG": true, "LR-BM": true, + "LR-CM": true, "LR-GB": true, "LR-GG": true, "LR-GK": true, "LR-LO": true, + "LR-MG": true, "LR-MO": true, "LR-MY": true, "LR-NI": true, "LR-RI": true, + "LR-SI": true, "LS-A": true, "LS-B": true, "LS-C": true, "LS-D": true, + "LS-E": true, "LS-F": true, "LS-G": true, "LS-H": true, "LS-J": true, + "LS-K": true, "LT-AL": true, "LT-KL": true, "LT-KU": true, "LT-MR": true, + "LT-PN": true, "LT-SA": true, "LT-TA": true, "LT-TE": true, "LT-UT": true, + "LT-VL": true, "LU-CA": true, "LU-CL": true, "LU-DI": true, "LU-EC": true, + "LU-ES": true, "LU-GR": true, "LU-LU": true, "LU-ME": true, "LU-RD": true, + "LU-RM": true, "LU-VD": true, "LU-WI": true, "LU-D": true, "LU-G": true, "LU-L": true, + "LV-001": true, "LV-111": true, "LV-112": true, "LV-113": true, + "LV-002": true, "LV-003": true, "LV-004": true, "LV-005": true, "LV-006": true, + "LV-007": true, "LV-008": true, "LV-009": true, "LV-010": true, "LV-011": true, + "LV-012": true, "LV-013": true, "LV-014": true, "LV-015": true, "LV-016": true, + "LV-017": true, "LV-018": true, "LV-019": true, "LV-020": true, "LV-021": true, + "LV-022": true, "LV-023": true, "LV-024": true, "LV-025": true, "LV-026": true, + "LV-027": true, "LV-028": true, "LV-029": true, "LV-030": true, "LV-031": true, + "LV-032": true, "LV-033": true, "LV-034": true, "LV-035": true, "LV-036": true, + "LV-037": true, "LV-038": true, "LV-039": true, "LV-040": true, "LV-041": true, + "LV-042": true, "LV-043": true, "LV-044": true, "LV-045": true, "LV-046": true, + "LV-047": true, "LV-048": true, "LV-049": true, "LV-050": true, "LV-051": true, + "LV-052": true, "LV-053": true, "LV-054": true, "LV-055": true, "LV-056": true, + "LV-057": true, "LV-058": true, "LV-059": true, "LV-060": true, "LV-061": true, + "LV-062": true, "LV-063": true, "LV-064": true, "LV-065": true, "LV-066": true, + "LV-067": true, "LV-068": true, "LV-069": true, "LV-070": true, "LV-071": true, + "LV-072": true, "LV-073": true, "LV-074": true, "LV-075": true, "LV-076": true, + "LV-077": true, "LV-078": true, "LV-079": true, "LV-080": true, "LV-081": true, + "LV-082": true, "LV-083": true, "LV-084": true, "LV-085": true, "LV-086": true, + "LV-087": true, "LV-088": true, "LV-089": true, "LV-090": true, "LV-091": true, + "LV-092": true, "LV-093": true, "LV-094": true, "LV-095": true, "LV-096": true, + "LV-097": true, "LV-098": true, "LV-099": true, "LV-100": true, "LV-101": true, + "LV-102": true, "LV-103": true, "LV-104": true, "LV-105": true, "LV-106": true, + "LV-107": true, "LV-108": true, "LV-109": true, "LV-110": true, "LV-DGV": true, + "LV-JEL": true, "LV-JKB": true, "LV-JUR": true, "LV-LPX": true, "LV-REZ": true, + "LV-RIX": true, "LV-VEN": true, "LV-VMR": true, "LY-BA": true, "LY-BU": true, + "LY-DR": true, "LY-GT": true, "LY-JA": true, "LY-JB": true, "LY-JG": true, + "LY-JI": true, "LY-JU": true, "LY-KF": true, "LY-MB": true, "LY-MI": true, + "LY-MJ": true, "LY-MQ": true, "LY-NL": true, "LY-NQ": true, "LY-SB": true, + "LY-SR": true, "LY-TB": true, "LY-WA": true, "LY-WD": true, "LY-WS": true, + "LY-ZA": true, "MA-01": true, "MA-02": true, "MA-03": true, "MA-04": true, + "MA-05": true, "MA-06": true, "MA-07": true, "MA-08": true, "MA-09": true, + "MA-10": true, "MA-11": true, "MA-12": true, "MA-13": true, "MA-14": true, + "MA-15": true, "MA-16": true, "MA-AGD": true, "MA-AOU": true, "MA-ASZ": true, + "MA-AZI": true, "MA-BEM": true, "MA-BER": true, "MA-BES": true, "MA-BOD": true, + "MA-BOM": true, "MA-CAS": true, "MA-CHE": true, "MA-CHI": true, "MA-CHT": true, + "MA-ERR": true, "MA-ESI": true, "MA-ESM": true, "MA-FAH": true, "MA-FES": true, + "MA-FIG": true, "MA-GUE": true, "MA-HAJ": true, "MA-HAO": true, "MA-HOC": true, + "MA-IFR": true, "MA-INE": true, "MA-JDI": true, "MA-JRA": true, "MA-KEN": true, + "MA-KES": true, "MA-KHE": true, "MA-KHN": true, "MA-KHO": true, "MA-LAA": true, + "MA-LAR": true, "MA-MED": true, "MA-MEK": true, "MA-MMD": true, "MA-MMN": true, + "MA-MOH": true, "MA-MOU": true, "MA-NAD": true, "MA-NOU": true, "MA-OUA": true, + "MA-OUD": true, "MA-OUJ": true, "MA-RAB": true, "MA-SAF": true, "MA-SAL": true, + "MA-SEF": true, "MA-SET": true, "MA-SIK": true, "MA-SKH": true, "MA-SYB": true, + "MA-TAI": true, "MA-TAO": true, "MA-TAR": true, "MA-TAT": true, "MA-TAZ": true, + "MA-TET": true, "MA-TIZ": true, "MA-TNG": true, "MA-TNT": true, "MA-ZAG": true, + "MC-CL": true, "MC-CO": true, "MC-FO": true, "MC-GA": true, "MC-JE": true, + "MC-LA": true, "MC-MA": true, "MC-MC": true, "MC-MG": true, "MC-MO": true, + "MC-MU": true, "MC-PH": true, "MC-SD": true, "MC-SO": true, "MC-SP": true, + "MC-SR": true, "MC-VR": true, "MD-AN": true, "MD-BA": true, "MD-BD": true, + "MD-BR": true, "MD-BS": true, "MD-CA": true, "MD-CL": true, "MD-CM": true, + "MD-CR": true, "MD-CS": true, "MD-CT": true, "MD-CU": true, "MD-DO": true, + "MD-DR": true, "MD-DU": true, "MD-ED": true, "MD-FA": true, "MD-FL": true, + "MD-GA": true, "MD-GL": true, "MD-HI": true, "MD-IA": true, "MD-LE": true, + "MD-NI": true, "MD-OC": true, "MD-OR": true, "MD-RE": true, "MD-RI": true, + "MD-SD": true, "MD-SI": true, "MD-SN": true, "MD-SO": true, "MD-ST": true, + "MD-SV": true, "MD-TA": true, "MD-TE": true, "MD-UN": true, "ME-01": true, + "ME-02": true, "ME-03": true, "ME-04": true, "ME-05": true, "ME-06": true, + "ME-07": true, "ME-08": true, "ME-09": true, "ME-10": true, "ME-11": true, + "ME-12": true, "ME-13": true, "ME-14": true, "ME-15": true, "ME-16": true, + "ME-17": true, "ME-18": true, "ME-19": true, "ME-20": true, "ME-21": true, "ME-24": true, + "MG-A": true, "MG-D": true, "MG-F": true, "MG-M": true, "MG-T": true, + "MG-U": true, "MH-ALK": true, "MH-ALL": true, "MH-ARN": true, "MH-AUR": true, + "MH-EBO": true, "MH-ENI": true, "MH-JAB": true, "MH-JAL": true, "MH-KIL": true, + "MH-KWA": true, "MH-L": true, "MH-LAE": true, "MH-LIB": true, "MH-LIK": true, + "MH-MAJ": true, "MH-MAL": true, "MH-MEJ": true, "MH-MIL": true, "MH-NMK": true, + "MH-NMU": true, "MH-RON": true, "MH-T": true, "MH-UJA": true, "MH-UTI": true, + "MH-WTJ": true, "MH-WTN": true, "MK-101": true, "MK-102": true, "MK-103": true, + "MK-104": true, "MK-105": true, + "MK-106": true, "MK-107": true, "MK-108": true, "MK-109": true, "MK-201": true, + "MK-202": true, "MK-205": true, "MK-206": true, "MK-207": true, "MK-208": true, + "MK-209": true, "MK-210": true, "MK-211": true, "MK-301": true, "MK-303": true, + "MK-307": true, "MK-308": true, "MK-310": true, "MK-311": true, "MK-312": true, + "MK-401": true, "MK-402": true, "MK-403": true, "MK-404": true, "MK-405": true, + "MK-406": true, "MK-408": true, "MK-409": true, "MK-410": true, "MK-501": true, + "MK-502": true, "MK-503": true, "MK-505": true, "MK-506": true, "MK-507": true, + "MK-508": true, "MK-509": true, "MK-601": true, "MK-602": true, "MK-604": true, + "MK-605": true, "MK-606": true, "MK-607": true, "MK-608": true, "MK-609": true, + "MK-701": true, "MK-702": true, "MK-703": true, "MK-704": true, "MK-705": true, + "MK-803": true, "MK-804": true, "MK-806": true, "MK-807": true, "MK-809": true, + "MK-810": true, "MK-811": true, "MK-812": true, "MK-813": true, "MK-814": true, + "MK-816": true, "ML-1": true, "ML-2": true, "ML-3": true, "ML-4": true, + "ML-5": true, "ML-6": true, "ML-7": true, "ML-8": true, "ML-BKO": true, + "MM-01": true, "MM-02": true, "MM-03": true, "MM-04": true, "MM-05": true, + "MM-06": true, "MM-07": true, "MM-11": true, "MM-12": true, "MM-13": true, + "MM-14": true, "MM-15": true, "MM-16": true, "MM-17": true, "MM-18": true, "MN-035": true, + "MN-037": true, "MN-039": true, "MN-041": true, "MN-043": true, "MN-046": true, + "MN-047": true, "MN-049": true, "MN-051": true, "MN-053": true, "MN-055": true, + "MN-057": true, "MN-059": true, "MN-061": true, "MN-063": true, "MN-064": true, + "MN-065": true, "MN-067": true, "MN-069": true, "MN-071": true, "MN-073": true, + "MN-1": true, "MR-01": true, "MR-02": true, "MR-03": true, "MR-04": true, + "MR-05": true, "MR-06": true, "MR-07": true, "MR-08": true, "MR-09": true, + "MR-10": true, "MR-11": true, "MR-12": true, "MR-13": true, "MR-NKC": true, "MT-01": true, + "MT-02": true, "MT-03": true, "MT-04": true, "MT-05": true, "MT-06": true, + "MT-07": true, "MT-08": true, "MT-09": true, "MT-10": true, "MT-11": true, + "MT-12": true, "MT-13": true, "MT-14": true, "MT-15": true, "MT-16": true, + "MT-17": true, "MT-18": true, "MT-19": true, "MT-20": true, "MT-21": true, + "MT-22": true, "MT-23": true, "MT-24": true, "MT-25": true, "MT-26": true, + "MT-27": true, "MT-28": true, "MT-29": true, "MT-30": true, "MT-31": true, + "MT-32": true, "MT-33": true, "MT-34": true, "MT-35": true, "MT-36": true, + "MT-37": true, "MT-38": true, "MT-39": true, "MT-40": true, "MT-41": true, + "MT-42": true, "MT-43": true, "MT-44": true, "MT-45": true, "MT-46": true, + "MT-47": true, "MT-48": true, "MT-49": true, "MT-50": true, "MT-51": true, + "MT-52": true, "MT-53": true, "MT-54": true, "MT-55": true, "MT-56": true, + "MT-57": true, "MT-58": true, "MT-59": true, "MT-60": true, "MT-61": true, + "MT-62": true, "MT-63": true, "MT-64": true, "MT-65": true, "MT-66": true, + "MT-67": true, "MT-68": true, "MU-AG": true, "MU-BL": true, "MU-BR": true, + "MU-CC": true, "MU-CU": true, "MU-FL": true, "MU-GP": true, "MU-MO": true, + "MU-PA": true, "MU-PL": true, "MU-PU": true, "MU-PW": true, "MU-QB": true, + "MU-RO": true, "MU-RP": true, "MU-RR": true, "MU-SA": true, "MU-VP": true, "MV-00": true, + "MV-01": true, "MV-02": true, "MV-03": true, "MV-04": true, "MV-05": true, + "MV-07": true, "MV-08": true, "MV-12": true, "MV-13": true, "MV-14": true, + "MV-17": true, "MV-20": true, "MV-23": true, "MV-24": true, "MV-25": true, + "MV-26": true, "MV-27": true, "MV-28": true, "MV-29": true, "MV-CE": true, + "MV-MLE": true, "MV-NC": true, "MV-NO": true, "MV-SC": true, "MV-SU": true, + "MV-UN": true, "MV-US": true, "MW-BA": true, "MW-BL": true, "MW-C": true, + "MW-CK": true, "MW-CR": true, "MW-CT": true, "MW-DE": true, "MW-DO": true, + "MW-KR": true, "MW-KS": true, "MW-LI": true, "MW-LK": true, "MW-MC": true, + "MW-MG": true, "MW-MH": true, "MW-MU": true, "MW-MW": true, "MW-MZ": true, + "MW-N": true, "MW-NB": true, "MW-NE": true, "MW-NI": true, "MW-NK": true, + "MW-NS": true, "MW-NU": true, "MW-PH": true, "MW-RU": true, "MW-S": true, + "MW-SA": true, "MW-TH": true, "MW-ZO": true, "MX-AGU": true, "MX-BCN": true, + "MX-BCS": true, "MX-CAM": true, "MX-CHH": true, "MX-CHP": true, "MX-COA": true, + "MX-COL": true, "MX-CMX": true, "MX-DIF": true, "MX-DUR": true, "MX-GRO": true, "MX-GUA": true, + "MX-HID": true, "MX-JAL": true, "MX-MEX": true, "MX-MIC": true, "MX-MOR": true, + "MX-NAY": true, "MX-NLE": true, "MX-OAX": true, "MX-PUE": true, "MX-QUE": true, + "MX-ROO": true, "MX-SIN": true, "MX-SLP": true, "MX-SON": true, "MX-TAB": true, + "MX-TAM": true, "MX-TLA": true, "MX-VER": true, "MX-YUC": true, "MX-ZAC": true, + "MY-01": true, "MY-02": true, "MY-03": true, "MY-04": true, "MY-05": true, + "MY-06": true, "MY-07": true, "MY-08": true, "MY-09": true, "MY-10": true, + "MY-11": true, "MY-12": true, "MY-13": true, "MY-14": true, "MY-15": true, + "MY-16": true, "MZ-A": true, "MZ-B": true, "MZ-G": true, "MZ-I": true, + "MZ-L": true, "MZ-MPM": true, "MZ-N": true, "MZ-P": true, "MZ-Q": true, + "MZ-S": true, "MZ-T": true, "NA-CA": true, "NA-ER": true, "NA-HA": true, + "NA-KA": true, "NA-KE": true, "NA-KH": true, "NA-KU": true, "NA-KW": true, "NA-OD": true, "NA-OH": true, + "NA-OK": true, "NA-ON": true, "NA-OS": true, "NA-OT": true, "NA-OW": true, + "NE-1": true, "NE-2": true, "NE-3": true, "NE-4": true, "NE-5": true, + "NE-6": true, "NE-7": true, "NE-8": true, "NG-AB": true, "NG-AD": true, + "NG-AK": true, "NG-AN": true, "NG-BA": true, "NG-BE": true, "NG-BO": true, + "NG-BY": true, "NG-CR": true, "NG-DE": true, "NG-EB": true, "NG-ED": true, + "NG-EK": true, "NG-EN": true, "NG-FC": true, "NG-GO": true, "NG-IM": true, + "NG-JI": true, "NG-KD": true, "NG-KE": true, "NG-KN": true, "NG-KO": true, + "NG-KT": true, "NG-KW": true, "NG-LA": true, "NG-NA": true, "NG-NI": true, + "NG-OG": true, "NG-ON": true, "NG-OS": true, "NG-OY": true, "NG-PL": true, + "NG-RI": true, "NG-SO": true, "NG-TA": true, "NG-YO": true, "NG-ZA": true, + "NI-AN": true, "NI-AS": true, "NI-BO": true, "NI-CA": true, "NI-CI": true, + "NI-CO": true, "NI-ES": true, "NI-GR": true, "NI-JI": true, "NI-LE": true, + "NI-MD": true, "NI-MN": true, "NI-MS": true, "NI-MT": true, "NI-NS": true, + "NI-RI": true, "NI-SJ": true, "NL-AW": true, "NL-BQ1": true, "NL-BQ2": true, + "NL-BQ3": true, "NL-CW": true, "NL-DR": true, "NL-FL": true, "NL-FR": true, + "NL-GE": true, "NL-GR": true, "NL-LI": true, "NL-NB": true, "NL-NH": true, + "NL-OV": true, "NL-SX": true, "NL-UT": true, "NL-ZE": true, "NL-ZH": true, + "NO-03": true, "NO-11": true, "NO-15": true, "NO-16": true, "NO-17": true, + "NO-18": true, "NO-21": true, "NO-30": true, "NO-34": true, "NO-38": true, + "NO-42": true, "NO-46": true, "NO-50": true, "NO-54": true, + "NO-22": true, "NP-1": true, "NP-2": true, "NP-3": true, "NP-4": true, + "NP-5": true, "NP-BA": true, "NP-BH": true, "NP-DH": true, "NP-GA": true, + "NP-JA": true, "NP-KA": true, "NP-KO": true, "NP-LU": true, "NP-MA": true, + "NP-ME": true, "NP-NA": true, "NP-RA": true, "NP-SA": true, "NP-SE": true, + "NR-01": true, "NR-02": true, "NR-03": true, "NR-04": true, "NR-05": true, + "NR-06": true, "NR-07": true, "NR-08": true, "NR-09": true, "NR-10": true, + "NR-11": true, "NR-12": true, "NR-13": true, "NR-14": true, "NZ-AUK": true, + "NZ-BOP": true, "NZ-CAN": true, "NZ-CIT": true, "NZ-GIS": true, "NZ-HKB": true, + "NZ-MBH": true, "NZ-MWT": true, "NZ-N": true, "NZ-NSN": true, "NZ-NTL": true, + "NZ-OTA": true, "NZ-S": true, "NZ-STL": true, "NZ-TAS": true, "NZ-TKI": true, + "NZ-WGN": true, "NZ-WKO": true, "NZ-WTC": true, "OM-BA": true, "OM-BS": true, "OM-BU": true, "OM-BJ": true, + "OM-DA": true, "OM-MA": true, "OM-MU": true, "OM-SH": true, "OM-SJ": true, "OM-SS": true, "OM-WU": true, + "OM-ZA": true, "OM-ZU": true, "PA-1": true, "PA-2": true, "PA-3": true, + "PA-4": true, "PA-5": true, "PA-6": true, "PA-7": true, "PA-8": true, + "PA-9": true, "PA-EM": true, "PA-KY": true, "PA-NB": true, "PE-AMA": true, + "PE-ANC": true, "PE-APU": true, "PE-ARE": true, "PE-AYA": true, "PE-CAJ": true, + "PE-CAL": true, "PE-CUS": true, "PE-HUC": true, "PE-HUV": true, "PE-ICA": true, + "PE-JUN": true, "PE-LAL": true, "PE-LAM": true, "PE-LIM": true, "PE-LMA": true, + "PE-LOR": true, "PE-MDD": true, "PE-MOQ": true, "PE-PAS": true, "PE-PIU": true, + "PE-PUN": true, "PE-SAM": true, "PE-TAC": true, "PE-TUM": true, "PE-UCA": true, + "PG-CPK": true, "PG-CPM": true, "PG-EBR": true, "PG-EHG": true, "PG-EPW": true, + "PG-ESW": true, "PG-GPK": true, "PG-MBA": true, "PG-MPL": true, "PG-MPM": true, + "PG-MRL": true, "PG-NCD": true, "PG-NIK": true, "PG-NPP": true, "PG-NSB": true, + "PG-SAN": true, "PG-SHM": true, "PG-WBK": true, "PG-WHM": true, "PG-WPD": true, + "PH-00": true, "PH-01": true, "PH-02": true, "PH-03": true, "PH-05": true, + "PH-06": true, "PH-07": true, "PH-08": true, "PH-09": true, "PH-10": true, + "PH-11": true, "PH-12": true, "PH-13": true, "PH-14": true, "PH-15": true, + "PH-40": true, "PH-41": true, "PH-ABR": true, "PH-AGN": true, "PH-AGS": true, + "PH-AKL": true, "PH-ALB": true, "PH-ANT": true, "PH-APA": true, "PH-AUR": true, + "PH-BAN": true, "PH-BAS": true, "PH-BEN": true, "PH-BIL": true, "PH-BOH": true, + "PH-BTG": true, "PH-BTN": true, "PH-BUK": true, "PH-BUL": true, "PH-CAG": true, + "PH-CAM": true, "PH-CAN": true, "PH-CAP": true, "PH-CAS": true, "PH-CAT": true, + "PH-CAV": true, "PH-CEB": true, "PH-COM": true, "PH-DAO": true, "PH-DAS": true, + "PH-DAV": true, "PH-DIN": true, "PH-EAS": true, "PH-GUI": true, "PH-IFU": true, + "PH-ILI": true, "PH-ILN": true, "PH-ILS": true, "PH-ISA": true, "PH-KAL": true, + "PH-LAG": true, "PH-LAN": true, "PH-LAS": true, "PH-LEY": true, "PH-LUN": true, + "PH-MAD": true, "PH-MAG": true, "PH-MAS": true, "PH-MDC": true, "PH-MDR": true, + "PH-MOU": true, "PH-MSC": true, "PH-MSR": true, "PH-NCO": true, "PH-NEC": true, + "PH-NER": true, "PH-NSA": true, "PH-NUE": true, "PH-NUV": true, "PH-PAM": true, + "PH-PAN": true, "PH-PLW": true, "PH-QUE": true, "PH-QUI": true, "PH-RIZ": true, + "PH-ROM": true, "PH-SAR": true, "PH-SCO": true, "PH-SIG": true, "PH-SLE": true, + "PH-SLU": true, "PH-SOR": true, "PH-SUK": true, "PH-SUN": true, "PH-SUR": true, + "PH-TAR": true, "PH-TAW": true, "PH-WSA": true, "PH-ZAN": true, "PH-ZAS": true, + "PH-ZMB": true, "PH-ZSI": true, "PK-BA": true, "PK-GB": true, "PK-IS": true, + "PK-JK": true, "PK-KP": true, "PK-PB": true, "PK-SD": true, "PK-TA": true, + "PL-02": true, "PL-04": true, "PL-06": true, "PL-08": true, "PL-10": true, + "PL-12": true, "PL-14": true, "PL-16": true, "PL-18": true, "PL-20": true, + "PL-22": true, "PL-24": true, "PL-26": true, "PL-28": true, "PL-30": true, "PL-32": true, + "PS-BTH": true, "PS-DEB": true, "PS-GZA": true, "PS-HBN": true, + "PS-JEM": true, "PS-JEN": true, "PS-JRH": true, "PS-KYS": true, "PS-NBS": true, + "PS-NGZ": true, "PS-QQA": true, "PS-RBH": true, "PS-RFH": true, "PS-SLT": true, + "PS-TBS": true, "PS-TKM": true, "PT-01": true, "PT-02": true, "PT-03": true, + "PT-04": true, "PT-05": true, "PT-06": true, "PT-07": true, "PT-08": true, + "PT-09": true, "PT-10": true, "PT-11": true, "PT-12": true, "PT-13": true, + "PT-14": true, "PT-15": true, "PT-16": true, "PT-17": true, "PT-18": true, + "PT-20": true, "PT-30": true, "PW-002": true, "PW-004": true, "PW-010": true, + "PW-050": true, "PW-100": true, "PW-150": true, "PW-212": true, "PW-214": true, + "PW-218": true, "PW-222": true, "PW-224": true, "PW-226": true, "PW-227": true, + "PW-228": true, "PW-350": true, "PW-370": true, "PY-1": true, "PY-10": true, + "PY-11": true, "PY-12": true, "PY-13": true, "PY-14": true, "PY-15": true, + "PY-16": true, "PY-19": true, "PY-2": true, "PY-3": true, "PY-4": true, + "PY-5": true, "PY-6": true, "PY-7": true, "PY-8": true, "PY-9": true, + "PY-ASU": true, "QA-DA": true, "QA-KH": true, "QA-MS": true, "QA-RA": true, + "QA-US": true, "QA-WA": true, "QA-ZA": true, "RO-AB": true, "RO-AG": true, + "RO-AR": true, "RO-B": true, "RO-BC": true, "RO-BH": true, "RO-BN": true, + "RO-BR": true, "RO-BT": true, "RO-BV": true, "RO-BZ": true, "RO-CJ": true, + "RO-CL": true, "RO-CS": true, "RO-CT": true, "RO-CV": true, "RO-DB": true, + "RO-DJ": true, "RO-GJ": true, "RO-GL": true, "RO-GR": true, "RO-HD": true, + "RO-HR": true, "RO-IF": true, "RO-IL": true, "RO-IS": true, "RO-MH": true, + "RO-MM": true, "RO-MS": true, "RO-NT": true, "RO-OT": true, "RO-PH": true, + "RO-SB": true, "RO-SJ": true, "RO-SM": true, "RO-SV": true, "RO-TL": true, + "RO-TM": true, "RO-TR": true, "RO-VL": true, "RO-VN": true, "RO-VS": true, + "RS-00": true, "RS-01": true, "RS-02": true, "RS-03": true, "RS-04": true, + "RS-05": true, "RS-06": true, "RS-07": true, "RS-08": true, "RS-09": true, + "RS-10": true, "RS-11": true, "RS-12": true, "RS-13": true, "RS-14": true, + "RS-15": true, "RS-16": true, "RS-17": true, "RS-18": true, "RS-19": true, + "RS-20": true, "RS-21": true, "RS-22": true, "RS-23": true, "RS-24": true, + "RS-25": true, "RS-26": true, "RS-27": true, "RS-28": true, "RS-29": true, + "RS-KM": true, "RS-VO": true, "RU-AD": true, "RU-AL": true, "RU-ALT": true, + "RU-AMU": true, "RU-ARK": true, "RU-AST": true, "RU-BA": true, "RU-BEL": true, + "RU-BRY": true, "RU-BU": true, "RU-CE": true, "RU-CHE": true, "RU-CHU": true, + "RU-CU": true, "RU-DA": true, "RU-IN": true, "RU-IRK": true, "RU-IVA": true, + "RU-KAM": true, "RU-KB": true, "RU-KC": true, "RU-KDA": true, "RU-KEM": true, + "RU-KGD": true, "RU-KGN": true, "RU-KHA": true, "RU-KHM": true, "RU-KIR": true, + "RU-KK": true, "RU-KL": true, "RU-KLU": true, "RU-KO": true, "RU-KOS": true, + "RU-KR": true, "RU-KRS": true, "RU-KYA": true, "RU-LEN": true, "RU-LIP": true, + "RU-MAG": true, "RU-ME": true, "RU-MO": true, "RU-MOS": true, "RU-MOW": true, + "RU-MUR": true, "RU-NEN": true, "RU-NGR": true, "RU-NIZ": true, "RU-NVS": true, + "RU-OMS": true, "RU-ORE": true, "RU-ORL": true, "RU-PER": true, "RU-PNZ": true, + "RU-PRI": true, "RU-PSK": true, "RU-ROS": true, "RU-RYA": true, "RU-SA": true, + "RU-SAK": true, "RU-SAM": true, "RU-SAR": true, "RU-SE": true, "RU-SMO": true, + "RU-SPE": true, "RU-STA": true, "RU-SVE": true, "RU-TA": true, "RU-TAM": true, + "RU-TOM": true, "RU-TUL": true, "RU-TVE": true, "RU-TY": true, "RU-TYU": true, + "RU-UD": true, "RU-ULY": true, "RU-VGG": true, "RU-VLA": true, "RU-VLG": true, + "RU-VOR": true, "RU-YAN": true, "RU-YAR": true, "RU-YEV": true, "RU-ZAB": true, + "RW-01": true, "RW-02": true, "RW-03": true, "RW-04": true, "RW-05": true, + "SA-01": true, "SA-02": true, "SA-03": true, "SA-04": true, "SA-05": true, + "SA-06": true, "SA-07": true, "SA-08": true, "SA-09": true, "SA-10": true, + "SA-11": true, "SA-12": true, "SA-14": true, "SB-CE": true, "SB-CH": true, + "SB-CT": true, "SB-GU": true, "SB-IS": true, "SB-MK": true, "SB-ML": true, + "SB-RB": true, "SB-TE": true, "SB-WE": true, "SC-01": true, "SC-02": true, + "SC-03": true, "SC-04": true, "SC-05": true, "SC-06": true, "SC-07": true, + "SC-08": true, "SC-09": true, "SC-10": true, "SC-11": true, "SC-12": true, + "SC-13": true, "SC-14": true, "SC-15": true, "SC-16": true, "SC-17": true, + "SC-18": true, "SC-19": true, "SC-20": true, "SC-21": true, "SC-22": true, + "SC-23": true, "SC-24": true, "SC-25": true, "SD-DC": true, "SD-DE": true, + "SD-DN": true, "SD-DS": true, "SD-DW": true, "SD-GD": true, "SD-GK": true, "SD-GZ": true, + "SD-KA": true, "SD-KH": true, "SD-KN": true, "SD-KS": true, "SD-NB": true, + "SD-NO": true, "SD-NR": true, "SD-NW": true, "SD-RS": true, "SD-SI": true, + "SE-AB": true, "SE-AC": true, "SE-BD": true, "SE-C": true, "SE-D": true, + "SE-E": true, "SE-F": true, "SE-G": true, "SE-H": true, "SE-I": true, + "SE-K": true, "SE-M": true, "SE-N": true, "SE-O": true, "SE-S": true, + "SE-T": true, "SE-U": true, "SE-W": true, "SE-X": true, "SE-Y": true, + "SE-Z": true, "SG-01": true, "SG-02": true, "SG-03": true, "SG-04": true, + "SG-05": true, "SH-AC": true, "SH-HL": true, "SH-TA": true, "SI-001": true, + "SI-002": true, "SI-003": true, "SI-004": true, "SI-005": true, "SI-006": true, + "SI-007": true, "SI-008": true, "SI-009": true, "SI-010": true, "SI-011": true, + "SI-012": true, "SI-013": true, "SI-014": true, "SI-015": true, "SI-016": true, + "SI-017": true, "SI-018": true, "SI-019": true, "SI-020": true, "SI-021": true, + "SI-022": true, "SI-023": true, "SI-024": true, "SI-025": true, "SI-026": true, + "SI-027": true, "SI-028": true, "SI-029": true, "SI-030": true, "SI-031": true, + "SI-032": true, "SI-033": true, "SI-034": true, "SI-035": true, "SI-036": true, + "SI-037": true, "SI-038": true, "SI-039": true, "SI-040": true, "SI-041": true, + "SI-042": true, "SI-043": true, "SI-044": true, "SI-045": true, "SI-046": true, + "SI-047": true, "SI-048": true, "SI-049": true, "SI-050": true, "SI-051": true, + "SI-052": true, "SI-053": true, "SI-054": true, "SI-055": true, "SI-056": true, + "SI-057": true, "SI-058": true, "SI-059": true, "SI-060": true, "SI-061": true, + "SI-062": true, "SI-063": true, "SI-064": true, "SI-065": true, "SI-066": true, + "SI-067": true, "SI-068": true, "SI-069": true, "SI-070": true, "SI-071": true, + "SI-072": true, "SI-073": true, "SI-074": true, "SI-075": true, "SI-076": true, + "SI-077": true, "SI-078": true, "SI-079": true, "SI-080": true, "SI-081": true, + "SI-082": true, "SI-083": true, "SI-084": true, "SI-085": true, "SI-086": true, + "SI-087": true, "SI-088": true, "SI-089": true, "SI-090": true, "SI-091": true, + "SI-092": true, "SI-093": true, "SI-094": true, "SI-095": true, "SI-096": true, + "SI-097": true, "SI-098": true, "SI-099": true, "SI-100": true, "SI-101": true, + "SI-102": true, "SI-103": true, "SI-104": true, "SI-105": true, "SI-106": true, + "SI-107": true, "SI-108": true, "SI-109": true, "SI-110": true, "SI-111": true, + "SI-112": true, "SI-113": true, "SI-114": true, "SI-115": true, "SI-116": true, + "SI-117": true, "SI-118": true, "SI-119": true, "SI-120": true, "SI-121": true, + "SI-122": true, "SI-123": true, "SI-124": true, "SI-125": true, "SI-126": true, + "SI-127": true, "SI-128": true, "SI-129": true, "SI-130": true, "SI-131": true, + "SI-132": true, "SI-133": true, "SI-134": true, "SI-135": true, "SI-136": true, + "SI-137": true, "SI-138": true, "SI-139": true, "SI-140": true, "SI-141": true, + "SI-142": true, "SI-143": true, "SI-144": true, "SI-146": true, "SI-147": true, + "SI-148": true, "SI-149": true, "SI-150": true, "SI-151": true, "SI-152": true, + "SI-153": true, "SI-154": true, "SI-155": true, "SI-156": true, "SI-157": true, + "SI-158": true, "SI-159": true, "SI-160": true, "SI-161": true, "SI-162": true, + "SI-163": true, "SI-164": true, "SI-165": true, "SI-166": true, "SI-167": true, + "SI-168": true, "SI-169": true, "SI-170": true, "SI-171": true, "SI-172": true, + "SI-173": true, "SI-174": true, "SI-175": true, "SI-176": true, "SI-177": true, + "SI-178": true, "SI-179": true, "SI-180": true, "SI-181": true, "SI-182": true, + "SI-183": true, "SI-184": true, "SI-185": true, "SI-186": true, "SI-187": true, + "SI-188": true, "SI-189": true, "SI-190": true, "SI-191": true, "SI-192": true, + "SI-193": true, "SI-194": true, "SI-195": true, "SI-196": true, "SI-197": true, + "SI-198": true, "SI-199": true, "SI-200": true, "SI-201": true, "SI-202": true, + "SI-203": true, "SI-204": true, "SI-205": true, "SI-206": true, "SI-207": true, + "SI-208": true, "SI-209": true, "SI-210": true, "SI-211": true, "SI-212": true, "SI-213": true, "SK-BC": true, + "SK-BL": true, "SK-KI": true, "SK-NI": true, "SK-PV": true, "SK-TA": true, + "SK-TC": true, "SK-ZI": true, "SL-E": true, "SL-N": true, "SL-S": true, + "SL-W": true, "SM-01": true, "SM-02": true, "SM-03": true, "SM-04": true, + "SM-05": true, "SM-06": true, "SM-07": true, "SM-08": true, "SM-09": true, + "SN-DB": true, "SN-DK": true, "SN-FK": true, "SN-KA": true, "SN-KD": true, + "SN-KE": true, "SN-KL": true, "SN-LG": true, "SN-MT": true, "SN-SE": true, + "SN-SL": true, "SN-TC": true, "SN-TH": true, "SN-ZG": true, "SO-AW": true, + "SO-BK": true, "SO-BN": true, "SO-BR": true, "SO-BY": true, "SO-GA": true, + "SO-GE": true, "SO-HI": true, "SO-JD": true, "SO-JH": true, "SO-MU": true, + "SO-NU": true, "SO-SA": true, "SO-SD": true, "SO-SH": true, "SO-SO": true, + "SO-TO": true, "SO-WO": true, "SR-BR": true, "SR-CM": true, "SR-CR": true, + "SR-MA": true, "SR-NI": true, "SR-PM": true, "SR-PR": true, "SR-SA": true, + "SR-SI": true, "SR-WA": true, "SS-BN": true, "SS-BW": true, "SS-EC": true, + "SS-EE8": true, "SS-EE": true, "SS-EW": true, "SS-JG": true, "SS-LK": true, "SS-NU": true, + "SS-UY": true, "SS-WR": true, "ST-01": true, "ST-P": true, "ST-S": true, "SV-AH": true, + "SV-CA": true, "SV-CH": true, "SV-CU": true, "SV-LI": true, "SV-MO": true, + "SV-PA": true, "SV-SA": true, "SV-SM": true, "SV-SO": true, "SV-SS": true, + "SV-SV": true, "SV-UN": true, "SV-US": true, "SY-DI": true, "SY-DR": true, + "SY-DY": true, "SY-HA": true, "SY-HI": true, "SY-HL": true, "SY-HM": true, + "SY-ID": true, "SY-LA": true, "SY-QU": true, "SY-RA": true, "SY-RD": true, + "SY-SU": true, "SY-TA": true, "SZ-HH": true, "SZ-LU": true, "SZ-MA": true, + "SZ-SH": true, "TD-BA": true, "TD-BG": true, "TD-BO": true, "TD-CB": true, + "TD-EN": true, "TD-GR": true, "TD-HL": true, "TD-KA": true, "TD-LC": true, + "TD-LO": true, "TD-LR": true, "TD-MA": true, "TD-MC": true, "TD-ME": true, + "TD-MO": true, "TD-ND": true, "TD-OD": true, "TD-SA": true, "TD-SI": true, + "TD-TA": true, "TD-TI": true, "TD-WF": true, "TG-C": true, "TG-K": true, + "TG-M": true, "TG-P": true, "TG-S": true, "TH-10": true, "TH-11": true, + "TH-12": true, "TH-13": true, "TH-14": true, "TH-15": true, "TH-16": true, + "TH-17": true, "TH-18": true, "TH-19": true, "TH-20": true, "TH-21": true, + "TH-22": true, "TH-23": true, "TH-24": true, "TH-25": true, "TH-26": true, + "TH-27": true, "TH-30": true, "TH-31": true, "TH-32": true, "TH-33": true, + "TH-34": true, "TH-35": true, "TH-36": true, "TH-37": true, "TH-38": true, "TH-39": true, + "TH-40": true, "TH-41": true, "TH-42": true, "TH-43": true, "TH-44": true, + "TH-45": true, "TH-46": true, "TH-47": true, "TH-48": true, "TH-49": true, + "TH-50": true, "TH-51": true, "TH-52": true, "TH-53": true, "TH-54": true, + "TH-55": true, "TH-56": true, "TH-57": true, "TH-58": true, "TH-60": true, + "TH-61": true, "TH-62": true, "TH-63": true, "TH-64": true, "TH-65": true, + "TH-66": true, "TH-67": true, "TH-70": true, "TH-71": true, "TH-72": true, + "TH-73": true, "TH-74": true, "TH-75": true, "TH-76": true, "TH-77": true, + "TH-80": true, "TH-81": true, "TH-82": true, "TH-83": true, "TH-84": true, + "TH-85": true, "TH-86": true, "TH-90": true, "TH-91": true, "TH-92": true, + "TH-93": true, "TH-94": true, "TH-95": true, "TH-96": true, "TH-S": true, + "TJ-GB": true, "TJ-KT": true, "TJ-SU": true, "TJ-DU": true, "TJ-RA": true, "TL-AL": true, "TL-AN": true, + "TL-BA": true, "TL-BO": true, "TL-CO": true, "TL-DI": true, "TL-ER": true, + "TL-LA": true, "TL-LI": true, "TL-MF": true, "TL-MT": true, "TL-OE": true, + "TL-VI": true, "TM-A": true, "TM-B": true, "TM-D": true, "TM-L": true, + "TM-M": true, "TM-S": true, "TN-11": true, "TN-12": true, "TN-13": true, + "TN-14": true, "TN-21": true, "TN-22": true, "TN-23": true, "TN-31": true, + "TN-32": true, "TN-33": true, "TN-34": true, "TN-41": true, "TN-42": true, + "TN-43": true, "TN-51": true, "TN-52": true, "TN-53": true, "TN-61": true, + "TN-71": true, "TN-72": true, "TN-73": true, "TN-81": true, "TN-82": true, + "TN-83": true, "TO-01": true, "TO-02": true, "TO-03": true, "TO-04": true, + "TO-05": true, "TR-01": true, "TR-02": true, "TR-03": true, "TR-04": true, + "TR-05": true, "TR-06": true, "TR-07": true, "TR-08": true, "TR-09": true, + "TR-10": true, "TR-11": true, "TR-12": true, "TR-13": true, "TR-14": true, + "TR-15": true, "TR-16": true, "TR-17": true, "TR-18": true, "TR-19": true, + "TR-20": true, "TR-21": true, "TR-22": true, "TR-23": true, "TR-24": true, + "TR-25": true, "TR-26": true, "TR-27": true, "TR-28": true, "TR-29": true, + "TR-30": true, "TR-31": true, "TR-32": true, "TR-33": true, "TR-34": true, + "TR-35": true, "TR-36": true, "TR-37": true, "TR-38": true, "TR-39": true, + "TR-40": true, "TR-41": true, "TR-42": true, "TR-43": true, "TR-44": true, + "TR-45": true, "TR-46": true, "TR-47": true, "TR-48": true, "TR-49": true, + "TR-50": true, "TR-51": true, "TR-52": true, "TR-53": true, "TR-54": true, + "TR-55": true, "TR-56": true, "TR-57": true, "TR-58": true, "TR-59": true, + "TR-60": true, "TR-61": true, "TR-62": true, "TR-63": true, "TR-64": true, + "TR-65": true, "TR-66": true, "TR-67": true, "TR-68": true, "TR-69": true, + "TR-70": true, "TR-71": true, "TR-72": true, "TR-73": true, "TR-74": true, + "TR-75": true, "TR-76": true, "TR-77": true, "TR-78": true, "TR-79": true, + "TR-80": true, "TR-81": true, "TT-ARI": true, "TT-CHA": true, "TT-CTT": true, + "TT-DMN": true, "TT-ETO": true, "TT-MRC": true, "TT-TOB": true, "TT-PED": true, "TT-POS": true, "TT-PRT": true, + "TT-PTF": true, "TT-RCM": true, "TT-SFO": true, "TT-SGE": true, "TT-SIP": true, + "TT-SJL": true, "TT-TUP": true, "TT-WTO": true, "TV-FUN": true, "TV-NIT": true, + "TV-NKF": true, "TV-NKL": true, "TV-NMA": true, "TV-NMG": true, "TV-NUI": true, + "TV-VAI": true, "TW-CHA": true, "TW-CYI": true, "TW-CYQ": true, "TW-KIN": true, "TW-HSQ": true, + "TW-HSZ": true, "TW-HUA": true, "TW-LIE": true, "TW-ILA": true, "TW-KEE": true, "TW-KHH": true, + "TW-KHQ": true, "TW-MIA": true, "TW-NAN": true, "TW-NWT": true, "TW-PEN": true, "TW-PIF": true, + "TW-TAO": true, "TW-TNN": true, "TW-TNQ": true, "TW-TPE": true, "TW-TPQ": true, + "TW-TTT": true, "TW-TXG": true, "TW-TXQ": true, "TW-YUN": true, "TZ-01": true, + "TZ-02": true, "TZ-03": true, "TZ-04": true, "TZ-05": true, "TZ-06": true, + "TZ-07": true, "TZ-08": true, "TZ-09": true, "TZ-10": true, "TZ-11": true, + "TZ-12": true, "TZ-13": true, "TZ-14": true, "TZ-15": true, "TZ-16": true, + "TZ-17": true, "TZ-18": true, "TZ-19": true, "TZ-20": true, "TZ-21": true, + "TZ-22": true, "TZ-23": true, "TZ-24": true, "TZ-25": true, "TZ-26": true, "TZ-27": true, "TZ-28": true, "TZ-29": true, "TZ-30": true, "TZ-31": true, + "UA-05": true, "UA-07": true, "UA-09": true, "UA-12": true, "UA-14": true, + "UA-18": true, "UA-21": true, "UA-23": true, "UA-26": true, "UA-30": true, + "UA-32": true, "UA-35": true, "UA-40": true, "UA-43": true, "UA-46": true, + "UA-48": true, "UA-51": true, "UA-53": true, "UA-56": true, "UA-59": true, + "UA-61": true, "UA-63": true, "UA-65": true, "UA-68": true, "UA-71": true, + "UA-74": true, "UA-77": true, "UG-101": true, "UG-102": true, "UG-103": true, + "UG-104": true, "UG-105": true, "UG-106": true, "UG-107": true, "UG-108": true, + "UG-109": true, "UG-110": true, "UG-111": true, "UG-112": true, "UG-113": true, + "UG-114": true, "UG-115": true, "UG-116": true, "UG-201": true, "UG-202": true, + "UG-203": true, "UG-204": true, "UG-205": true, "UG-206": true, "UG-207": true, + "UG-208": true, "UG-209": true, "UG-210": true, "UG-211": true, "UG-212": true, + "UG-213": true, "UG-214": true, "UG-215": true, "UG-216": true, "UG-217": true, + "UG-218": true, "UG-219": true, "UG-220": true, "UG-221": true, "UG-222": true, + "UG-223": true, "UG-224": true, "UG-301": true, "UG-302": true, "UG-303": true, + "UG-304": true, "UG-305": true, "UG-306": true, "UG-307": true, "UG-308": true, + "UG-309": true, "UG-310": true, "UG-311": true, "UG-312": true, "UG-313": true, + "UG-314": true, "UG-315": true, "UG-316": true, "UG-317": true, "UG-318": true, + "UG-319": true, "UG-320": true, "UG-321": true, "UG-401": true, "UG-402": true, + "UG-403": true, "UG-404": true, "UG-405": true, "UG-406": true, "UG-407": true, + "UG-408": true, "UG-409": true, "UG-410": true, "UG-411": true, "UG-412": true, + "UG-413": true, "UG-414": true, "UG-415": true, "UG-416": true, "UG-417": true, + "UG-418": true, "UG-419": true, "UG-C": true, "UG-E": true, "UG-N": true, + "UG-W": true, "UG-322": true, "UG-323": true, "UG-420": true, "UG-117": true, + "UG-118": true, "UG-225": true, "UG-120": true, "UG-226": true, + "UG-121": true, "UG-122": true, "UG-227": true, "UG-421": true, + "UG-325": true, "UG-228": true, "UG-123": true, "UG-422": true, + "UG-326": true, "UG-229": true, "UG-124": true, "UG-423": true, + "UG-230": true, "UG-327": true, "UG-424": true, "UG-328": true, + "UG-425": true, "UG-426": true, "UG-330": true, + "UM-67": true, "UM-71": true, "UM-76": true, "UM-79": true, + "UM-81": true, "UM-84": true, "UM-86": true, "UM-89": true, "UM-95": true, + "US-AK": true, "US-AL": true, "US-AR": true, "US-AS": true, "US-AZ": true, + "US-CA": true, "US-CO": true, "US-CT": true, "US-DC": true, "US-DE": true, + "US-FL": true, "US-GA": true, "US-GU": true, "US-HI": true, "US-IA": true, + "US-ID": true, "US-IL": true, "US-IN": true, "US-KS": true, "US-KY": true, + "US-LA": true, "US-MA": true, "US-MD": true, "US-ME": true, "US-MI": true, + "US-MN": true, "US-MO": true, "US-MP": true, "US-MS": true, "US-MT": true, + "US-NC": true, "US-ND": true, "US-NE": true, "US-NH": true, "US-NJ": true, + "US-NM": true, "US-NV": true, "US-NY": true, "US-OH": true, "US-OK": true, + "US-OR": true, "US-PA": true, "US-PR": true, "US-RI": true, "US-SC": true, + "US-SD": true, "US-TN": true, "US-TX": true, "US-UM": true, "US-UT": true, + "US-VA": true, "US-VI": true, "US-VT": true, "US-WA": true, "US-WI": true, + "US-WV": true, "US-WY": true, "UY-AR": true, "UY-CA": true, "UY-CL": true, + "UY-CO": true, "UY-DU": true, "UY-FD": true, "UY-FS": true, "UY-LA": true, + "UY-MA": true, "UY-MO": true, "UY-PA": true, "UY-RN": true, "UY-RO": true, + "UY-RV": true, "UY-SA": true, "UY-SJ": true, "UY-SO": true, "UY-TA": true, + "UY-TT": true, "UZ-AN": true, "UZ-BU": true, "UZ-FA": true, "UZ-JI": true, + "UZ-NG": true, "UZ-NW": true, "UZ-QA": true, "UZ-QR": true, "UZ-SA": true, + "UZ-SI": true, "UZ-SU": true, "UZ-TK": true, "UZ-TO": true, "UZ-XO": true, + "VC-01": true, "VC-02": true, "VC-03": true, "VC-04": true, "VC-05": true, + "VC-06": true, "VE-A": true, "VE-B": true, "VE-C": true, "VE-D": true, + "VE-E": true, "VE-F": true, "VE-G": true, "VE-H": true, "VE-I": true, + "VE-J": true, "VE-K": true, "VE-L": true, "VE-M": true, "VE-N": true, + "VE-O": true, "VE-P": true, "VE-R": true, "VE-S": true, "VE-T": true, + "VE-U": true, "VE-V": true, "VE-W": true, "VE-X": true, "VE-Y": true, + "VE-Z": true, "VN-01": true, "VN-02": true, "VN-03": true, "VN-04": true, + "VN-05": true, "VN-06": true, "VN-07": true, "VN-09": true, "VN-13": true, + "VN-14": true, "VN-15": true, "VN-18": true, "VN-20": true, "VN-21": true, + "VN-22": true, "VN-23": true, "VN-24": true, "VN-25": true, "VN-26": true, + "VN-27": true, "VN-28": true, "VN-29": true, "VN-30": true, "VN-31": true, + "VN-32": true, "VN-33": true, "VN-34": true, "VN-35": true, "VN-36": true, + "VN-37": true, "VN-39": true, "VN-40": true, "VN-41": true, "VN-43": true, + "VN-44": true, "VN-45": true, "VN-46": true, "VN-47": true, "VN-49": true, + "VN-50": true, "VN-51": true, "VN-52": true, "VN-53": true, "VN-54": true, + "VN-55": true, "VN-56": true, "VN-57": true, "VN-58": true, "VN-59": true, + "VN-61": true, "VN-63": true, "VN-66": true, "VN-67": true, "VN-68": true, + "VN-69": true, "VN-70": true, "VN-71": true, "VN-72": true, "VN-73": true, + "VN-CT": true, "VN-DN": true, "VN-HN": true, "VN-HP": true, "VN-SG": true, + "VU-MAP": true, "VU-PAM": true, "VU-SAM": true, "VU-SEE": true, "VU-TAE": true, + "VU-TOB": true, "WF-SG": true, "WF-UV": true, "WS-AA": true, "WS-AL": true, "WS-AT": true, "WS-FA": true, + "WS-GE": true, "WS-GI": true, "WS-PA": true, "WS-SA": true, "WS-TU": true, + "WS-VF": true, "WS-VS": true, "YE-AB": true, "YE-AD": true, "YE-AM": true, + "YE-BA": true, "YE-DA": true, "YE-DH": true, "YE-HD": true, "YE-HJ": true, "YE-HU": true, + "YE-IB": true, "YE-JA": true, "YE-LA": true, "YE-MA": true, "YE-MR": true, + "YE-MU": true, "YE-MW": true, "YE-RA": true, "YE-SA": true, "YE-SD": true, "YE-SH": true, + "YE-SN": true, "YE-TA": true, "ZA-EC": true, "ZA-FS": true, "ZA-GP": true, + "ZA-LP": true, "ZA-MP": true, "ZA-NC": true, "ZA-NW": true, "ZA-WC": true, + "ZA-ZN": true, "ZA-KZN": true, "ZM-01": true, "ZM-02": true, "ZM-03": true, "ZM-04": true, + "ZM-05": true, "ZM-06": true, "ZM-07": true, "ZM-08": true, "ZM-09": true, "ZM-10": true, + "ZW-BU": true, "ZW-HA": true, "ZW-MA": true, "ZW-MC": true, "ZW-ME": true, + "ZW-MI": true, "ZW-MN": true, "ZW-MS": true, "ZW-MV": true, "ZW-MW": true, +} diff --git a/vendor/github.com/go-playground/validator/v10/currency_codes.go b/vendor/github.com/go-playground/validator/v10/currency_codes.go new file mode 100644 index 0000000000..a5cd9b18a0 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/currency_codes.go @@ -0,0 +1,79 @@ +package validator + +var iso4217 = map[string]bool{ + "AFN": true, "EUR": true, "ALL": true, "DZD": true, "USD": true, + "AOA": true, "XCD": true, "ARS": true, "AMD": true, "AWG": true, + "AUD": true, "AZN": true, "BSD": true, "BHD": true, "BDT": true, + "BBD": true, "BYN": true, "BZD": true, "XOF": true, "BMD": true, + "INR": true, "BTN": true, "BOB": true, "BOV": true, "BAM": true, + "BWP": true, "NOK": true, "BRL": true, "BND": true, "BGN": true, + "BIF": true, "CVE": true, "KHR": true, "XAF": true, "CAD": true, + "KYD": true, "CLP": true, "CLF": true, "CNY": true, "COP": true, + "COU": true, "KMF": true, "CDF": true, "NZD": true, "CRC": true, + "HRK": true, "CUP": true, "CUC": true, "ANG": true, "CZK": true, + "DKK": true, "DJF": true, "DOP": true, "EGP": true, "SVC": true, + "ERN": true, "SZL": true, "ETB": true, "FKP": true, "FJD": true, + "XPF": true, "GMD": true, "GEL": true, "GHS": true, "GIP": true, + "GTQ": true, "GBP": true, "GNF": true, "GYD": true, "HTG": true, + "HNL": true, "HKD": true, "HUF": true, "ISK": true, "IDR": true, + "XDR": true, "IRR": true, "IQD": true, "ILS": true, "JMD": true, + "JPY": true, "JOD": true, "KZT": true, "KES": true, "KPW": true, + "KRW": true, "KWD": true, "KGS": true, "LAK": true, "LBP": true, + "LSL": true, "ZAR": true, "LRD": true, "LYD": true, "CHF": true, + "MOP": true, "MKD": true, "MGA": true, "MWK": true, "MYR": true, + "MVR": true, "MRU": true, "MUR": true, "XUA": true, "MXN": true, + "MXV": true, "MDL": true, "MNT": true, "MAD": true, "MZN": true, + "MMK": true, "NAD": true, "NPR": true, "NIO": true, "NGN": true, + "OMR": true, "PKR": true, "PAB": true, "PGK": true, "PYG": true, + "PEN": true, "PHP": true, "PLN": true, "QAR": true, "RON": true, + "RUB": true, "RWF": true, "SHP": true, "WST": true, "STN": true, + "SAR": true, "RSD": true, "SCR": true, "SLL": true, "SGD": true, + "XSU": true, "SBD": true, "SOS": true, "SSP": true, "LKR": true, + "SDG": true, "SRD": true, "SEK": true, "CHE": true, "CHW": true, + "SYP": true, "TWD": true, "TJS": true, "TZS": true, "THB": true, + "TOP": true, "TTD": true, "TND": true, "TRY": true, "TMT": true, + "UGX": true, "UAH": true, "AED": true, "USN": true, "UYU": true, + "UYI": true, "UYW": true, "UZS": true, "VUV": true, "VES": true, + "VND": true, "YER": true, "ZMW": true, "ZWL": true, "XBA": true, + "XBB": true, "XBC": true, "XBD": true, "XTS": true, "XXX": true, + "XAU": true, "XPD": true, "XPT": true, "XAG": true, +} + +var iso4217_numeric = map[int]bool{ + 8: true, 12: true, 32: true, 36: true, 44: true, + 48: true, 50: true, 51: true, 52: true, 60: true, + 64: true, 68: true, 72: true, 84: true, 90: true, + 96: true, 104: true, 108: true, 116: true, 124: true, + 132: true, 136: true, 144: true, 152: true, 156: true, + 170: true, 174: true, 188: true, 191: true, 192: true, + 203: true, 208: true, 214: true, 222: true, 230: true, + 232: true, 238: true, 242: true, 262: true, 270: true, + 292: true, 320: true, 324: true, 328: true, 332: true, + 340: true, 344: true, 348: true, 352: true, 356: true, + 360: true, 364: true, 368: true, 376: true, 388: true, + 392: true, 398: true, 400: true, 404: true, 408: true, + 410: true, 414: true, 417: true, 418: true, 422: true, + 426: true, 430: true, 434: true, 446: true, 454: true, + 458: true, 462: true, 480: true, 484: true, 496: true, + 498: true, 504: true, 512: true, 516: true, 524: true, + 532: true, 533: true, 548: true, 554: true, 558: true, + 566: true, 578: true, 586: true, 590: true, 598: true, + 600: true, 604: true, 608: true, 634: true, 643: true, + 646: true, 654: true, 682: true, 690: true, 694: true, + 702: true, 704: true, 706: true, 710: true, 728: true, + 748: true, 752: true, 756: true, 760: true, 764: true, + 776: true, 780: true, 784: true, 788: true, 800: true, + 807: true, 818: true, 826: true, 834: true, 840: true, + 858: true, 860: true, 882: true, 886: true, 901: true, + 927: true, 928: true, 929: true, 930: true, 931: true, + 932: true, 933: true, 934: true, 936: true, 938: true, + 940: true, 941: true, 943: true, 944: true, 946: true, + 947: true, 948: true, 949: true, 950: true, 951: true, + 952: true, 953: true, 955: true, 956: true, 957: true, + 958: true, 959: true, 960: true, 961: true, 962: true, + 963: true, 964: true, 965: true, 967: true, 968: true, + 969: true, 970: true, 971: true, 972: true, 973: true, + 975: true, 976: true, 977: true, 978: true, 979: true, + 980: true, 981: true, 984: true, 985: true, 986: true, + 990: true, 994: true, 997: true, 999: true, +} diff --git a/vendor/github.com/go-playground/validator/v10/doc.go b/vendor/github.com/go-playground/validator/v10/doc.go new file mode 100644 index 0000000000..f5aa9e5230 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/doc.go @@ -0,0 +1,1463 @@ +/* +Package validator implements value validations for structs and individual fields +based on tags. + +It can also handle Cross-Field and Cross-Struct validation for nested structs +and has the ability to dive into arrays and maps of any type. + +see more examples https://github.com/go-playground/validator/tree/master/_examples + +# Singleton + +Validator is designed to be thread-safe and used as a singleton instance. +It caches information about your struct and validations, +in essence only parsing your validation tags once per struct type. +Using multiple instances neglects the benefit of caching. +The not thread-safe functions are explicitly marked as such in the documentation. + +# Validation Functions Return Type error + +Doing things this way is actually the way the standard library does, see the +file.Open method here: + + https://golang.org/pkg/os/#Open. + +The authors return type "error" to avoid the issue discussed in the following, +where err is always != nil: + + http://stackoverflow.com/a/29138676/3158232 + https://github.com/go-playground/validator/issues/134 + +Validator only InvalidValidationError for bad validation input, nil or +ValidationErrors as type error; so, in your code all you need to do is check +if the error returned is not nil, and if it's not check if error is +InvalidValidationError ( if necessary, most of the time it isn't ) type cast +it to type ValidationErrors like so err.(validator.ValidationErrors). + +# Custom Validation Functions + +Custom Validation functions can be added. Example: + + // Structure + func customFunc(fl validator.FieldLevel) bool { + + if fl.Field().String() == "invalid" { + return false + } + + return true + } + + validate.RegisterValidation("custom tag name", customFunc) + // NOTES: using the same tag name as an existing function + // will overwrite the existing one + +# Cross-Field Validation + +Cross-Field Validation can be done via the following tags: + - eqfield + - nefield + - gtfield + - gtefield + - ltfield + - ltefield + - eqcsfield + - necsfield + - gtcsfield + - gtecsfield + - ltcsfield + - ltecsfield + +If, however, some custom cross-field validation is required, it can be done +using a custom validation. + +Why not just have cross-fields validation tags (i.e. only eqcsfield and not +eqfield)? + +The reason is efficiency. If you want to check a field within the same struct +"eqfield" only has to find the field on the same struct (1 level). But, if we +used "eqcsfield" it could be multiple levels down. Example: + + type Inner struct { + StartDate time.Time + } + + type Outer struct { + InnerStructField *Inner + CreatedAt time.Time `validate:"ltecsfield=InnerStructField.StartDate"` + } + + now := time.Now() + + inner := &Inner{ + StartDate: now, + } + + outer := &Outer{ + InnerStructField: inner, + CreatedAt: now, + } + + errs := validate.Struct(outer) + + // NOTE: when calling validate.Struct(val) topStruct will be the top level struct passed + // into the function + // when calling validate.VarWithValue(val, field, tag) val will be + // whatever you pass, struct, field... + // when calling validate.Field(field, tag) val will be nil + +# Multiple Validators + +Multiple validators on a field will process in the order defined. Example: + + type Test struct { + Field `validate:"max=10,min=1"` + } + + // max will be checked then min + +Bad Validator definitions are not handled by the library. Example: + + type Test struct { + Field `validate:"min=10,max=0"` + } + + // this definition of min max will never succeed + +# Using Validator Tags + +Baked In Cross-Field validation only compares fields on the same struct. +If Cross-Field + Cross-Struct validation is needed you should implement your +own custom validator. + +Comma (",") is the default separator of validation tags. If you wish to +have a comma included within the parameter (i.e. excludesall=,) you will need to +use the UTF-8 hex representation 0x2C, which is replaced in the code as a comma, +so the above will become excludesall=0x2C. + + type Test struct { + Field `validate:"excludesall=,"` // BAD! Do not include a comma. + Field `validate:"excludesall=0x2C"` // GOOD! Use the UTF-8 hex representation. + } + +Pipe ("|") is the 'or' validation tags deparator. If you wish to +have a pipe included within the parameter i.e. excludesall=| you will need to +use the UTF-8 hex representation 0x7C, which is replaced in the code as a pipe, +so the above will become excludesall=0x7C + + type Test struct { + Field `validate:"excludesall=|"` // BAD! Do not include a pipe! + Field `validate:"excludesall=0x7C"` // GOOD! Use the UTF-8 hex representation. + } + +# Baked In Validators and Tags + +Here is a list of the current built in validators: + +# Skip Field + +Tells the validation to skip this struct field; this is particularly +handy in ignoring embedded structs from being validated. (Usage: -) + + Usage: - + +# Or Operator + +This is the 'or' operator allowing multiple validators to be used and +accepted. (Usage: rgb|rgba) <-- this would allow either rgb or rgba +colors to be accepted. This can also be combined with 'and' for example +( Usage: omitempty,rgb|rgba) + + Usage: | + +# StructOnly + +When a field that is a nested struct is encountered, and contains this flag +any validation on the nested struct will be run, but none of the nested +struct fields will be validated. This is useful if inside of your program +you know the struct will be valid, but need to verify it has been assigned. +NOTE: only "required" and "omitempty" can be used on a struct itself. + + Usage: structonly + +# NoStructLevel + +Same as structonly tag except that any struct level validations will not run. + + Usage: nostructlevel + +# Omit Empty + +Allows conditional validation, for example if a field is not set with +a value (Determined by the "required" validator) then other validation +such as min or max won't run, but if a value is set validation will run. + + Usage: omitempty + +# Dive + +This tells the validator to dive into a slice, array or map and validate that +level of the slice, array or map with the validation tags that follow. +Multidimensional nesting is also supported, each level you wish to dive will +require another dive tag. dive has some sub-tags, 'keys' & 'endkeys', please see +the Keys & EndKeys section just below. + + Usage: dive + +Example #1 + + [][]string with validation tag "gt=0,dive,len=1,dive,required" + // gt=0 will be applied to [] + // len=1 will be applied to []string + // required will be applied to string + +Example #2 + + [][]string with validation tag "gt=0,dive,dive,required" + // gt=0 will be applied to [] + // []string will be spared validation + // required will be applied to string + +Keys & EndKeys + +These are to be used together directly after the dive tag and tells the validator +that anything between 'keys' and 'endkeys' applies to the keys of a map and not the +values; think of it like the 'dive' tag, but for map keys instead of values. +Multidimensional nesting is also supported, each level you wish to validate will +require another 'keys' and 'endkeys' tag. These tags are only valid for maps. + + Usage: dive,keys,othertagvalidation(s),endkeys,valuevalidationtags + +Example #1 + + map[string]string with validation tag "gt=0,dive,keys,eq=1|eq=2,endkeys,required" + // gt=0 will be applied to the map itself + // eq=1|eq=2 will be applied to the map keys + // required will be applied to map values + +Example #2 + + map[[2]string]string with validation tag "gt=0,dive,keys,dive,eq=1|eq=2,endkeys,required" + // gt=0 will be applied to the map itself + // eq=1|eq=2 will be applied to each array element in the map keys + // required will be applied to map values + +# Required + +This validates that the value is not the data types default zero value. +For numbers ensures value is not zero. For strings ensures value is +not "". For slices, maps, pointers, interfaces, channels and functions +ensures the value is not nil. + + Usage: required + +# Required If + +The field under validation must be present and not empty only if all +the other specified fields are equal to the value following the specified +field. For strings ensures value is not "". For slices, maps, pointers, +interfaces, channels and functions ensures the value is not nil. + + Usage: required_if + +Examples: + + // require the field if the Field1 is equal to the parameter given: + Usage: required_if=Field1 foobar + + // require the field if the Field1 and Field2 is equal to the value respectively: + Usage: required_if=Field1 foo Field2 bar + +# Required Unless + +The field under validation must be present and not empty unless all +the other specified fields are equal to the value following the specified +field. For strings ensures value is not "". For slices, maps, pointers, +interfaces, channels and functions ensures the value is not nil. + + Usage: required_unless + +Examples: + + // require the field unless the Field1 is equal to the parameter given: + Usage: required_unless=Field1 foobar + + // require the field unless the Field1 and Field2 is equal to the value respectively: + Usage: required_unless=Field1 foo Field2 bar + +# Required With + +The field under validation must be present and not empty only if any +of the other specified fields are present. For strings ensures value is +not "". For slices, maps, pointers, interfaces, channels and functions +ensures the value is not nil. + + Usage: required_with + +Examples: + + // require the field if the Field1 is present: + Usage: required_with=Field1 + + // require the field if the Field1 or Field2 is present: + Usage: required_with=Field1 Field2 + +# Required With All + +The field under validation must be present and not empty only if all +of the other specified fields are present. For strings ensures value is +not "". For slices, maps, pointers, interfaces, channels and functions +ensures the value is not nil. + + Usage: required_with_all + +Example: + + // require the field if the Field1 and Field2 is present: + Usage: required_with_all=Field1 Field2 + +# Required Without + +The field under validation must be present and not empty only when any +of the other specified fields are not present. For strings ensures value is +not "". For slices, maps, pointers, interfaces, channels and functions +ensures the value is not nil. + + Usage: required_without + +Examples: + + // require the field if the Field1 is not present: + Usage: required_without=Field1 + + // require the field if the Field1 or Field2 is not present: + Usage: required_without=Field1 Field2 + +# Required Without All + +The field under validation must be present and not empty only when all +of the other specified fields are not present. For strings ensures value is +not "". For slices, maps, pointers, interfaces, channels and functions +ensures the value is not nil. + + Usage: required_without_all + +Example: + + // require the field if the Field1 and Field2 is not present: + Usage: required_without_all=Field1 Field2 + +# Excluded If + +The field under validation must not be present or not empty only if all +the other specified fields are equal to the value following the specified +field. For strings ensures value is not "". For slices, maps, pointers, +interfaces, channels and functions ensures the value is not nil. + + Usage: excluded_if + +Examples: + + // exclude the field if the Field1 is equal to the parameter given: + Usage: excluded_if=Field1 foobar + + // exclude the field if the Field1 and Field2 is equal to the value respectively: + Usage: excluded_if=Field1 foo Field2 bar + +# Excluded Unless + +The field under validation must not be present or empty unless all +the other specified fields are equal to the value following the specified +field. For strings ensures value is not "". For slices, maps, pointers, +interfaces, channels and functions ensures the value is not nil. + + Usage: excluded_unless + +Examples: + + // exclude the field unless the Field1 is equal to the parameter given: + Usage: excluded_unless=Field1 foobar + + // exclude the field unless the Field1 and Field2 is equal to the value respectively: + Usage: excluded_unless=Field1 foo Field2 bar + +# Is Default + +This validates that the value is the default value and is almost the +opposite of required. + + Usage: isdefault + +# Length + +For numbers, length will ensure that the value is +equal to the parameter given. For strings, it checks that +the string length is exactly that number of characters. For slices, +arrays, and maps, validates the number of items. + +Example #1 + + Usage: len=10 + +Example #2 (time.Duration) + +For time.Duration, len will ensure that the value is equal to the duration given +in the parameter. + + Usage: len=1h30m + +# Maximum + +For numbers, max will ensure that the value is +less than or equal to the parameter given. For strings, it checks +that the string length is at most that number of characters. For +slices, arrays, and maps, validates the number of items. + +Example #1 + + Usage: max=10 + +Example #2 (time.Duration) + +For time.Duration, max will ensure that the value is less than or equal to the +duration given in the parameter. + + Usage: max=1h30m + +# Minimum + +For numbers, min will ensure that the value is +greater or equal to the parameter given. For strings, it checks that +the string length is at least that number of characters. For slices, +arrays, and maps, validates the number of items. + +Example #1 + + Usage: min=10 + +Example #2 (time.Duration) + +For time.Duration, min will ensure that the value is greater than or equal to +the duration given in the parameter. + + Usage: min=1h30m + +# Equals + +For strings & numbers, eq will ensure that the value is +equal to the parameter given. For slices, arrays, and maps, +validates the number of items. + +Example #1 + + Usage: eq=10 + +Example #2 (time.Duration) + +For time.Duration, eq will ensure that the value is equal to the duration given +in the parameter. + + Usage: eq=1h30m + +# Not Equal + +For strings & numbers, ne will ensure that the value is not +equal to the parameter given. For slices, arrays, and maps, +validates the number of items. + +Example #1 + + Usage: ne=10 + +Example #2 (time.Duration) + +For time.Duration, ne will ensure that the value is not equal to the duration +given in the parameter. + + Usage: ne=1h30m + +# One Of + +For strings, ints, and uints, oneof will ensure that the value +is one of the values in the parameter. The parameter should be +a list of values separated by whitespace. Values may be +strings or numbers. To match strings with spaces in them, include +the target string between single quotes. + + Usage: oneof=red green + oneof='red green' 'blue yellow' + oneof=5 7 9 + +# Greater Than + +For numbers, this will ensure that the value is greater than the +parameter given. For strings, it checks that the string length +is greater than that number of characters. For slices, arrays +and maps it validates the number of items. + +Example #1 + + Usage: gt=10 + +Example #2 (time.Time) + +For time.Time ensures the time value is greater than time.Now.UTC(). + + Usage: gt + +Example #3 (time.Duration) + +For time.Duration, gt will ensure that the value is greater than the duration +given in the parameter. + + Usage: gt=1h30m + +# Greater Than or Equal + +Same as 'min' above. Kept both to make terminology with 'len' easier. + +Example #1 + + Usage: gte=10 + +Example #2 (time.Time) + +For time.Time ensures the time value is greater than or equal to time.Now.UTC(). + + Usage: gte + +Example #3 (time.Duration) + +For time.Duration, gte will ensure that the value is greater than or equal to +the duration given in the parameter. + + Usage: gte=1h30m + +# Less Than + +For numbers, this will ensure that the value is less than the parameter given. +For strings, it checks that the string length is less than that number of +characters. For slices, arrays, and maps it validates the number of items. + +Example #1 + + Usage: lt=10 + +Example #2 (time.Time) + +For time.Time ensures the time value is less than time.Now.UTC(). + + Usage: lt + +Example #3 (time.Duration) + +For time.Duration, lt will ensure that the value is less than the duration given +in the parameter. + + Usage: lt=1h30m + +# Less Than or Equal + +Same as 'max' above. Kept both to make terminology with 'len' easier. + +Example #1 + + Usage: lte=10 + +Example #2 (time.Time) + +For time.Time ensures the time value is less than or equal to time.Now.UTC(). + + Usage: lte + +Example #3 (time.Duration) + +For time.Duration, lte will ensure that the value is less than or equal to the +duration given in the parameter. + + Usage: lte=1h30m + +# Field Equals Another Field + +This will validate the field value against another fields value either within +a struct or passed in field. + +Example #1: + + // Validation on Password field using: + Usage: eqfield=ConfirmPassword + +Example #2: + + // Validating by field: + validate.VarWithValue(password, confirmpassword, "eqfield") + +Field Equals Another Field (relative) + +This does the same as eqfield except that it validates the field provided relative +to the top level struct. + + Usage: eqcsfield=InnerStructField.Field) + +# Field Does Not Equal Another Field + +This will validate the field value against another fields value either within +a struct or passed in field. + +Examples: + + // Confirm two colors are not the same: + // + // Validation on Color field: + Usage: nefield=Color2 + + // Validating by field: + validate.VarWithValue(color1, color2, "nefield") + +Field Does Not Equal Another Field (relative) + +This does the same as nefield except that it validates the field provided +relative to the top level struct. + + Usage: necsfield=InnerStructField.Field + +# Field Greater Than Another Field + +Only valid for Numbers, time.Duration and time.Time types, this will validate +the field value against another fields value either within a struct or passed in +field. usage examples are for validation of a Start and End date: + +Example #1: + + // Validation on End field using: + validate.Struct Usage(gtfield=Start) + +Example #2: + + // Validating by field: + validate.VarWithValue(start, end, "gtfield") + +# Field Greater Than Another Relative Field + +This does the same as gtfield except that it validates the field provided +relative to the top level struct. + + Usage: gtcsfield=InnerStructField.Field + +# Field Greater Than or Equal To Another Field + +Only valid for Numbers, time.Duration and time.Time types, this will validate +the field value against another fields value either within a struct or passed in +field. usage examples are for validation of a Start and End date: + +Example #1: + + // Validation on End field using: + validate.Struct Usage(gtefield=Start) + +Example #2: + + // Validating by field: + validate.VarWithValue(start, end, "gtefield") + +# Field Greater Than or Equal To Another Relative Field + +This does the same as gtefield except that it validates the field provided relative +to the top level struct. + + Usage: gtecsfield=InnerStructField.Field + +# Less Than Another Field + +Only valid for Numbers, time.Duration and time.Time types, this will validate +the field value against another fields value either within a struct or passed in +field. usage examples are for validation of a Start and End date: + +Example #1: + + // Validation on End field using: + validate.Struct Usage(ltfield=Start) + +Example #2: + + // Validating by field: + validate.VarWithValue(start, end, "ltfield") + +# Less Than Another Relative Field + +This does the same as ltfield except that it validates the field provided relative +to the top level struct. + + Usage: ltcsfield=InnerStructField.Field + +# Less Than or Equal To Another Field + +Only valid for Numbers, time.Duration and time.Time types, this will validate +the field value against another fields value either within a struct or passed in +field. usage examples are for validation of a Start and End date: + +Example #1: + + // Validation on End field using: + validate.Struct Usage(ltefield=Start) + +Example #2: + + // Validating by field: + validate.VarWithValue(start, end, "ltefield") + +# Less Than or Equal To Another Relative Field + +This does the same as ltefield except that it validates the field provided relative +to the top level struct. + + Usage: ltecsfield=InnerStructField.Field + +# Field Contains Another Field + +This does the same as contains except for struct fields. It should only be used +with string types. See the behavior of reflect.Value.String() for behavior on +other types. + + Usage: containsfield=InnerStructField.Field + +# Field Excludes Another Field + +This does the same as excludes except for struct fields. It should only be used +with string types. See the behavior of reflect.Value.String() for behavior on +other types. + + Usage: excludesfield=InnerStructField.Field + +# Unique + +For arrays & slices, unique will ensure that there are no duplicates. +For maps, unique will ensure that there are no duplicate values. +For slices of struct, unique will ensure that there are no duplicate values +in a field of the struct specified via a parameter. + + // For arrays, slices, and maps: + Usage: unique + + // For slices of struct: + Usage: unique=field + +# Alpha Only + +This validates that a string value contains ASCII alpha characters only + + Usage: alpha + +# Alphanumeric + +This validates that a string value contains ASCII alphanumeric characters only + + Usage: alphanum + +# Alpha Unicode + +This validates that a string value contains unicode alpha characters only + + Usage: alphaunicode + +# Alphanumeric Unicode + +This validates that a string value contains unicode alphanumeric characters only + + Usage: alphanumunicode + +# Boolean + +This validates that a string value can successfully be parsed into a boolean with strconv.ParseBool + + Usage: boolean + +# Number + +This validates that a string value contains number values only. +For integers or float it returns true. + + Usage: number + +# Numeric + +This validates that a string value contains a basic numeric value. +basic excludes exponents etc... +for integers or float it returns true. + + Usage: numeric + +# Hexadecimal String + +This validates that a string value contains a valid hexadecimal. + + Usage: hexadecimal + +# Hexcolor String + +This validates that a string value contains a valid hex color including +hashtag (#) + + Usage: hexcolor + +# Lowercase String + +This validates that a string value contains only lowercase characters. An empty string is not a valid lowercase string. + + Usage: lowercase + +# Uppercase String + +This validates that a string value contains only uppercase characters. An empty string is not a valid uppercase string. + + Usage: uppercase + +# RGB String + +This validates that a string value contains a valid rgb color + + Usage: rgb + +# RGBA String + +This validates that a string value contains a valid rgba color + + Usage: rgba + +# HSL String + +This validates that a string value contains a valid hsl color + + Usage: hsl + +# HSLA String + +This validates that a string value contains a valid hsla color + + Usage: hsla + +# E.164 Phone Number String + +This validates that a string value contains a valid E.164 Phone number +https://en.wikipedia.org/wiki/E.164 (ex. +1123456789) + + Usage: e164 + +# E-mail String + +This validates that a string value contains a valid email +This may not conform to all possibilities of any rfc standard, but neither +does any email provider accept all possibilities. + + Usage: email + +# JSON String + +This validates that a string value is valid JSON + + Usage: json + +# JWT String + +This validates that a string value is a valid JWT + + Usage: jwt + +# File + +This validates that a string value contains a valid file path and that +the file exists on the machine. +This is done using os.Stat, which is a platform independent function. + + Usage: file + +# Image path + +This validates that a string value contains a valid file path and that +the file exists on the machine and is an image. +This is done using os.Stat and github.com/gabriel-vasile/mimetype + + Usage: image + +# URL String + +# File Path + +This validates that a string value contains a valid file path but does not +validate the existence of that file. +This is done using os.Stat, which is a platform independent function. + + Usage: filepath + +# URL String + +This validates that a string value contains a valid url +This will accept any url the golang request uri accepts but must contain +a schema for example http:// or rtmp:// + + Usage: url + +# URI String + +This validates that a string value contains a valid uri +This will accept any uri the golang request uri accepts + + Usage: uri + +# Urn RFC 2141 String + +This validataes that a string value contains a valid URN +according to the RFC 2141 spec. + + Usage: urn_rfc2141 + +# Base64 String + +This validates that a string value contains a valid base64 value. +Although an empty string is valid base64 this will report an empty string +as an error, if you wish to accept an empty string as valid you can use +this with the omitempty tag. + + Usage: base64 + +# Base64URL String + +This validates that a string value contains a valid base64 URL safe value +according the RFC4648 spec. +Although an empty string is a valid base64 URL safe value, this will report +an empty string as an error, if you wish to accept an empty string as valid +you can use this with the omitempty tag. + + Usage: base64url + +# Base64RawURL String + +This validates that a string value contains a valid base64 URL safe value, +but without = padding, according the RFC4648 spec, section 3.2. +Although an empty string is a valid base64 URL safe value, this will report +an empty string as an error, if you wish to accept an empty string as valid +you can use this with the omitempty tag. + + Usage: base64url + +# Bitcoin Address + +This validates that a string value contains a valid bitcoin address. +The format of the string is checked to ensure it matches one of the three formats +P2PKH, P2SH and performs checksum validation. + + Usage: btc_addr + +Bitcoin Bech32 Address (segwit) + +This validates that a string value contains a valid bitcoin Bech32 address as defined +by bip-0173 (https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki) +Special thanks to Pieter Wuille for providng reference implementations. + + Usage: btc_addr_bech32 + +# Ethereum Address + +This validates that a string value contains a valid ethereum address. +The format of the string is checked to ensure it matches the standard Ethereum address format. + + Usage: eth_addr + +# Contains + +This validates that a string value contains the substring value. + + Usage: contains=@ + +# Contains Any + +This validates that a string value contains any Unicode code points +in the substring value. + + Usage: containsany=!@#? + +# Contains Rune + +This validates that a string value contains the supplied rune value. + + Usage: containsrune=@ + +# Excludes + +This validates that a string value does not contain the substring value. + + Usage: excludes=@ + +# Excludes All + +This validates that a string value does not contain any Unicode code +points in the substring value. + + Usage: excludesall=!@#? + +# Excludes Rune + +This validates that a string value does not contain the supplied rune value. + + Usage: excludesrune=@ + +# Starts With + +This validates that a string value starts with the supplied string value + + Usage: startswith=hello + +# Ends With + +This validates that a string value ends with the supplied string value + + Usage: endswith=goodbye + +# Does Not Start With + +This validates that a string value does not start with the supplied string value + + Usage: startsnotwith=hello + +# Does Not End With + +This validates that a string value does not end with the supplied string value + + Usage: endsnotwith=goodbye + +# International Standard Book Number + +This validates that a string value contains a valid isbn10 or isbn13 value. + + Usage: isbn + +# International Standard Book Number 10 + +This validates that a string value contains a valid isbn10 value. + + Usage: isbn10 + +# International Standard Book Number 13 + +This validates that a string value contains a valid isbn13 value. + + Usage: isbn13 + +# Universally Unique Identifier UUID + +This validates that a string value contains a valid UUID. Uppercase UUID values will not pass - use `uuid_rfc4122` instead. + + Usage: uuid + +# Universally Unique Identifier UUID v3 + +This validates that a string value contains a valid version 3 UUID. Uppercase UUID values will not pass - use `uuid3_rfc4122` instead. + + Usage: uuid3 + +# Universally Unique Identifier UUID v4 + +This validates that a string value contains a valid version 4 UUID. Uppercase UUID values will not pass - use `uuid4_rfc4122` instead. + + Usage: uuid4 + +# Universally Unique Identifier UUID v5 + +This validates that a string value contains a valid version 5 UUID. Uppercase UUID values will not pass - use `uuid5_rfc4122` instead. + + Usage: uuid5 + +# Universally Unique Lexicographically Sortable Identifier ULID + +This validates that a string value contains a valid ULID value. + + Usage: ulid + +# ASCII + +This validates that a string value contains only ASCII characters. +NOTE: if the string is blank, this validates as true. + + Usage: ascii + +# Printable ASCII + +This validates that a string value contains only printable ASCII characters. +NOTE: if the string is blank, this validates as true. + + Usage: printascii + +# Multi-Byte Characters + +This validates that a string value contains one or more multibyte characters. +NOTE: if the string is blank, this validates as true. + + Usage: multibyte + +# Data URL + +This validates that a string value contains a valid DataURI. +NOTE: this will also validate that the data portion is valid base64 + + Usage: datauri + +# Latitude + +This validates that a string value contains a valid latitude. + + Usage: latitude + +# Longitude + +This validates that a string value contains a valid longitude. + + Usage: longitude + +# Social Security Number SSN + +This validates that a string value contains a valid U.S. Social Security Number. + + Usage: ssn + +# Internet Protocol Address IP + +This validates that a string value contains a valid IP Address. + + Usage: ip + +# Internet Protocol Address IPv4 + +This validates that a string value contains a valid v4 IP Address. + + Usage: ipv4 + +# Internet Protocol Address IPv6 + +This validates that a string value contains a valid v6 IP Address. + + Usage: ipv6 + +# Classless Inter-Domain Routing CIDR + +This validates that a string value contains a valid CIDR Address. + + Usage: cidr + +# Classless Inter-Domain Routing CIDRv4 + +This validates that a string value contains a valid v4 CIDR Address. + + Usage: cidrv4 + +# Classless Inter-Domain Routing CIDRv6 + +This validates that a string value contains a valid v6 CIDR Address. + + Usage: cidrv6 + +# Transmission Control Protocol Address TCP + +This validates that a string value contains a valid resolvable TCP Address. + + Usage: tcp_addr + +# Transmission Control Protocol Address TCPv4 + +This validates that a string value contains a valid resolvable v4 TCP Address. + + Usage: tcp4_addr + +# Transmission Control Protocol Address TCPv6 + +This validates that a string value contains a valid resolvable v6 TCP Address. + + Usage: tcp6_addr + +# User Datagram Protocol Address UDP + +This validates that a string value contains a valid resolvable UDP Address. + + Usage: udp_addr + +# User Datagram Protocol Address UDPv4 + +This validates that a string value contains a valid resolvable v4 UDP Address. + + Usage: udp4_addr + +# User Datagram Protocol Address UDPv6 + +This validates that a string value contains a valid resolvable v6 UDP Address. + + Usage: udp6_addr + +# Internet Protocol Address IP + +This validates that a string value contains a valid resolvable IP Address. + + Usage: ip_addr + +# Internet Protocol Address IPv4 + +This validates that a string value contains a valid resolvable v4 IP Address. + + Usage: ip4_addr + +# Internet Protocol Address IPv6 + +This validates that a string value contains a valid resolvable v6 IP Address. + + Usage: ip6_addr + +# Unix domain socket end point Address + +This validates that a string value contains a valid Unix Address. + + Usage: unix_addr + +# Media Access Control Address MAC + +This validates that a string value contains a valid MAC Address. + + Usage: mac + +Note: See Go's ParseMAC for accepted formats and types: + + http://golang.org/src/net/mac.go?s=866:918#L29 + +# Hostname RFC 952 + +This validates that a string value is a valid Hostname according to RFC 952 https://tools.ietf.org/html/rfc952 + + Usage: hostname + +# Hostname RFC 1123 + +This validates that a string value is a valid Hostname according to RFC 1123 https://tools.ietf.org/html/rfc1123 + + Usage: hostname_rfc1123 or if you want to continue to use 'hostname' in your tags, create an alias. + +Full Qualified Domain Name (FQDN) + +This validates that a string value contains a valid FQDN. + + Usage: fqdn + +# HTML Tags + +This validates that a string value appears to be an HTML element tag +including those described at https://developer.mozilla.org/en-US/docs/Web/HTML/Element + + Usage: html + +# HTML Encoded + +This validates that a string value is a proper character reference in decimal +or hexadecimal format + + Usage: html_encoded + +# URL Encoded + +This validates that a string value is percent-encoded (URL encoded) according +to https://tools.ietf.org/html/rfc3986#section-2.1 + + Usage: url_encoded + +# Directory + +This validates that a string value contains a valid directory and that +it exists on the machine. +This is done using os.Stat, which is a platform independent function. + + Usage: dir + +# Directory Path + +This validates that a string value contains a valid directory but does +not validate the existence of that directory. +This is done using os.Stat, which is a platform independent function. +It is safest to suffix the string with os.PathSeparator if the directory +may not exist at the time of validation. + + Usage: dirpath + +# HostPort + +This validates that a string value contains a valid DNS hostname and port that +can be used to valiate fields typically passed to sockets and connections. + + Usage: hostname_port + +# Datetime + +This validates that a string value is a valid datetime based on the supplied datetime format. +Supplied format must match the official Go time format layout as documented in https://golang.org/pkg/time/ + + Usage: datetime=2006-01-02 + +# Iso3166-1 alpha-2 + +This validates that a string value is a valid country code based on iso3166-1 alpha-2 standard. +see: https://www.iso.org/iso-3166-country-codes.html + + Usage: iso3166_1_alpha2 + +# Iso3166-1 alpha-3 + +This validates that a string value is a valid country code based on iso3166-1 alpha-3 standard. +see: https://www.iso.org/iso-3166-country-codes.html + + Usage: iso3166_1_alpha3 + +# Iso3166-1 alpha-numeric + +This validates that a string value is a valid country code based on iso3166-1 alpha-numeric standard. +see: https://www.iso.org/iso-3166-country-codes.html + + Usage: iso3166_1_alpha3 + +# BCP 47 Language Tag + +This validates that a string value is a valid BCP 47 language tag, as parsed by language.Parse. +More information on https://pkg.go.dev/golang.org/x/text/language + + Usage: bcp47_language_tag + +BIC (SWIFT code) + +This validates that a string value is a valid Business Identifier Code (SWIFT code), defined in ISO 9362. +More information on https://www.iso.org/standard/60390.html + + Usage: bic + +# RFC 1035 label + +This validates that a string value is a valid dns RFC 1035 label, defined in RFC 1035. +More information on https://datatracker.ietf.org/doc/html/rfc1035 + + Usage: dns_rfc1035_label + +# TimeZone + +This validates that a string value is a valid time zone based on the time zone database present on the system. +Although empty value and Local value are allowed by time.LoadLocation golang function, they are not allowed by this validator. +More information on https://golang.org/pkg/time/#LoadLocation + + Usage: timezone + +# Semantic Version + +This validates that a string value is a valid semver version, defined in Semantic Versioning 2.0.0. +More information on https://semver.org/ + + Usage: semver + +# CVE Identifier + +This validates that a string value is a valid cve id, defined in cve mitre. +More information on https://cve.mitre.org/ + + Usage: cve + +# Credit Card + +This validates that a string value contains a valid credit card number using Luhn algorithm. + + Usage: credit_card + +# Luhn Checksum + + Usage: luhn_checksum + +This validates that a string or (u)int value contains a valid checksum using the Luhn algorithm. + +# MongoDb ObjectID + +This validates that a string is a valid 24 character hexadecimal string. + + Usage: mongodb + +# Cron + +This validates that a string value contains a valid cron expression. + + Usage: cron + +# Alias Validators and Tags + +Alias Validators and Tags +NOTE: When returning an error, the tag returned in "FieldError" will be +the alias tag unless the dive tag is part of the alias. Everything after the +dive tag is not reported as the alias tag. Also, the "ActualTag" in the before +case will be the actual tag within the alias that failed. + +Here is a list of the current built in alias tags: + + "iscolor" + alias is "hexcolor|rgb|rgba|hsl|hsla" (Usage: iscolor) + "country_code" + alias is "iso3166_1_alpha2|iso3166_1_alpha3|iso3166_1_alpha_numeric" (Usage: country_code) + +Validator notes: + + regex + a regex validator won't be added because commas and = signs can be part + of a regex which conflict with the validation definitions. Although + workarounds can be made, they take away from using pure regex's. + Furthermore it's quick and dirty but the regex's become harder to + maintain and are not reusable, so it's as much a programming philosophy + as anything. + + In place of this new validator functions should be created; a regex can + be used within the validator function and even be precompiled for better + efficiency within regexes.go. + + And the best reason, you can submit a pull request and we can keep on + adding to the validation library of this package! + +# Non standard validators + +A collection of validation rules that are frequently needed but are more +complex than the ones found in the baked in validators. +A non standard validator must be registered manually like you would +with your own custom validation functions. + +Example of registration and use: + + type Test struct { + TestField string `validate:"yourtag"` + } + + t := &Test{ + TestField: "Test" + } + + validate := validator.New() + validate.RegisterValidation("yourtag", validators.NotBlank) + +Here is a list of the current non standard validators: + + NotBlank + This validates that the value is not blank or with length zero. + For strings ensures they do not contain only spaces. For channels, maps, slices and arrays + ensures they don't have zero length. For others, a non empty value is required. + + Usage: notblank + +# Panics + +This package panics when bad input is provided, this is by design, bad code like +that should not make it to production. + + type Test struct { + TestField string `validate:"nonexistantfunction=1"` + } + + t := &Test{ + TestField: "Test" + } + + validate.Struct(t) // this will panic +*/ +package validator diff --git a/vendor/github.com/go-playground/validator/v10/errors.go b/vendor/github.com/go-playground/validator/v10/errors.go new file mode 100644 index 0000000000..5856d57c8c --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/errors.go @@ -0,0 +1,272 @@ +package validator + +import ( + "bytes" + "fmt" + "reflect" + "strings" + + ut "github.com/go-playground/universal-translator" +) + +const ( + fieldErrMsg = "Key: '%s' Error:Field validation for '%s' failed on the '%s' tag" +) + +// ValidationErrorsTranslations is the translation return type +type ValidationErrorsTranslations map[string]string + +// InvalidValidationError describes an invalid argument passed to +// `Struct`, `StructExcept`, StructPartial` or `Field` +type InvalidValidationError struct { + Type reflect.Type +} + +// Error returns InvalidValidationError message +func (e *InvalidValidationError) Error() string { + + if e.Type == nil { + return "validator: (nil)" + } + + return "validator: (nil " + e.Type.String() + ")" +} + +// ValidationErrors is an array of FieldError's +// for use in custom error messages post validation. +type ValidationErrors []FieldError + +// Error is intended for use in development + debugging and not intended to be a production error message. +// It allows ValidationErrors to subscribe to the Error interface. +// All information to create an error message specific to your application is contained within +// the FieldError found within the ValidationErrors array +func (ve ValidationErrors) Error() string { + + buff := bytes.NewBufferString("") + + for i := 0; i < len(ve); i++ { + + buff.WriteString(ve[i].Error()) + buff.WriteString("\n") + } + + return strings.TrimSpace(buff.String()) +} + +// Translate translates all of the ValidationErrors +func (ve ValidationErrors) Translate(ut ut.Translator) ValidationErrorsTranslations { + + trans := make(ValidationErrorsTranslations) + + var fe *fieldError + + for i := 0; i < len(ve); i++ { + fe = ve[i].(*fieldError) + + // // in case an Anonymous struct was used, ensure that the key + // // would be 'Username' instead of ".Username" + // if len(fe.ns) > 0 && fe.ns[:1] == "." { + // trans[fe.ns[1:]] = fe.Translate(ut) + // continue + // } + + trans[fe.ns] = fe.Translate(ut) + } + + return trans +} + +// FieldError contains all functions to get error details +type FieldError interface { + + // Tag returns the validation tag that failed. if the + // validation was an alias, this will return the + // alias name and not the underlying tag that failed. + // + // eg. alias "iscolor": "hexcolor|rgb|rgba|hsl|hsla" + // will return "iscolor" + Tag() string + + // ActualTag returns the validation tag that failed, even if an + // alias the actual tag within the alias will be returned. + // If an 'or' validation fails the entire or will be returned. + // + // eg. alias "iscolor": "hexcolor|rgb|rgba|hsl|hsla" + // will return "hexcolor|rgb|rgba|hsl|hsla" + ActualTag() string + + // Namespace returns the namespace for the field error, with the tag + // name taking precedence over the field's actual name. + // + // eg. JSON name "User.fname" + // + // See StructNamespace() for a version that returns actual names. + // + // NOTE: this field can be blank when validating a single primitive field + // using validate.Field(...) as there is no way to extract it's name + Namespace() string + + // StructNamespace returns the namespace for the field error, with the field's + // actual name. + // + // eq. "User.FirstName" see Namespace for comparison + // + // NOTE: this field can be blank when validating a single primitive field + // using validate.Field(...) as there is no way to extract its name + StructNamespace() string + + // Field returns the fields name with the tag name taking precedence over the + // field's actual name. + // + // eq. JSON name "fname" + // see StructField for comparison + Field() string + + // StructField returns the field's actual name from the struct, when able to determine. + // + // eq. "FirstName" + // see Field for comparison + StructField() string + + // Value returns the actual field's value in case needed for creating the error + // message + Value() interface{} + + // Param returns the param value, in string form for comparison; this will also + // help with generating an error message + Param() string + + // Kind returns the Field's reflect Kind + // + // eg. time.Time's kind is a struct + Kind() reflect.Kind + + // Type returns the Field's reflect Type + // + // eg. time.Time's type is time.Time + Type() reflect.Type + + // Translate returns the FieldError's translated error + // from the provided 'ut.Translator' and registered 'TranslationFunc' + // + // NOTE: if no registered translator can be found it returns the same as + // calling fe.Error() + Translate(ut ut.Translator) string + + // Error returns the FieldError's message + Error() string +} + +// compile time interface checks +var _ FieldError = new(fieldError) +var _ error = new(fieldError) + +// fieldError contains a single field's validation error along +// with other properties that may be needed for error message creation +// it complies with the FieldError interface +type fieldError struct { + v *Validate + tag string + actualTag string + ns string + structNs string + fieldLen uint8 + structfieldLen uint8 + value interface{} + param string + kind reflect.Kind + typ reflect.Type +} + +// Tag returns the validation tag that failed. +func (fe *fieldError) Tag() string { + return fe.tag +} + +// ActualTag returns the validation tag that failed, even if an +// alias the actual tag within the alias will be returned. +func (fe *fieldError) ActualTag() string { + return fe.actualTag +} + +// Namespace returns the namespace for the field error, with the tag +// name taking precedence over the field's actual name. +func (fe *fieldError) Namespace() string { + return fe.ns +} + +// StructNamespace returns the namespace for the field error, with the field's +// actual name. +func (fe *fieldError) StructNamespace() string { + return fe.structNs +} + +// Field returns the field's name with the tag name taking precedence over the +// field's actual name. +func (fe *fieldError) Field() string { + + return fe.ns[len(fe.ns)-int(fe.fieldLen):] + // // return fe.field + // fld := fe.ns[len(fe.ns)-int(fe.fieldLen):] + + // log.Println("FLD:", fld) + + // if len(fld) > 0 && fld[:1] == "." { + // return fld[1:] + // } + + // return fld +} + +// StructField returns the field's actual name from the struct, when able to determine. +func (fe *fieldError) StructField() string { + // return fe.structField + return fe.structNs[len(fe.structNs)-int(fe.structfieldLen):] +} + +// Value returns the actual field's value in case needed for creating the error +// message +func (fe *fieldError) Value() interface{} { + return fe.value +} + +// Param returns the param value, in string form for comparison; this will +// also help with generating an error message +func (fe *fieldError) Param() string { + return fe.param +} + +// Kind returns the Field's reflect Kind +func (fe *fieldError) Kind() reflect.Kind { + return fe.kind +} + +// Type returns the Field's reflect Type +func (fe *fieldError) Type() reflect.Type { + return fe.typ +} + +// Error returns the fieldError's error message +func (fe *fieldError) Error() string { + return fmt.Sprintf(fieldErrMsg, fe.ns, fe.Field(), fe.tag) +} + +// Translate returns the FieldError's translated error +// from the provided 'ut.Translator' and registered 'TranslationFunc' +// +// NOTE: if no registered translation can be found, it returns the original +// untranslated error message. +func (fe *fieldError) Translate(ut ut.Translator) string { + + m, ok := fe.v.transTagFunc[ut] + if !ok { + return fe.Error() + } + + fn, ok := m[fe.tag] + if !ok { + return fe.Error() + } + + return fn(ut, fe) +} diff --git a/vendor/github.com/go-playground/validator/v10/field_level.go b/vendor/github.com/go-playground/validator/v10/field_level.go new file mode 100644 index 0000000000..ef35826ee6 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/field_level.go @@ -0,0 +1,120 @@ +package validator + +import "reflect" + +// FieldLevel contains all the information and helper functions +// to validate a field +type FieldLevel interface { + + // Top returns the top level struct, if any + Top() reflect.Value + + // Parent returns the current fields parent struct, if any or + // the comparison value if called 'VarWithValue' + Parent() reflect.Value + + // Field returns current field for validation + Field() reflect.Value + + // FieldName returns the field's name with the tag + // name taking precedence over the fields actual name. + FieldName() string + + // StructFieldName returns the struct field's name + StructFieldName() string + + // Param returns param for validation against current field + Param() string + + // GetTag returns the current validations tag name + GetTag() string + + // ExtractType gets the actual underlying type of field value. + // It will dive into pointers, customTypes and return you the + // underlying value and it's kind. + ExtractType(field reflect.Value) (value reflect.Value, kind reflect.Kind, nullable bool) + + // GetStructFieldOK traverses the parent struct to retrieve a specific field denoted by the provided namespace + // in the param and returns the field, field kind and whether is was successful in retrieving + // the field at all. + // + // NOTE: when not successful ok will be false, this can happen when a nested struct is nil and so the field + // could not be retrieved because it didn't exist. + // + // Deprecated: Use GetStructFieldOK2() instead which also return if the value is nullable. + GetStructFieldOK() (reflect.Value, reflect.Kind, bool) + + // GetStructFieldOKAdvanced is the same as GetStructFieldOK except that it accepts the parent struct to start looking for + // the field and namespace allowing more extensibility for validators. + // + // Deprecated: Use GetStructFieldOKAdvanced2() instead which also return if the value is nullable. + GetStructFieldOKAdvanced(val reflect.Value, namespace string) (reflect.Value, reflect.Kind, bool) + + // GetStructFieldOK2 traverses the parent struct to retrieve a specific field denoted by the provided namespace + // in the param and returns the field, field kind, if it's a nullable type and whether is was successful in retrieving + // the field at all. + // + // NOTE: when not successful ok will be false, this can happen when a nested struct is nil and so the field + // could not be retrieved because it didn't exist. + GetStructFieldOK2() (reflect.Value, reflect.Kind, bool, bool) + + // GetStructFieldOKAdvanced2 is the same as GetStructFieldOK except that it accepts the parent struct to start looking for + // the field and namespace allowing more extensibility for validators. + GetStructFieldOKAdvanced2(val reflect.Value, namespace string) (reflect.Value, reflect.Kind, bool, bool) +} + +var _ FieldLevel = new(validate) + +// Field returns current field for validation +func (v *validate) Field() reflect.Value { + return v.flField +} + +// FieldName returns the field's name with the tag +// name taking precedence over the fields actual name. +func (v *validate) FieldName() string { + return v.cf.altName +} + +// GetTag returns the current validations tag name +func (v *validate) GetTag() string { + return v.ct.tag +} + +// StructFieldName returns the struct field's name +func (v *validate) StructFieldName() string { + return v.cf.name +} + +// Param returns param for validation against current field +func (v *validate) Param() string { + return v.ct.param +} + +// GetStructFieldOK returns Param returns param for validation against current field +// +// Deprecated: Use GetStructFieldOK2() instead which also return if the value is nullable. +func (v *validate) GetStructFieldOK() (reflect.Value, reflect.Kind, bool) { + current, kind, _, found := v.getStructFieldOKInternal(v.slflParent, v.ct.param) + return current, kind, found +} + +// GetStructFieldOKAdvanced is the same as GetStructFieldOK except that it accepts the parent struct to start looking for +// the field and namespace allowing more extensibility for validators. +// +// Deprecated: Use GetStructFieldOKAdvanced2() instead which also return if the value is nullable. +func (v *validate) GetStructFieldOKAdvanced(val reflect.Value, namespace string) (reflect.Value, reflect.Kind, bool) { + current, kind, _, found := v.GetStructFieldOKAdvanced2(val, namespace) + return current, kind, found +} + +// GetStructFieldOK2 returns Param returns param for validation against current field +func (v *validate) GetStructFieldOK2() (reflect.Value, reflect.Kind, bool, bool) { + return v.getStructFieldOKInternal(v.slflParent, v.ct.param) +} + +// GetStructFieldOKAdvanced2 is the same as GetStructFieldOK except that it accepts the parent struct to start looking for +// the field and namespace allowing more extensibility for validators. +func (v *validate) GetStructFieldOKAdvanced2(val reflect.Value, namespace string) (reflect.Value, reflect.Kind, bool, bool) { + return v.getStructFieldOKInternal(val, namespace) +} diff --git a/vendor/github.com/go-playground/validator/v10/logo.png b/vendor/github.com/go-playground/validator/v10/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..355000f5247d50e979cf5db5de38188ef4649a34 GIT binary patch literal 13443 zcmbVz^LHiB^LK39wrv|5-`KWoTN~T9%?&s9Mte8f*xWeZ`~Lg^&kxU>)6-|>Om|IH zcUM=vsybFxSr!?A009gP3|U@IN*z>Z{#W2&KzAW<*L_e0I`lYd#@osT8GH952<>}$=#%H%txCM^!YLYIPG*~?*PoX}XfpXD#$r$vg% zUJ@M8Sa6}E0bs?J()q&Aj2!Xx^!*X7wf45!j09TZ!t8tmiZrhYa~rM!hkOgG3jNOL z$t%hsiEZp{`uZS=pUq3db%5@e>LpqUR%RzF4Fp&XYtszH3NMj(x&yBfN!B@dDe(i*$ zFaI9z`VK(*+SzZ3Km$V|gFS(NfPUS&ND}#zKM&MsZR;zy@SJwDwy5moK{eH84yz0`{Dhd+jynpps_Wzr*Rl)ctU%7jk!=>D(g}(sK zP}YV(B1|d_4NeR~4qlx?36qk5ng9u-wt+@fOTlvqhk>WQ%HxtjxBspSS(-6OpP;_x z73LX72W9oA=yUj&B*sjt0z}2U44ACNztdo!tbwR&pl8vCLjf!@HDwcP;p{h$JYsrk zE3Pp7L^A>!xwNPSX+2zrQgJ8|CCr11n`u|=C}{? zlHLN%{DxBD;+;&!6Se$BciUB@EQ~Y8_ZT-Q&4p}|A3l`R=AVR9Kt+V~a3a3V{l=)gHBK2op+X}BW7o(X1K2eRTZ^; ziO?#OmuWkXeCj2*{H(1C#qnQ>tz|Kq>*#cF7g)+?3G3(pVB@N37)9YHmYxa}CVb-% z@SHf5CnrEMiI6-&fkkOb9ema$%-Ld}qN54xNf|CDt?#e@Aec&IEcEEpu3Ak5Y z>0@s)b7yHEr~UCsek0JVuF%66MBgBxj-d!wQu4Evlx;p|pZG{&=4VV)*pIE{{f=SO z;V$)QC5ae=-6(Nc68{(S;2ymNVxIiwAs9}A@vA2?55kfV(qK>S6caF|bywd&p8ydL zB}xJ~6Di7u^Xl{s1E&b!{FXH0#>1$=MTNA7+vd;Pm*#B`iYRecX>5H7^iqDqQ{GQH zKNNh0?p}h?nEjh_Ft*^M`+(a;L*rKgPp=E!!}stvVxG|YKY=Yh25?+RloCoyT3T~2 zr1!?YL58}YTlyj1sTl_H(oBl48zJPwJFr9|r(>T7Npe$Hyl7Pm(dZ}|x;n!X(4wtZ zeNCCz4LTygy(gl;pV;dp+-Lpq=weiOW2Z_Lt@RNd_s43tZ>$@23^%6`T}rfexq!%# z)e|oR;kRY~2fW@V(in6QZzE*6TubN0<>|v2xiX)v6->d$no+&np8 z=DZPj>yPVL2Y2U^MJuW`R8R{2@Rg&}`S+$yEgsGihuW$3 z2y*A5Rm-TCh*xaY#R1q)HfzQS_%fPHCL7200}u=S#u`m zvW%z6F_UcmBq~g~s|d}v6$Q?noL`Z(X;@Q$i>kw^bF}I3A8QQyAE_nz-`H~a9o2}- ztPUs0q(DTZ^Yx3oA6C5I?{nHCX0qfW&C2r}h~~slhe!$_Hh1WB`w?_|D{JsF#zpgf z;F^yDTZs-$?`myzyDj@=x}@L4b~_KtUWzV+uiL${48Qh^ZdoywlRNR<*WLFY>v0fq zeWQS`g6{8q<#x){FrCbZlcTAh?+fw^gB-2LpRnlF^}`$D;(KxTOLn;dXs3Yl(uW$g6hyw3{wZdTVg|kdSet`n+SACG=!&%#r zl+Ha_MzD$G>iQb%tW~Uus7-zOMPI__Qo92dK3VKkGgR#;-!`uw++~l5J?MT+BUCv3 zcItfZO)uKXlipj1XD?F|>3frjQWA;$JV>TcHHrcrR=Ql;-B}Bb4;f|uVo(S7xL(QP zE%c8{bnchCJ%aG)3x8gx0`Hqq`eapfWqK`~Ec6Mea`v0{J?4~x(S2D#-7sMBR1X;{ zO-QlMUsyD!#jI^8v6y2J8TinHz_zsU@;3|?TfT0F2b2A7aX&aEQGc;IZ>UV*cToht z27rX9TA$h1ZMxk`KX|$6o$)=$PxIM3k^FhGmiJMaA3fBM6(M#efLJ9ucfbo2TkroP zxE4Dv?B_Nkef;0LYVj3nk|C9-MLv{y^-tY`SD(5phR2KMn}9@?I@SQ^#m* zu>9T8l>)311+yf)qc`Zp%3Cp9FS4PN18t5zZGy-!{f^5eJQA&Fb>Llf4kF^OZ}Tu z=jyadHyzlQLaf@_eAf{CFb}_v=Gj*BLc$VrMAe%hAL@6JaXkt^p&>`#SXjBAX!3#; zZ(sPdwtkoS08=HP@lruhHm*fIlu{y~LTu@+@;u*LBUU~nbQ7S{eH09xc5^_Xtu!q@ z6^P#P!A-(qwW30Th;TBWNp{b1+lP1D!2Y2In`HJ8=DTs8;1)Y~TE2Tco&agHaJGJRtE&{R2y^@Gnpny|$qxXc2=Ps$@$~9mxET{1Q$%i!i#frlzo0UOe_Y zMxNvLk98G99Jhl+-rMB_{OyQsE?70nTDUTZf%>P_;7WAz0a+FG*4EALUD*p3UWt_( z3yZrIM%L#2dleC=K}bD*)-@4195ctqtgM0iQACxJ?F&0O<{t?%^dK1pMJo*-dHj;E z%Vt=-^pa?Z(eb%_rx~$m@yuyvX^t!IvZZ&&LJtY`#;x+PXT-Gb~(3>gv;tf~4N37#aCX z-tW%A@AM^Cf&WBJl*|wp9s0RGq_rCL)=Klfe3e8BUY|7FGZM)#ZdT04zyZ#{*|<&8 z+dsxt9B+krqDfJbykPO==|6C|yAi)*jkV&C{Du7Y#drV0`{jGeFSFOANIz#B-ncz= zB?v}IR2j5eCJ`2>yNMN9<}h!(e$i><|KSPd(Ff^lC-7pg&G~QJ8T0JD-37gq1-K+V z;1?GW_CVrGX3V0m%yvW#+uGLl^01=9zyGrgZ5fJ6GeeULS25^4)YCL=-Z!w`r$tH= zj-ikdG|nI;y1wvvk2)h7^hL0Xvnxw)Y1u}&9Vv%k1};Z0IqW?AQ8)B@QOUa?ayt31 zX^`u?pa(0F6YpbrT;e2^auw#%0BX_ub?}_ieYF;4rGRd*1_vX-+Xv9I&yR@ zZF(3;`kXg0vHdTn$5Ie;gpS4@djPPJ60-Z_1?!DwQz9NO2jKDbkZ^oJbQVc?6v#&0 zAW|kWVx3>tw#eTFT> z$S^|&ZWo)7Lyes7r)@VL=2A|$JW1nr)ed9~F&(_uHC1f;YO_5oj&Afj!0(9M)7c*f z$rra8Ji?1Bc%e|v^CcS{(B7RRCc7Wrrs=I7)f#8IE{rDM)o~`?Y8!;pSaL!lLHCZ% z2RHV1+l?QSk}_AkH)`_s#(xKJ?jwKC`csy*aOGtV&`hmHIG<5hXtzm+=iQkb{pyZ< z%;RxAP~z<%lTo;vNWd4mn;*jW+1tVM*tJ0j)}5|LR4#M7r{PkXJaW;yHBr@9pIuiG z8V1M4Ci1&Z6T1I>(C@#6rJT=}4_MR%kp=0LFD)iInpDCFQ;rm ziA+yF-c%|NyQ8);!vM6)#xu8qylq9(nieBl!@e}S5}R@)8LEU)Q|o0z)Z3vP);l2n zvCG7gtlR2XtjF1}fhC?!r{BZ4#sNRJi-Kgt?Rd(rePR;wmE}rqM-z^#fA_=ptrRR~ zqS-A)prf=s19gdfPBn?#&j;!a+e1!wX7|RMt|@0KQ_^z7My)2imN}+? z&Ro$-#EC#FN(11}WJ|$X)eQ0hf7Xye3AhvowX$0|1+x+uY~g?ccTKswq+io;vFNd6 zr7#C9z4;>@b-tg$UzV@9U5hK{mDW{6%YjDa>FJu9Z8hZyN}pshPN=W>uI!^Q$kMqm z+}IiQA9sdYvoB1IiBfX#m0axM;6c8}N>K$tD8kW56>r1h5t8J!3X0YAj1|Aw&~l@A zxf2^V`F;A0W?i!7*yQ+#;?4!!1ZQrBEI$9+-N z6P_sTrV&}s7MX}77Nq}~KmQy&5T&0ZWX--y(<$MEOLGIm!7k)jQOWggN0!Rg^`Bj3z7;;PquhhFnoqJeAbUfHR~d2;C{_De_Ogp81i65*qU(X5fweyv+B#w>RW0 zm&_w7Zm z`YWfGxm^7MK^A>0nDITy;gz^Lzudv@BC>+^JOVExD%|?aa0W#9qe``&CHjF6vqV zB8&tSqdhz{r4(|w3!g-DZKg>^k=!a74kk`D{P(2>&R~8kXP)^Ns3jTlnM7|b=I@?W z*3YW^eW^H83@t)lUE4LAm#(ICbAZTgW?ohHU;Ok91QJvMGp6fHL|&TQb|ICaXi{OO zrD__`B5>e)a6orX^!P5CsJZqQhI9-E6v4*!cC1vUi2?G|44quG+rfLS+7ZX;meFoT zMa+fb0pH+x{|o<7L^;cM5J4}K*7m~l#N2_qa(YL%G9rt7(fo;z(CaJOODkCKPA9`Bop?dIYFl3wBU&l zdqN~tz4k#i1&+HT_N>0Qm%uxG;}xqfaciIXXK|67VNTu0yzMz6pt6)m~ z7y^EZ+(wMlK9yMiwkhp&>cmXQoRzGf`o{MmkrGaxJY*%s0Dza_WczOvC8IXtY4zGE zoAfaSy~MQoF^;l5RWb}DJq*S_&wp|_lkCAaR~iQkooeXo>yX+1hRw(?%#&k0 zm|IG1?>%mpBmLr(*DC>|Vr>bN;nKsdZLlS4*_h%G1n`;;6|sE0rg^T9KG)Swoz!z& zJra776~H1@daS@C;jzI*0~;x5(E1Fpo!nLAV=SmM;Q>*#bxdaC<;wO{!IV4ONwN}f z8NK=|T>UjQ5%%_C3KAVb1}wC~Feno-GH|l>&?HI*RX~t*0XtJ~S0R6Kst$kD*7mw& z{mR31-KopNO5bKJqku0*PjnBKFE_1y_|tmDtiN7SF!NZpwNb5#sV6w^bu9#1B5K7# z0N}))422cqc#^(uW?wJU*^KLe?VU&(*c6j;U6^LZcQoK4POU1{yKSH^?k2$VGLEWB zog!7!3_Kl%apr)=%d3Rpw_4BDLZf!1tIdN&D;Yg?X2&jp0vSBqbz)XX`Wu2%`IWJS1s3lhZ7H--?PJxQLg$XONw$8qE z@4G(S5}8yFwM`{Rdz9E__ZH{{Gusj%$t#w4+ac&G3wkM0n&qZPP}J9r*av-Zq- z%NdhH1sgs~Oq9{PLkkxDiK6MQo36OTZrr&F7k6+F*a}5hV<;1u+B`QQSF#ti5`pI3 z@gvRFovLjNAri8~54co-plD$yQSX*b95r9t@B%~eI2r9NqXw{mGRKtdG5*|wk~yO zW)?msL*Rlpy{X4OLKx;RTX5`t1RY4!(bJ`a7rJ?=xM7fwcCL;k7j%-*cj9NLfbojM= zsFk;>hWcz(m*MFBO66YXrs>D4!BqdqWy_oZ>c&}P@|L*1a zVk(-?<3wy?;t9XLM*dyTj^XbicaVIM%BJouomO8jaqzV51LbTf>Ywq=#cXFtO*-oC z$O(ezf}G*);p^d{5Cc9apUxWE7RHp-F$ne9h?~C!5ok6%glp3JFOLJd2A-Fm@I}Id-s z30mMGUBh}2LTd&+z4*b8fB8hNy+ke`kmJbFXYm9=Ud96znCvs;Xa*GB`{*jEPp($~+DX+RP*)$prD03Z~ zot>}r&YE}7>5Wkie5E(*NC^ihU`EdF6Ezw%Y_=C72{{2}2gipm z*Kp)Aa`c2J&xYYZ876z^z{Zt5pR2|?72(fT&g8MYt4OgJ8>+ZDr_oB=>9xhEw%27Y zdZWI$a9GrD@5Los+iFbyl507c-TMRH3x)MMT{uczOKy3!ra7;z>2})#CRqJW`Jr@s z)uA36KCgr8c)q);G>N2B3p4kyV4NWuoxzls;Xqq+eg~fI$A3otuea;KAQGd#L@`_H zA12vy0BVLhln8XMstlX5M43pjjcZzAO3GUc$zV-2^wq;7JE(EwPLoa!*2(XgxwSlx z2_J0xvN3`hnHWW^kuO7z`%AW8B~t4yhgSPHzS%y%$=}V7s+fZJ0#{k0^O+*L0|Zg4 zfX#xMrgl!s6Xo=iNk_&jq83fy!YAvDSuT8GO6%m58Pi*2YUR|;TQb;TdN=rqTpKIZ z-p&;$N{lIA6N##--%mV~CtEEa4=)@J`4YoT@$9}xH&qcX>lvW>wj*s%n1(JbS$r*d zK9ca~LMdTQ7v!Y34Q6Zh;50&tLX-E@$j3m@9%{iLEyrjeeM_lyMFuI6_pPMcUemdp z%6;iM!PP84B5GQ70B|+R^|BqipYC7_%BZRXP;eo#KZ6EBvBzlpn}@P3p}|8#I(4 zul0x<>TxI(s0g?8v|a89+n1)Jx##kH*g@FY*niUw?{Sqmm)Xi-;WBKlUieBT&& zR3bfdZ|yI{!e~+H2q@uF@=N3k*$H|RZpj@5hvmw~_Py+wV14-k8ynOVi-{@1gB;!g zop(C8F2W!)$gD|@VYtF3M2`gl44ny?45baF7yCBl4PB@{E_nNFz6{2b zr3nxXdd~S*FLLzzO#wytqw(3PI0_%D56fEkMQPca=JX$gqH9aJ{ZpKvk8&kz zVxpVpl56nj^P5R4Lm_KK_6WeFW0cD?IY zZu%H?$YfA5eBYF>2g^}+ig>LD^PgW_C#jRJ$|LNXlubK_b)pT9uqy)nlg?;4DG*(P@1w56aN4^TZM6bWUyCM1*1Czy}HIA#1w25=*y73 z^<0dmnQg(qFmL~t3lPYXx1H8~Zxg@d(x{4t40F=4{->PSRp{RzUszJHDlXejc7G)lY;8~fKsU-hk(590&9v& zFxr}ZKJqco?V2qb5bnkeLoQVbyu32=?$Kwh?;N0OiGN|7=6`RkdoJ(JT@djZ8dUCb za?z#~&v8Fm?V}L${Zr&aQ8JC0EF>X56u4pkjt-w^+1bG$r9f1OrJ$<6qE&iV7_}kN zQweT&?sbJOanV*#E0|bLjkCC(vOm|{V<5MsimhiSt-uxzjxz9SMUvMQK{`~RZ+v_m ztb%l8kCZHm@?oa?Mb$L;Bv2$(K*V=w5SD>$*ITQ!W*n%SOXJlQO>pLoRxLI#%aHpA zmYUE<8T)d$P6F=j$+`7W&dSV^FR;c5cvU=igm6$Q0Bz?EE|?msF@JEX89DoMOUuTr z`R{3)%|h-VtA7`wTgs8)s;PQ6$6IvQTsUzrO=Y6G!D)=Xx9w0$Gba6n1y?{dK@SoK ze54vzFH|9D2~QbpUTb_H)IYDfa|J}Lq9?%CFHbsIB8(vc1WUKbA`4uL=6b&iurle2 zi(4jg{2hA5K*7uKNnBA0KV4x*3NO0jb^QuEWV&39?%#Ve9aEQ)AWUUwycBSf_o%|` zTcm^fRU(B}U8I(N*#z&8fsGAkKpBAt5@UnRa>N{07@%qaw@bs$K2R5VP#c$2^Q%RQ zVuW0slT(*~U8kk?duR;_jOTpmwrrbx->n}JX^_|@zO|a)Ik@>X7HOQ(!z(#CF@`^7JGf2aEfn1S0v}oHKo%uVUMDjl3<>f#kD$hfw(^nW(aRB6AaG-TDAh%oHjEJ=J$;2s zNEtTUsuZa{ji(_8)1j8gUOb~B9fXBSc)M%Hfsu<`&aJGt{{#rePUQ zno1K;1#~H`?Rd#V$}MtvkS~UOgsP~@^u^u{ua{D3V=Fa{2IKwI7>|!cOUteP#X!Z_ z0=9Z(Y!#lhZpJ0TKxMl6%R?6~lt!EvNztb>dbADO5-ZkYS1f(TlqF6|c^Euh&Dojz z>7lTs0ClkTp5>|*~0 z_E{QdSna;}KOcu@*xbF3xyhffB&XIT`p{6hS*F))v#>=YEtJB9Cr*b2YtK$qd9@hS zP$+_%N43)URxgAF_fx!4#yRV$Y6W06mtQ<`6RwW>A*AaHVyEylR` z2)a@71;tKHeL9Ik*CB!~)Qw;=Fl6gGLG;?;LTeerep>@XsgVh4FN73z`?Z=yj9;v% zBxr{}l;h6)J_enD_Xs$w_!zAMpK(;B2{L7;9924=)DeQQG^=eR>S_sq&5Q6tF?!ZR z5Qknd!5HirCsnTIK}aSQLQ_)EQtb#JSG@QUVD}mpOr(idOXutsza|QP5K1WjdsWrs zkY855Sph`j8nzw^f)v# zwC?)Bwo9-}lWq~G9ow>)3->q?FnXQ<$)Y*Vq?hu8MmH8aL1yGrPXCBBQZxc2c}gM_ zazx&=nWtc(!DSU&y7M>VVWHK|f42Z4$ zgM>V`3TB$s+ZXAeFq65x>B{Mdc~^YySq_px;%mpmr2Huz$C}=8-KJN$50%RxgBJ`5 zP&~~O#I1B_1NXRe11=!ZG+8?m1fW)N1v3M~LuJCB_sLZ){E+CtNyJ{zEW!m2t6~4F z%H681*4phFkdH+Wb0LC&2rz`YF05QDpj#b^CS9c1iNN6yizQhsjIRb7ouDlN!>cKa zg7n0;K8z}XHxXi2Ecua32b&VylFo$*L~5$eud(~1>99o0y8R!-= zN_$<&9xytjEu>6segSMd2}6=@3VVB@GhvK>e5(3kr&=sV&}-F69b-m9?Ip^S&_1rK z)REQFT(LR2P6B9EqR$$Fjhw z@@PRbM9s{1I>jgtQ$A{Too_2xnL(GQD!IAjpSUUis4yB{sY$2}MT}d+!IfS_pu32*B z(%fM}`E)&K1vl5$L@*MaDwYf>96D4c;kb|PKTS;+YgrY9Ko@0Q)3$VlDZzF2D5qzp z3ooIC#iZNaZ8P4)aA|hlnC{a}TPrb~vTu2a+lFss)C;W1zZ926mndG{GXR|B)WfV} z(w*ugyn0Rs7_}^z1)X+M+)NXwrEUSMFwNFX_HD7RuV z!p-X54t?QhInx8)RxXg9Gk>_MaF-=XqAoa3dpy^>ZnMr+Cdt={MR4L zlI?2b=gsG3&Ijqpwy~pkv)Y=9n_|E|4ghMbhOV!U-CR;Kg+YdeFwVdfiyc*SZ33P= z$^Lo3LKgdGzEro#sbQm;1h}cbE=gD;VPV$RSAC(NX#P3$r*wNcQV1ac_8s?7<*v7Pd5{UE zcj<@b8s(}ugB+l6X(Y2RciZYZr@$lnh&EYVD&Q;@IV#m~)&N`>i%eC8QGg&uMXI=s zQLp~@6So9V;*{|ZngyWwRLWwzOCrXEh&`MazZ2wm)kNAKFDMMTX_jGA!oO_hJ-YRa z$^tLI^PHPVUu(o9eNPBKBkY8oY*JvIpawcN$Hq>rF`BD0kq%ngOwjI!^ei&^{U1>= z!^&Yoa|y-vSLjPKIP(7C?$zHcE6TomiB6zAM~x|S=v76w%>=hQ$rVordZSPGH_r!u za~NE4L)9W;Zi;ur8=N=;g2x`9ew-T?zd44CWDowkmcCKC2ZEkwyy{Cgf?DBwA)VTz zfJ;~J*q-_{>l2=#Z#w%BHa5yiZUb#89mRN|$!s*X41Sj}m@%Y%D8!j#oex}HpuLkT zi_70a875WHbj(&5q=Cb3*-Fn-b_=@DxVxh?M%~C#aO%I9A zfDhFlS)5h5m^sgc`qgo&LB;4CbJ+4Do$EQJL-i45cQ|%b4D${*iHS6$Z!lFja4{Z& zm_cQ;+$jmX_Ipjb?|qoQbz3TEQd@UgHO-t8i&2#uH*%Y+@t8HptKD;^>9mRb|w53r?9PIIfP$v|io_ z*cIdNpF96_?%r4O-CUdtgPsVgQ7~>`(Iv=~Vz&=N0I0@6UyQtkp156a;eRI#QPSg> zAcDjr+gD33>K!@@N;gSJr1%xowp?n{?=lK{fWo0V0xrMs(WD=)!hLrQ-FS z@!mYs_Wz~@&+paJijML41V^ce^;23KtbY_xNJKz@7&zTeFEoHm7;$(UI=YQFs#$@ptk!EQ42Y4FfxEf@TOsVt37 z}4AVbnC9Ri){mLjd@o@_vA;wzpV8G_ypN3Y=M08M6ZfM2Xtkpu^=A9}u!A?A z)0NYU%Y#TSSE#tnm?KTmo4 zd|UY(Tqjl;m?`7^R${$QG*ZIW=)p?(%lWYXyf8k9{rdP=)z$ty1cAPSJfgXTOPXN1 z^D-Pknjk$jWsP@0+o&sn#8=lA=)a-i-j|YE5DwZ9s#vk3w-c?}%C?C;Q@<(1;-i>L zl}SN#MAX*71GGR14&RiPaHe@3srrMMPYHjml+|aGSDU_fRi{h1_NlT;MHYR@D(IR3 zt6;N#m)Tdz?)V=$7s!&Z;ZdmJFd0m>InR~Umqz^)eM=coLx(q4tw%~Z0U73ho^=Mj zF)fREGIOlh6`*ARYk?K%ir!a_Yvw9snW){J#zyP<3!#qD8Q_2~d|so+(Xc54smil}_4kGqEK^l7mVKQmM+ zBR70H=a2QXGB!3jg`P(Kg~lE^KQr-y_EVJi%}cMMzb+f?)6-|yp{QzpZdk)-9EhXzQpEZ(ZuvkddnL`d4Y{JQ>J+Eg}}BSGkUqgbqYuem+;8++@MM(|;Eh?pTI_O&4Gy6PBOnIB)^cWfo! V^Rh-@K?jDw` + jWTRegexString = "^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*$" + splitParamsRegexString = `'[^']*'|\S+` + bicRegexString = `^[A-Za-z]{6}[A-Za-z0-9]{2}([A-Za-z0-9]{3})?$` + semverRegexString = `^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$` // numbered capture groups https://semver.org/ + dnsRegexStringRFC1035Label = "^[a-z]([-a-z0-9]*[a-z0-9]){0,62}$" + cveRegexString = `^CVE-(1999|2\d{3})-(0[^0]\d{2}|0\d[^0]\d{1}|0\d{2}[^0]|[1-9]{1}\d{3,})$` // CVE Format Id https://cve.mitre.org/cve/identifiers/syntaxchange.html + mongodbRegexString = "^[a-f\\d]{24}$" + cronRegexString = `(@(annually|yearly|monthly|weekly|daily|hourly|reboot))|(@every (\d+(ns|us|µs|ms|s|m|h))+)|((((\d+,)+\d+|(\d+(\/|-)\d+)|\d+|\*) ?){5,7})` +) + +var ( + alphaRegex = regexp.MustCompile(alphaRegexString) + alphaNumericRegex = regexp.MustCompile(alphaNumericRegexString) + alphaUnicodeRegex = regexp.MustCompile(alphaUnicodeRegexString) + alphaUnicodeNumericRegex = regexp.MustCompile(alphaUnicodeNumericRegexString) + numericRegex = regexp.MustCompile(numericRegexString) + numberRegex = regexp.MustCompile(numberRegexString) + hexadecimalRegex = regexp.MustCompile(hexadecimalRegexString) + hexColorRegex = regexp.MustCompile(hexColorRegexString) + rgbRegex = regexp.MustCompile(rgbRegexString) + rgbaRegex = regexp.MustCompile(rgbaRegexString) + hslRegex = regexp.MustCompile(hslRegexString) + hslaRegex = regexp.MustCompile(hslaRegexString) + e164Regex = regexp.MustCompile(e164RegexString) + emailRegex = regexp.MustCompile(emailRegexString) + base64Regex = regexp.MustCompile(base64RegexString) + base64URLRegex = regexp.MustCompile(base64URLRegexString) + base64RawURLRegex = regexp.MustCompile(base64RawURLRegexString) + iSBN10Regex = regexp.MustCompile(iSBN10RegexString) + iSBN13Regex = regexp.MustCompile(iSBN13RegexString) + uUID3Regex = regexp.MustCompile(uUID3RegexString) + uUID4Regex = regexp.MustCompile(uUID4RegexString) + uUID5Regex = regexp.MustCompile(uUID5RegexString) + uUIDRegex = regexp.MustCompile(uUIDRegexString) + uUID3RFC4122Regex = regexp.MustCompile(uUID3RFC4122RegexString) + uUID4RFC4122Regex = regexp.MustCompile(uUID4RFC4122RegexString) + uUID5RFC4122Regex = regexp.MustCompile(uUID5RFC4122RegexString) + uUIDRFC4122Regex = regexp.MustCompile(uUIDRFC4122RegexString) + uLIDRegex = regexp.MustCompile(uLIDRegexString) + md4Regex = regexp.MustCompile(md4RegexString) + md5Regex = regexp.MustCompile(md5RegexString) + sha256Regex = regexp.MustCompile(sha256RegexString) + sha384Regex = regexp.MustCompile(sha384RegexString) + sha512Regex = regexp.MustCompile(sha512RegexString) + ripemd128Regex = regexp.MustCompile(ripemd128RegexString) + ripemd160Regex = regexp.MustCompile(ripemd160RegexString) + tiger128Regex = regexp.MustCompile(tiger128RegexString) + tiger160Regex = regexp.MustCompile(tiger160RegexString) + tiger192Regex = regexp.MustCompile(tiger192RegexString) + aSCIIRegex = regexp.MustCompile(aSCIIRegexString) + printableASCIIRegex = regexp.MustCompile(printableASCIIRegexString) + multibyteRegex = regexp.MustCompile(multibyteRegexString) + dataURIRegex = regexp.MustCompile(dataURIRegexString) + latitudeRegex = regexp.MustCompile(latitudeRegexString) + longitudeRegex = regexp.MustCompile(longitudeRegexString) + sSNRegex = regexp.MustCompile(sSNRegexString) + hostnameRegexRFC952 = regexp.MustCompile(hostnameRegexStringRFC952) + hostnameRegexRFC1123 = regexp.MustCompile(hostnameRegexStringRFC1123) + fqdnRegexRFC1123 = regexp.MustCompile(fqdnRegexStringRFC1123) + btcAddressRegex = regexp.MustCompile(btcAddressRegexString) + btcUpperAddressRegexBech32 = regexp.MustCompile(btcAddressUpperRegexStringBech32) + btcLowerAddressRegexBech32 = regexp.MustCompile(btcAddressLowerRegexStringBech32) + ethAddressRegex = regexp.MustCompile(ethAddressRegexString) + uRLEncodedRegex = regexp.MustCompile(uRLEncodedRegexString) + hTMLEncodedRegex = regexp.MustCompile(hTMLEncodedRegexString) + hTMLRegex = regexp.MustCompile(hTMLRegexString) + jWTRegex = regexp.MustCompile(jWTRegexString) + splitParamsRegex = regexp.MustCompile(splitParamsRegexString) + bicRegex = regexp.MustCompile(bicRegexString) + semverRegex = regexp.MustCompile(semverRegexString) + dnsRegexRFC1035Label = regexp.MustCompile(dnsRegexStringRFC1035Label) + cveRegex = regexp.MustCompile(cveRegexString) + mongodbRegex = regexp.MustCompile(mongodbRegexString) + cronRegex = regexp.MustCompile(cronRegexString) +) diff --git a/vendor/github.com/go-playground/validator/v10/struct_level.go b/vendor/github.com/go-playground/validator/v10/struct_level.go new file mode 100644 index 0000000000..271328f710 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/struct_level.go @@ -0,0 +1,175 @@ +package validator + +import ( + "context" + "reflect" +) + +// StructLevelFunc accepts all values needed for struct level validation +type StructLevelFunc func(sl StructLevel) + +// StructLevelFuncCtx accepts all values needed for struct level validation +// but also allows passing of contextual validation information via context.Context. +type StructLevelFuncCtx func(ctx context.Context, sl StructLevel) + +// wrapStructLevelFunc wraps normal StructLevelFunc makes it compatible with StructLevelFuncCtx +func wrapStructLevelFunc(fn StructLevelFunc) StructLevelFuncCtx { + return func(ctx context.Context, sl StructLevel) { + fn(sl) + } +} + +// StructLevel contains all the information and helper functions +// to validate a struct +type StructLevel interface { + + // Validator returns the main validation object, in case one wants to call validations internally. + // this is so you don't have to use anonymous functions to get access to the validate + // instance. + Validator() *Validate + + // Top returns the top level struct, if any + Top() reflect.Value + + // Parent returns the current fields parent struct, if any + Parent() reflect.Value + + // Current returns the current struct. + Current() reflect.Value + + // ExtractType gets the actual underlying type of field value. + // It will dive into pointers, customTypes and return you the + // underlying value and its kind. + ExtractType(field reflect.Value) (value reflect.Value, kind reflect.Kind, nullable bool) + + // ReportError reports an error just by passing the field and tag information + // + // NOTES: + // + // fieldName and altName get appended to the existing namespace that + // validator is on. e.g. pass 'FirstName' or 'Names[0]' depending + // on the nesting + // + // tag can be an existing validation tag or just something you make up + // and process on the flip side it's up to you. + ReportError(field interface{}, fieldName, structFieldName string, tag, param string) + + // ReportValidationErrors reports an error just by passing ValidationErrors + // + // NOTES: + // + // relativeNamespace and relativeActualNamespace get appended to the + // existing namespace that validator is on. + // e.g. pass 'User.FirstName' or 'Users[0].FirstName' depending + // on the nesting. most of the time they will be blank, unless you validate + // at a level lower the current field depth + ReportValidationErrors(relativeNamespace, relativeActualNamespace string, errs ValidationErrors) +} + +var _ StructLevel = new(validate) + +// Top returns the top level struct +// +// NOTE: this can be the same as the current struct being validated +// if not is a nested struct. +// +// this is only called when within Struct and Field Level validation and +// should not be relied upon for an accurate value otherwise. +func (v *validate) Top() reflect.Value { + return v.top +} + +// Parent returns the current structs parent +// +// NOTE: this can be the same as the current struct being validated +// if not is a nested struct. +// +// this is only called when within Struct and Field Level validation and +// should not be relied upon for an accurate value otherwise. +func (v *validate) Parent() reflect.Value { + return v.slflParent +} + +// Current returns the current struct. +func (v *validate) Current() reflect.Value { + return v.slCurrent +} + +// Validator returns the main validation object, in case one want to call validations internally. +func (v *validate) Validator() *Validate { + return v.v +} + +// ExtractType gets the actual underlying type of field value. +func (v *validate) ExtractType(field reflect.Value) (reflect.Value, reflect.Kind, bool) { + return v.extractTypeInternal(field, false) +} + +// ReportError reports an error just by passing the field and tag information +func (v *validate) ReportError(field interface{}, fieldName, structFieldName, tag, param string) { + + fv, kind, _ := v.extractTypeInternal(reflect.ValueOf(field), false) + + if len(structFieldName) == 0 { + structFieldName = fieldName + } + + v.str1 = string(append(v.ns, fieldName...)) + + if v.v.hasTagNameFunc || fieldName != structFieldName { + v.str2 = string(append(v.actualNs, structFieldName...)) + } else { + v.str2 = v.str1 + } + + if kind == reflect.Invalid { + + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: tag, + actualTag: tag, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(fieldName)), + structfieldLen: uint8(len(structFieldName)), + param: param, + kind: kind, + }, + ) + return + } + + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: tag, + actualTag: tag, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(fieldName)), + structfieldLen: uint8(len(structFieldName)), + value: fv.Interface(), + param: param, + kind: kind, + typ: fv.Type(), + }, + ) +} + +// ReportValidationErrors reports ValidationErrors obtained from running validations within the Struct Level validation. +// +// NOTE: this function prepends the current namespace to the relative ones. +func (v *validate) ReportValidationErrors(relativeNamespace, relativeStructNamespace string, errs ValidationErrors) { + + var err *fieldError + + for i := 0; i < len(errs); i++ { + + err = errs[i].(*fieldError) + err.ns = string(append(append(v.ns, relativeNamespace...), err.ns...)) + err.structNs = string(append(append(v.actualNs, relativeStructNamespace...), err.structNs...)) + + v.errs = append(v.errs, err) + } +} diff --git a/vendor/github.com/go-playground/validator/v10/translations.go b/vendor/github.com/go-playground/validator/v10/translations.go new file mode 100644 index 0000000000..4d9d75c13a --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/translations.go @@ -0,0 +1,11 @@ +package validator + +import ut "github.com/go-playground/universal-translator" + +// TranslationFunc is the function type used to register or override +// custom translations +type TranslationFunc func(ut ut.Translator, fe FieldError) string + +// RegisterTranslationsFunc allows for registering of translations +// for a 'ut.Translator' for use within the 'TranslationFunc' +type RegisterTranslationsFunc func(ut ut.Translator) error diff --git a/vendor/github.com/go-playground/validator/v10/util.go b/vendor/github.com/go-playground/validator/v10/util.go new file mode 100644 index 0000000000..3925cfe1cd --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/util.go @@ -0,0 +1,288 @@ +package validator + +import ( + "reflect" + "strconv" + "strings" + "time" +) + +// extractTypeInternal gets the actual underlying type of field value. +// It will dive into pointers, customTypes and return you the +// underlying value and it's kind. +func (v *validate) extractTypeInternal(current reflect.Value, nullable bool) (reflect.Value, reflect.Kind, bool) { + +BEGIN: + switch current.Kind() { + case reflect.Ptr: + + nullable = true + + if current.IsNil() { + return current, reflect.Ptr, nullable + } + + current = current.Elem() + goto BEGIN + + case reflect.Interface: + + nullable = true + + if current.IsNil() { + return current, reflect.Interface, nullable + } + + current = current.Elem() + goto BEGIN + + case reflect.Invalid: + return current, reflect.Invalid, nullable + + default: + + if v.v.hasCustomFuncs { + + if fn, ok := v.v.customFuncs[current.Type()]; ok { + current = reflect.ValueOf(fn(current)) + goto BEGIN + } + } + + return current, current.Kind(), nullable + } +} + +// getStructFieldOKInternal traverses a struct to retrieve a specific field denoted by the provided namespace and +// returns the field, field kind and whether is was successful in retrieving the field at all. +// +// NOTE: when not successful ok will be false, this can happen when a nested struct is nil and so the field +// could not be retrieved because it didn't exist. +func (v *validate) getStructFieldOKInternal(val reflect.Value, namespace string) (current reflect.Value, kind reflect.Kind, nullable bool, found bool) { + +BEGIN: + current, kind, nullable = v.ExtractType(val) + if kind == reflect.Invalid { + return + } + + if namespace == "" { + found = true + return + } + + switch kind { + + case reflect.Ptr, reflect.Interface: + return + + case reflect.Struct: + + typ := current.Type() + fld := namespace + var ns string + + if !typ.ConvertibleTo(timeType) { + + idx := strings.Index(namespace, namespaceSeparator) + + if idx != -1 { + fld = namespace[:idx] + ns = namespace[idx+1:] + } else { + ns = "" + } + + bracketIdx := strings.Index(fld, leftBracket) + if bracketIdx != -1 { + fld = fld[:bracketIdx] + + ns = namespace[bracketIdx:] + } + + val = current.FieldByName(fld) + namespace = ns + goto BEGIN + } + + case reflect.Array, reflect.Slice: + idx := strings.Index(namespace, leftBracket) + idx2 := strings.Index(namespace, rightBracket) + + arrIdx, _ := strconv.Atoi(namespace[idx+1 : idx2]) + + if arrIdx >= current.Len() { + return + } + + startIdx := idx2 + 1 + + if startIdx < len(namespace) { + if namespace[startIdx:startIdx+1] == namespaceSeparator { + startIdx++ + } + } + + val = current.Index(arrIdx) + namespace = namespace[startIdx:] + goto BEGIN + + case reflect.Map: + idx := strings.Index(namespace, leftBracket) + 1 + idx2 := strings.Index(namespace, rightBracket) + + endIdx := idx2 + + if endIdx+1 < len(namespace) { + if namespace[endIdx+1:endIdx+2] == namespaceSeparator { + endIdx++ + } + } + + key := namespace[idx:idx2] + + switch current.Type().Key().Kind() { + case reflect.Int: + i, _ := strconv.Atoi(key) + val = current.MapIndex(reflect.ValueOf(i)) + namespace = namespace[endIdx+1:] + + case reflect.Int8: + i, _ := strconv.ParseInt(key, 10, 8) + val = current.MapIndex(reflect.ValueOf(int8(i))) + namespace = namespace[endIdx+1:] + + case reflect.Int16: + i, _ := strconv.ParseInt(key, 10, 16) + val = current.MapIndex(reflect.ValueOf(int16(i))) + namespace = namespace[endIdx+1:] + + case reflect.Int32: + i, _ := strconv.ParseInt(key, 10, 32) + val = current.MapIndex(reflect.ValueOf(int32(i))) + namespace = namespace[endIdx+1:] + + case reflect.Int64: + i, _ := strconv.ParseInt(key, 10, 64) + val = current.MapIndex(reflect.ValueOf(i)) + namespace = namespace[endIdx+1:] + + case reflect.Uint: + i, _ := strconv.ParseUint(key, 10, 0) + val = current.MapIndex(reflect.ValueOf(uint(i))) + namespace = namespace[endIdx+1:] + + case reflect.Uint8: + i, _ := strconv.ParseUint(key, 10, 8) + val = current.MapIndex(reflect.ValueOf(uint8(i))) + namespace = namespace[endIdx+1:] + + case reflect.Uint16: + i, _ := strconv.ParseUint(key, 10, 16) + val = current.MapIndex(reflect.ValueOf(uint16(i))) + namespace = namespace[endIdx+1:] + + case reflect.Uint32: + i, _ := strconv.ParseUint(key, 10, 32) + val = current.MapIndex(reflect.ValueOf(uint32(i))) + namespace = namespace[endIdx+1:] + + case reflect.Uint64: + i, _ := strconv.ParseUint(key, 10, 64) + val = current.MapIndex(reflect.ValueOf(i)) + namespace = namespace[endIdx+1:] + + case reflect.Float32: + f, _ := strconv.ParseFloat(key, 32) + val = current.MapIndex(reflect.ValueOf(float32(f))) + namespace = namespace[endIdx+1:] + + case reflect.Float64: + f, _ := strconv.ParseFloat(key, 64) + val = current.MapIndex(reflect.ValueOf(f)) + namespace = namespace[endIdx+1:] + + case reflect.Bool: + b, _ := strconv.ParseBool(key) + val = current.MapIndex(reflect.ValueOf(b)) + namespace = namespace[endIdx+1:] + + // reflect.Type = string + default: + val = current.MapIndex(reflect.ValueOf(key)) + namespace = namespace[endIdx+1:] + } + + goto BEGIN + } + + // if got here there was more namespace, cannot go any deeper + panic("Invalid field namespace") +} + +// asInt returns the parameter as a int64 +// or panics if it can't convert +func asInt(param string) int64 { + i, err := strconv.ParseInt(param, 0, 64) + panicIf(err) + + return i +} + +// asIntFromTimeDuration parses param as time.Duration and returns it as int64 +// or panics on error. +func asIntFromTimeDuration(param string) int64 { + d, err := time.ParseDuration(param) + if err != nil { + // attempt parsing as an integer assuming nanosecond precision + return asInt(param) + } + return int64(d) +} + +// asIntFromType calls the proper function to parse param as int64, +// given a field's Type t. +func asIntFromType(t reflect.Type, param string) int64 { + switch t { + case timeDurationType: + return asIntFromTimeDuration(param) + default: + return asInt(param) + } +} + +// asUint returns the parameter as a uint64 +// or panics if it can't convert +func asUint(param string) uint64 { + + i, err := strconv.ParseUint(param, 0, 64) + panicIf(err) + + return i +} + +// asFloat returns the parameter as a float64 +// or panics if it can't convert +func asFloat(param string) float64 { + + i, err := strconv.ParseFloat(param, 64) + panicIf(err) + + return i +} + +// asBool returns the parameter as a bool +// or panics if it can't convert +func asBool(param string) bool { + + i, err := strconv.ParseBool(param) + panicIf(err) + + return i +} + +func panicIf(err error) { + if err != nil { + panic(err.Error()) + } +} diff --git a/vendor/github.com/go-playground/validator/v10/validator.go b/vendor/github.com/go-playground/validator/v10/validator.go new file mode 100644 index 0000000000..6f6d53ada7 --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/validator.go @@ -0,0 +1,485 @@ +package validator + +import ( + "context" + "fmt" + "reflect" + "strconv" +) + +// per validate construct +type validate struct { + v *Validate + top reflect.Value + ns []byte + actualNs []byte + errs ValidationErrors + includeExclude map[string]struct{} // reset only if StructPartial or StructExcept are called, no need otherwise + ffn FilterFunc + slflParent reflect.Value // StructLevel & FieldLevel + slCurrent reflect.Value // StructLevel & FieldLevel + flField reflect.Value // StructLevel & FieldLevel + cf *cField // StructLevel & FieldLevel + ct *cTag // StructLevel & FieldLevel + misc []byte // misc reusable + str1 string // misc reusable + str2 string // misc reusable + fldIsPointer bool // StructLevel & FieldLevel + isPartial bool + hasExcludes bool +} + +// parent and current will be the same the first run of validateStruct +func (v *validate) validateStruct(ctx context.Context, parent reflect.Value, current reflect.Value, typ reflect.Type, ns []byte, structNs []byte, ct *cTag) { + + cs, ok := v.v.structCache.Get(typ) + if !ok { + cs = v.v.extractStructCache(current, typ.Name()) + } + + if len(ns) == 0 && len(cs.name) != 0 { + + ns = append(ns, cs.name...) + ns = append(ns, '.') + + structNs = append(structNs, cs.name...) + structNs = append(structNs, '.') + } + + // ct is nil on top level struct, and structs as fields that have no tag info + // so if nil or if not nil and the structonly tag isn't present + if ct == nil || ct.typeof != typeStructOnly { + + var f *cField + + for i := 0; i < len(cs.fields); i++ { + + f = cs.fields[i] + + if v.isPartial { + + if v.ffn != nil { + // used with StructFiltered + if v.ffn(append(structNs, f.name...)) { + continue + } + + } else { + // used with StructPartial & StructExcept + _, ok = v.includeExclude[string(append(structNs, f.name...))] + + if (ok && v.hasExcludes) || (!ok && !v.hasExcludes) { + continue + } + } + } + + v.traverseField(ctx, current, current.Field(f.idx), ns, structNs, f, f.cTags) + } + } + + // check if any struct level validations, after all field validations already checked. + // first iteration will have no info about nostructlevel tag, and is checked prior to + // calling the next iteration of validateStruct called from traverseField. + if cs.fn != nil { + + v.slflParent = parent + v.slCurrent = current + v.ns = ns + v.actualNs = structNs + + cs.fn(ctx, v) + } +} + +// traverseField validates any field, be it a struct or single field, ensures it's validity and passes it along to be validated via it's tag options +func (v *validate) traverseField(ctx context.Context, parent reflect.Value, current reflect.Value, ns []byte, structNs []byte, cf *cField, ct *cTag) { + var typ reflect.Type + var kind reflect.Kind + + current, kind, v.fldIsPointer = v.extractTypeInternal(current, false) + + switch kind { + case reflect.Ptr, reflect.Interface, reflect.Invalid: + + if ct == nil { + return + } + + if ct.typeof == typeOmitEmpty || ct.typeof == typeIsDefault { + return + } + + if ct.hasTag { + if kind == reflect.Invalid { + v.str1 = string(append(ns, cf.altName...)) + if v.v.hasTagNameFunc { + v.str2 = string(append(structNs, cf.name...)) + } else { + v.str2 = v.str1 + } + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: ct.aliasTag, + actualTag: ct.tag, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(cf.altName)), + structfieldLen: uint8(len(cf.name)), + param: ct.param, + kind: kind, + }, + ) + return + } + + v.str1 = string(append(ns, cf.altName...)) + if v.v.hasTagNameFunc { + v.str2 = string(append(structNs, cf.name...)) + } else { + v.str2 = v.str1 + } + if !ct.runValidationWhenNil { + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: ct.aliasTag, + actualTag: ct.tag, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(cf.altName)), + structfieldLen: uint8(len(cf.name)), + value: current.Interface(), + param: ct.param, + kind: kind, + typ: current.Type(), + }, + ) + return + } + } + + case reflect.Struct: + + typ = current.Type() + + if !typ.ConvertibleTo(timeType) { + + if ct != nil { + + if ct.typeof == typeStructOnly { + goto CONTINUE + } else if ct.typeof == typeIsDefault { + // set Field Level fields + v.slflParent = parent + v.flField = current + v.cf = cf + v.ct = ct + + if !ct.fn(ctx, v) { + v.str1 = string(append(ns, cf.altName...)) + + if v.v.hasTagNameFunc { + v.str2 = string(append(structNs, cf.name...)) + } else { + v.str2 = v.str1 + } + + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: ct.aliasTag, + actualTag: ct.tag, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(cf.altName)), + structfieldLen: uint8(len(cf.name)), + value: current.Interface(), + param: ct.param, + kind: kind, + typ: typ, + }, + ) + return + } + } + + ct = ct.next + } + + if ct != nil && ct.typeof == typeNoStructLevel { + return + } + + CONTINUE: + // if len == 0 then validating using 'Var' or 'VarWithValue' + // Var - doesn't make much sense to do it that way, should call 'Struct', but no harm... + // VarWithField - this allows for validating against each field within the struct against a specific value + // pretty handy in certain situations + if len(cf.name) > 0 { + ns = append(append(ns, cf.altName...), '.') + structNs = append(append(structNs, cf.name...), '.') + } + + v.validateStruct(ctx, parent, current, typ, ns, structNs, ct) + return + } + } + + if ct == nil || !ct.hasTag { + return + } + + typ = current.Type() + +OUTER: + for { + if ct == nil { + return + } + + switch ct.typeof { + + case typeOmitEmpty: + + // set Field Level fields + v.slflParent = parent + v.flField = current + v.cf = cf + v.ct = ct + + if !hasValue(v) { + return + } + + ct = ct.next + continue + + case typeEndKeys: + return + + case typeDive: + + ct = ct.next + + // traverse slice or map here + // or panic ;) + switch kind { + case reflect.Slice, reflect.Array: + + var i64 int64 + reusableCF := &cField{} + + for i := 0; i < current.Len(); i++ { + + i64 = int64(i) + + v.misc = append(v.misc[0:0], cf.name...) + v.misc = append(v.misc, '[') + v.misc = strconv.AppendInt(v.misc, i64, 10) + v.misc = append(v.misc, ']') + + reusableCF.name = string(v.misc) + + if cf.namesEqual { + reusableCF.altName = reusableCF.name + } else { + + v.misc = append(v.misc[0:0], cf.altName...) + v.misc = append(v.misc, '[') + v.misc = strconv.AppendInt(v.misc, i64, 10) + v.misc = append(v.misc, ']') + + reusableCF.altName = string(v.misc) + } + v.traverseField(ctx, parent, current.Index(i), ns, structNs, reusableCF, ct) + } + + case reflect.Map: + + var pv string + reusableCF := &cField{} + + for _, key := range current.MapKeys() { + + pv = fmt.Sprintf("%v", key.Interface()) + + v.misc = append(v.misc[0:0], cf.name...) + v.misc = append(v.misc, '[') + v.misc = append(v.misc, pv...) + v.misc = append(v.misc, ']') + + reusableCF.name = string(v.misc) + + if cf.namesEqual { + reusableCF.altName = reusableCF.name + } else { + v.misc = append(v.misc[0:0], cf.altName...) + v.misc = append(v.misc, '[') + v.misc = append(v.misc, pv...) + v.misc = append(v.misc, ']') + + reusableCF.altName = string(v.misc) + } + + if ct != nil && ct.typeof == typeKeys && ct.keys != nil { + v.traverseField(ctx, parent, key, ns, structNs, reusableCF, ct.keys) + // can be nil when just keys being validated + if ct.next != nil { + v.traverseField(ctx, parent, current.MapIndex(key), ns, structNs, reusableCF, ct.next) + } + } else { + v.traverseField(ctx, parent, current.MapIndex(key), ns, structNs, reusableCF, ct) + } + } + + default: + // throw error, if not a slice or map then should not have gotten here + // bad dive tag + panic("dive error! can't dive on a non slice or map") + } + + return + + case typeOr: + + v.misc = v.misc[0:0] + + for { + + // set Field Level fields + v.slflParent = parent + v.flField = current + v.cf = cf + v.ct = ct + + if ct.fn(ctx, v) { + if ct.isBlockEnd { + ct = ct.next + continue OUTER + } + + // drain rest of the 'or' values, then continue or leave + for { + + ct = ct.next + + if ct == nil { + return + } + + if ct.typeof != typeOr { + continue OUTER + } + + if ct.isBlockEnd { + ct = ct.next + continue OUTER + } + } + } + + v.misc = append(v.misc, '|') + v.misc = append(v.misc, ct.tag...) + + if ct.hasParam { + v.misc = append(v.misc, '=') + v.misc = append(v.misc, ct.param...) + } + + if ct.isBlockEnd || ct.next == nil { + // if we get here, no valid 'or' value and no more tags + v.str1 = string(append(ns, cf.altName...)) + + if v.v.hasTagNameFunc { + v.str2 = string(append(structNs, cf.name...)) + } else { + v.str2 = v.str1 + } + + if ct.hasAlias { + + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: ct.aliasTag, + actualTag: ct.actualAliasTag, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(cf.altName)), + structfieldLen: uint8(len(cf.name)), + value: current.Interface(), + param: ct.param, + kind: kind, + typ: typ, + }, + ) + + } else { + + tVal := string(v.misc)[1:] + + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: tVal, + actualTag: tVal, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(cf.altName)), + structfieldLen: uint8(len(cf.name)), + value: current.Interface(), + param: ct.param, + kind: kind, + typ: typ, + }, + ) + } + + return + } + + ct = ct.next + } + + default: + + // set Field Level fields + v.slflParent = parent + v.flField = current + v.cf = cf + v.ct = ct + + if !ct.fn(ctx, v) { + v.str1 = string(append(ns, cf.altName...)) + + if v.v.hasTagNameFunc { + v.str2 = string(append(structNs, cf.name...)) + } else { + v.str2 = v.str1 + } + + v.errs = append(v.errs, + &fieldError{ + v: v.v, + tag: ct.aliasTag, + actualTag: ct.tag, + ns: v.str1, + structNs: v.str2, + fieldLen: uint8(len(cf.altName)), + structfieldLen: uint8(len(cf.name)), + value: current.Interface(), + param: ct.param, + kind: kind, + typ: typ, + }, + ) + + return + } + ct = ct.next + } + } + +} diff --git a/vendor/github.com/go-playground/validator/v10/validator_instance.go b/vendor/github.com/go-playground/validator/v10/validator_instance.go new file mode 100644 index 0000000000..d2ee8fe38b --- /dev/null +++ b/vendor/github.com/go-playground/validator/v10/validator_instance.go @@ -0,0 +1,702 @@ +package validator + +import ( + "context" + "errors" + "fmt" + "reflect" + "strings" + "sync" + "time" + + ut "github.com/go-playground/universal-translator" +) + +const ( + defaultTagName = "validate" + utf8HexComma = "0x2C" + utf8Pipe = "0x7C" + tagSeparator = "," + orSeparator = "|" + tagKeySeparator = "=" + structOnlyTag = "structonly" + noStructLevelTag = "nostructlevel" + omitempty = "omitempty" + isdefault = "isdefault" + requiredWithoutAllTag = "required_without_all" + requiredWithoutTag = "required_without" + requiredWithTag = "required_with" + requiredWithAllTag = "required_with_all" + requiredIfTag = "required_if" + requiredUnlessTag = "required_unless" + skipUnlessTag = "skip_unless" + excludedWithoutAllTag = "excluded_without_all" + excludedWithoutTag = "excluded_without" + excludedWithTag = "excluded_with" + excludedWithAllTag = "excluded_with_all" + excludedIfTag = "excluded_if" + excludedUnlessTag = "excluded_unless" + skipValidationTag = "-" + diveTag = "dive" + keysTag = "keys" + endKeysTag = "endkeys" + requiredTag = "required" + namespaceSeparator = "." + leftBracket = "[" + rightBracket = "]" + restrictedTagChars = ".[],|=+()`~!@#$%^&*\\\"/?<>{}" + restrictedAliasErr = "Alias '%s' either contains restricted characters or is the same as a restricted tag needed for normal operation" + restrictedTagErr = "Tag '%s' either contains restricted characters or is the same as a restricted tag needed for normal operation" +) + +var ( + timeDurationType = reflect.TypeOf(time.Duration(0)) + timeType = reflect.TypeOf(time.Time{}) + + defaultCField = &cField{namesEqual: true} +) + +// FilterFunc is the type used to filter fields using +// StructFiltered(...) function. +// returning true results in the field being filtered/skipped from +// validation +type FilterFunc func(ns []byte) bool + +// CustomTypeFunc allows for overriding or adding custom field type handler functions +// field = field value of the type to return a value to be validated +// example Valuer from sql drive see https://golang.org/src/database/sql/driver/types.go?s=1210:1293#L29 +type CustomTypeFunc func(field reflect.Value) interface{} + +// TagNameFunc allows for adding of a custom tag name parser +type TagNameFunc func(field reflect.StructField) string + +type internalValidationFuncWrapper struct { + fn FuncCtx + runValidatinOnNil bool +} + +// Validate contains the validator settings and cache +type Validate struct { + tagName string + pool *sync.Pool + hasCustomFuncs bool + hasTagNameFunc bool + tagNameFunc TagNameFunc + structLevelFuncs map[reflect.Type]StructLevelFuncCtx + customFuncs map[reflect.Type]CustomTypeFunc + aliases map[string]string + validations map[string]internalValidationFuncWrapper + transTagFunc map[ut.Translator]map[string]TranslationFunc // map[]map[]TranslationFunc + rules map[reflect.Type]map[string]string + tagCache *tagCache + structCache *structCache +} + +// New returns a new instance of 'validate' with sane defaults. +// Validate is designed to be thread-safe and used as a singleton instance. +// It caches information about your struct and validations, +// in essence only parsing your validation tags once per struct type. +// Using multiple instances neglects the benefit of caching. +func New() *Validate { + + tc := new(tagCache) + tc.m.Store(make(map[string]*cTag)) + + sc := new(structCache) + sc.m.Store(make(map[reflect.Type]*cStruct)) + + v := &Validate{ + tagName: defaultTagName, + aliases: make(map[string]string, len(bakedInAliases)), + validations: make(map[string]internalValidationFuncWrapper, len(bakedInValidators)), + tagCache: tc, + structCache: sc, + } + + // must copy alias validators for separate validations to be used in each validator instance + for k, val := range bakedInAliases { + v.RegisterAlias(k, val) + } + + // must copy validators for separate validations to be used in each instance + for k, val := range bakedInValidators { + + switch k { + // these require that even if the value is nil that the validation should run, omitempty still overrides this behaviour + case requiredIfTag, requiredUnlessTag, requiredWithTag, requiredWithAllTag, requiredWithoutTag, requiredWithoutAllTag, + excludedIfTag, excludedUnlessTag, excludedWithTag, excludedWithAllTag, excludedWithoutTag, excludedWithoutAllTag, + skipUnlessTag: + _ = v.registerValidation(k, wrapFunc(val), true, true) + default: + // no need to error check here, baked in will always be valid + _ = v.registerValidation(k, wrapFunc(val), true, false) + } + } + + v.pool = &sync.Pool{ + New: func() interface{} { + return &validate{ + v: v, + ns: make([]byte, 0, 64), + actualNs: make([]byte, 0, 64), + misc: make([]byte, 32), + } + }, + } + + return v +} + +// SetTagName allows for changing of the default tag name of 'validate' +func (v *Validate) SetTagName(name string) { + v.tagName = name +} + +// ValidateMapCtx validates a map using a map of validation rules and allows passing of contextual +// validation information via context.Context. +func (v Validate) ValidateMapCtx(ctx context.Context, data map[string]interface{}, rules map[string]interface{}) map[string]interface{} { + errs := make(map[string]interface{}) + for field, rule := range rules { + if ruleObj, ok := rule.(map[string]interface{}); ok { + if dataObj, ok := data[field].(map[string]interface{}); ok { + err := v.ValidateMapCtx(ctx, dataObj, ruleObj) + if len(err) > 0 { + errs[field] = err + } + } else if dataObjs, ok := data[field].([]map[string]interface{}); ok { + for _, obj := range dataObjs { + err := v.ValidateMapCtx(ctx, obj, ruleObj) + if len(err) > 0 { + errs[field] = err + } + } + } else { + errs[field] = errors.New("The field: '" + field + "' is not a map to dive") + } + } else if ruleStr, ok := rule.(string); ok { + err := v.VarCtx(ctx, data[field], ruleStr) + if err != nil { + errs[field] = err + } + } + } + return errs +} + +// ValidateMap validates map data from a map of tags +func (v *Validate) ValidateMap(data map[string]interface{}, rules map[string]interface{}) map[string]interface{} { + return v.ValidateMapCtx(context.Background(), data, rules) +} + +// RegisterTagNameFunc registers a function to get alternate names for StructFields. +// +// eg. to use the names which have been specified for JSON representations of structs, rather than normal Go field names: +// +// validate.RegisterTagNameFunc(func(fld reflect.StructField) string { +// name := strings.SplitN(fld.Tag.Get("json"), ",", 2)[0] +// // skip if tag key says it should be ignored +// if name == "-" { +// return "" +// } +// return name +// }) +func (v *Validate) RegisterTagNameFunc(fn TagNameFunc) { + v.tagNameFunc = fn + v.hasTagNameFunc = true +} + +// RegisterValidation adds a validation with the given tag +// +// NOTES: +// - if the key already exists, the previous validation function will be replaced. +// - this method is not thread-safe it is intended that these all be registered prior to any validation +func (v *Validate) RegisterValidation(tag string, fn Func, callValidationEvenIfNull ...bool) error { + return v.RegisterValidationCtx(tag, wrapFunc(fn), callValidationEvenIfNull...) +} + +// RegisterValidationCtx does the same as RegisterValidation on accepts a FuncCtx validation +// allowing context.Context validation support. +func (v *Validate) RegisterValidationCtx(tag string, fn FuncCtx, callValidationEvenIfNull ...bool) error { + var nilCheckable bool + if len(callValidationEvenIfNull) > 0 { + nilCheckable = callValidationEvenIfNull[0] + } + return v.registerValidation(tag, fn, false, nilCheckable) +} + +func (v *Validate) registerValidation(tag string, fn FuncCtx, bakedIn bool, nilCheckable bool) error { + if len(tag) == 0 { + return errors.New("function Key cannot be empty") + } + + if fn == nil { + return errors.New("function cannot be empty") + } + + _, ok := restrictedTags[tag] + if !bakedIn && (ok || strings.ContainsAny(tag, restrictedTagChars)) { + panic(fmt.Sprintf(restrictedTagErr, tag)) + } + v.validations[tag] = internalValidationFuncWrapper{fn: fn, runValidatinOnNil: nilCheckable} + return nil +} + +// RegisterAlias registers a mapping of a single validation tag that +// defines a common or complex set of validation(s) to simplify adding validation +// to structs. +// +// NOTE: this function is not thread-safe it is intended that these all be registered prior to any validation +func (v *Validate) RegisterAlias(alias, tags string) { + + _, ok := restrictedTags[alias] + + if ok || strings.ContainsAny(alias, restrictedTagChars) { + panic(fmt.Sprintf(restrictedAliasErr, alias)) + } + + v.aliases[alias] = tags +} + +// RegisterStructValidation registers a StructLevelFunc against a number of types. +// +// NOTE: +// - this method is not thread-safe it is intended that these all be registered prior to any validation +func (v *Validate) RegisterStructValidation(fn StructLevelFunc, types ...interface{}) { + v.RegisterStructValidationCtx(wrapStructLevelFunc(fn), types...) +} + +// RegisterStructValidationCtx registers a StructLevelFuncCtx against a number of types and allows passing +// of contextual validation information via context.Context. +// +// NOTE: +// - this method is not thread-safe it is intended that these all be registered prior to any validation +func (v *Validate) RegisterStructValidationCtx(fn StructLevelFuncCtx, types ...interface{}) { + + if v.structLevelFuncs == nil { + v.structLevelFuncs = make(map[reflect.Type]StructLevelFuncCtx) + } + + for _, t := range types { + tv := reflect.ValueOf(t) + if tv.Kind() == reflect.Ptr { + t = reflect.Indirect(tv).Interface() + } + + v.structLevelFuncs[reflect.TypeOf(t)] = fn + } +} + +// RegisterStructValidationMapRules registers validate map rules. +// Be aware that map validation rules supersede those defined on a/the struct if present. +// +// NOTE: this method is not thread-safe it is intended that these all be registered prior to any validation +func (v *Validate) RegisterStructValidationMapRules(rules map[string]string, types ...interface{}) { + if v.rules == nil { + v.rules = make(map[reflect.Type]map[string]string) + } + + deepCopyRules := make(map[string]string) + for i, rule := range rules { + deepCopyRules[i] = rule + } + + for _, t := range types { + typ := reflect.TypeOf(t) + + if typ.Kind() == reflect.Ptr { + typ = typ.Elem() + } + + if typ.Kind() != reflect.Struct { + continue + } + v.rules[typ] = deepCopyRules + } +} + +// RegisterCustomTypeFunc registers a CustomTypeFunc against a number of types +// +// NOTE: this method is not thread-safe it is intended that these all be registered prior to any validation +func (v *Validate) RegisterCustomTypeFunc(fn CustomTypeFunc, types ...interface{}) { + + if v.customFuncs == nil { + v.customFuncs = make(map[reflect.Type]CustomTypeFunc) + } + + for _, t := range types { + v.customFuncs[reflect.TypeOf(t)] = fn + } + + v.hasCustomFuncs = true +} + +// RegisterTranslation registers translations against the provided tag. +func (v *Validate) RegisterTranslation(tag string, trans ut.Translator, registerFn RegisterTranslationsFunc, translationFn TranslationFunc) (err error) { + + if v.transTagFunc == nil { + v.transTagFunc = make(map[ut.Translator]map[string]TranslationFunc) + } + + if err = registerFn(trans); err != nil { + return + } + + m, ok := v.transTagFunc[trans] + if !ok { + m = make(map[string]TranslationFunc) + v.transTagFunc[trans] = m + } + + m[tag] = translationFn + + return +} + +// Struct validates a structs exposed fields, and automatically validates nested structs, unless otherwise specified. +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) Struct(s interface{}) error { + return v.StructCtx(context.Background(), s) +} + +// StructCtx validates a structs exposed fields, and automatically validates nested structs, unless otherwise specified +// and also allows passing of context.Context for contextual validation information. +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) StructCtx(ctx context.Context, s interface{}) (err error) { + + val := reflect.ValueOf(s) + top := val + + if val.Kind() == reflect.Ptr && !val.IsNil() { + val = val.Elem() + } + + if val.Kind() != reflect.Struct || val.Type().ConvertibleTo(timeType) { + return &InvalidValidationError{Type: reflect.TypeOf(s)} + } + + // good to validate + vd := v.pool.Get().(*validate) + vd.top = top + vd.isPartial = false + // vd.hasExcludes = false // only need to reset in StructPartial and StructExcept + + vd.validateStruct(ctx, top, val, val.Type(), vd.ns[0:0], vd.actualNs[0:0], nil) + + if len(vd.errs) > 0 { + err = vd.errs + vd.errs = nil + } + + v.pool.Put(vd) + + return +} + +// StructFiltered validates a structs exposed fields, that pass the FilterFunc check and automatically validates +// nested structs, unless otherwise specified. +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) StructFiltered(s interface{}, fn FilterFunc) error { + return v.StructFilteredCtx(context.Background(), s, fn) +} + +// StructFilteredCtx validates a structs exposed fields, that pass the FilterFunc check and automatically validates +// nested structs, unless otherwise specified and also allows passing of contextual validation information via +// context.Context +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) StructFilteredCtx(ctx context.Context, s interface{}, fn FilterFunc) (err error) { + val := reflect.ValueOf(s) + top := val + + if val.Kind() == reflect.Ptr && !val.IsNil() { + val = val.Elem() + } + + if val.Kind() != reflect.Struct || val.Type().ConvertibleTo(timeType) { + return &InvalidValidationError{Type: reflect.TypeOf(s)} + } + + // good to validate + vd := v.pool.Get().(*validate) + vd.top = top + vd.isPartial = true + vd.ffn = fn + // vd.hasExcludes = false // only need to reset in StructPartial and StructExcept + + vd.validateStruct(ctx, top, val, val.Type(), vd.ns[0:0], vd.actualNs[0:0], nil) + + if len(vd.errs) > 0 { + err = vd.errs + vd.errs = nil + } + + v.pool.Put(vd) + + return +} + +// StructPartial validates the fields passed in only, ignoring all others. +// Fields may be provided in a namespaced fashion relative to the struct provided +// eg. NestedStruct.Field or NestedArrayField[0].Struct.Name +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) StructPartial(s interface{}, fields ...string) error { + return v.StructPartialCtx(context.Background(), s, fields...) +} + +// StructPartialCtx validates the fields passed in only, ignoring all others and allows passing of contextual +// validation information via context.Context +// Fields may be provided in a namespaced fashion relative to the struct provided +// eg. NestedStruct.Field or NestedArrayField[0].Struct.Name +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) StructPartialCtx(ctx context.Context, s interface{}, fields ...string) (err error) { + val := reflect.ValueOf(s) + top := val + + if val.Kind() == reflect.Ptr && !val.IsNil() { + val = val.Elem() + } + + if val.Kind() != reflect.Struct || val.Type().ConvertibleTo(timeType) { + return &InvalidValidationError{Type: reflect.TypeOf(s)} + } + + // good to validate + vd := v.pool.Get().(*validate) + vd.top = top + vd.isPartial = true + vd.ffn = nil + vd.hasExcludes = false + vd.includeExclude = make(map[string]struct{}) + + typ := val.Type() + name := typ.Name() + + for _, k := range fields { + + flds := strings.Split(k, namespaceSeparator) + if len(flds) > 0 { + + vd.misc = append(vd.misc[0:0], name...) + // Don't append empty name for unnamed structs + if len(vd.misc) != 0 { + vd.misc = append(vd.misc, '.') + } + + for _, s := range flds { + + idx := strings.Index(s, leftBracket) + + if idx != -1 { + for idx != -1 { + vd.misc = append(vd.misc, s[:idx]...) + vd.includeExclude[string(vd.misc)] = struct{}{} + + idx2 := strings.Index(s, rightBracket) + idx2++ + vd.misc = append(vd.misc, s[idx:idx2]...) + vd.includeExclude[string(vd.misc)] = struct{}{} + s = s[idx2:] + idx = strings.Index(s, leftBracket) + } + } else { + + vd.misc = append(vd.misc, s...) + vd.includeExclude[string(vd.misc)] = struct{}{} + } + + vd.misc = append(vd.misc, '.') + } + } + } + + vd.validateStruct(ctx, top, val, typ, vd.ns[0:0], vd.actualNs[0:0], nil) + + if len(vd.errs) > 0 { + err = vd.errs + vd.errs = nil + } + + v.pool.Put(vd) + + return +} + +// StructExcept validates all fields except the ones passed in. +// Fields may be provided in a namespaced fashion relative to the struct provided +// i.e. NestedStruct.Field or NestedArrayField[0].Struct.Name +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) StructExcept(s interface{}, fields ...string) error { + return v.StructExceptCtx(context.Background(), s, fields...) +} + +// StructExceptCtx validates all fields except the ones passed in and allows passing of contextual +// validation information via context.Context +// Fields may be provided in a namespaced fashion relative to the struct provided +// i.e. NestedStruct.Field or NestedArrayField[0].Struct.Name +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +func (v *Validate) StructExceptCtx(ctx context.Context, s interface{}, fields ...string) (err error) { + val := reflect.ValueOf(s) + top := val + + if val.Kind() == reflect.Ptr && !val.IsNil() { + val = val.Elem() + } + + if val.Kind() != reflect.Struct || val.Type().ConvertibleTo(timeType) { + return &InvalidValidationError{Type: reflect.TypeOf(s)} + } + + // good to validate + vd := v.pool.Get().(*validate) + vd.top = top + vd.isPartial = true + vd.ffn = nil + vd.hasExcludes = true + vd.includeExclude = make(map[string]struct{}) + + typ := val.Type() + name := typ.Name() + + for _, key := range fields { + + vd.misc = vd.misc[0:0] + + if len(name) > 0 { + vd.misc = append(vd.misc, name...) + vd.misc = append(vd.misc, '.') + } + + vd.misc = append(vd.misc, key...) + vd.includeExclude[string(vd.misc)] = struct{}{} + } + + vd.validateStruct(ctx, top, val, typ, vd.ns[0:0], vd.actualNs[0:0], nil) + + if len(vd.errs) > 0 { + err = vd.errs + vd.errs = nil + } + + v.pool.Put(vd) + + return +} + +// Var validates a single variable using tag style validation. +// eg. +// var i int +// validate.Var(i, "gt=1,lt=10") +// +// WARNING: a struct can be passed for validation eg. time.Time is a struct or +// if you have a custom type and have registered a custom type handler, so must +// allow it; however unforeseen validations will occur if trying to validate a +// struct that is meant to be passed to 'validate.Struct' +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +// validate Array, Slice and maps fields which may contain more than one error +func (v *Validate) Var(field interface{}, tag string) error { + return v.VarCtx(context.Background(), field, tag) +} + +// VarCtx validates a single variable using tag style validation and allows passing of contextual +// validation information via context.Context. +// eg. +// var i int +// validate.Var(i, "gt=1,lt=10") +// +// WARNING: a struct can be passed for validation eg. time.Time is a struct or +// if you have a custom type and have registered a custom type handler, so must +// allow it; however unforeseen validations will occur if trying to validate a +// struct that is meant to be passed to 'validate.Struct' +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +// validate Array, Slice and maps fields which may contain more than one error +func (v *Validate) VarCtx(ctx context.Context, field interface{}, tag string) (err error) { + if len(tag) == 0 || tag == skipValidationTag { + return nil + } + + ctag := v.fetchCacheTag(tag) + + val := reflect.ValueOf(field) + vd := v.pool.Get().(*validate) + vd.top = val + vd.isPartial = false + vd.traverseField(ctx, val, val, vd.ns[0:0], vd.actualNs[0:0], defaultCField, ctag) + + if len(vd.errs) > 0 { + err = vd.errs + vd.errs = nil + } + v.pool.Put(vd) + return +} + +// VarWithValue validates a single variable, against another variable/field's value using tag style validation +// eg. +// s1 := "abcd" +// s2 := "abcd" +// validate.VarWithValue(s1, s2, "eqcsfield") // returns true +// +// WARNING: a struct can be passed for validation eg. time.Time is a struct or +// if you have a custom type and have registered a custom type handler, so must +// allow it; however unforeseen validations will occur if trying to validate a +// struct that is meant to be passed to 'validate.Struct' +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +// validate Array, Slice and maps fields which may contain more than one error +func (v *Validate) VarWithValue(field interface{}, other interface{}, tag string) error { + return v.VarWithValueCtx(context.Background(), field, other, tag) +} + +// VarWithValueCtx validates a single variable, against another variable/field's value using tag style validation and +// allows passing of contextual validation validation information via context.Context. +// eg. +// s1 := "abcd" +// s2 := "abcd" +// validate.VarWithValue(s1, s2, "eqcsfield") // returns true +// +// WARNING: a struct can be passed for validation eg. time.Time is a struct or +// if you have a custom type and have registered a custom type handler, so must +// allow it; however unforeseen validations will occur if trying to validate a +// struct that is meant to be passed to 'validate.Struct' +// +// It returns InvalidValidationError for bad values passed in and nil or ValidationErrors as error otherwise. +// You will need to assert the error if it's not nil eg. err.(validator.ValidationErrors) to access the array of errors. +// validate Array, Slice and maps fields which may contain more than one error +func (v *Validate) VarWithValueCtx(ctx context.Context, field interface{}, other interface{}, tag string) (err error) { + if len(tag) == 0 || tag == skipValidationTag { + return nil + } + ctag := v.fetchCacheTag(tag) + otherVal := reflect.ValueOf(other) + vd := v.pool.Get().(*validate) + vd.top = otherVal + vd.isPartial = false + vd.traverseField(ctx, otherVal, reflect.ValueOf(field), vd.ns[0:0], vd.actualNs[0:0], defaultCField, ctag) + + if len(vd.errs) > 0 { + err = vd.errs + vd.errs = nil + } + v.pool.Put(vd) + return +} diff --git a/vendor/github.com/google/trillian/.golangci.yaml b/vendor/github.com/google/trillian/.golangci.yaml index 4784f8fde4..0c50dcbda2 100644 --- a/vendor/github.com/google/trillian/.golangci.yaml +++ b/vendor/github.com/google/trillian/.golangci.yaml @@ -15,22 +15,6 @@ linters-settings: - golang.org/x/net/context - github.com/gogo/protobuf/proto -linters: - disable-all: true - enable: - - depguard - - gocyclo - - gofmt - - goimports - - govet - - ineffassign - - megacheck - - misspell - - revive - - unused - # TODO(gbelvin): write license linter and commit to upstream. - # ./scripts/check_license.sh is run by ./scripts/presubmit.sh - issues: # Don't turn off any checks by default. We can do this explicitly if needed. exclude-use-default: false diff --git a/vendor/github.com/google/trillian/BUILD.bazel b/vendor/github.com/google/trillian/BUILD.bazel deleted file mode 100644 index bbee3e0cb7..0000000000 --- a/vendor/github.com/google/trillian/BUILD.bazel +++ /dev/null @@ -1,55 +0,0 @@ -# This BUILD file contains Bazel build targets for clients of the Trillian API. -# Bazel can be obtained from www.bazel.build -# -# Even where Bazel is not being used by client builds, these targets provide -# a mechanism to determine which proto files are required for the API. For -# example, the following command will list the proto files required to use -# the Trillian Admin gRPC interface: -# -# bazel query --notool_deps --noimplicit_deps \ -# 'kind("source file", deps(:trillian_admin_api_proto))' -package(default_visibility = ["//visibility:public"]) - -# A proto library for the Trillian Admin gRPC API. -proto_library( - name = "trillian_admin_api_proto", - srcs = [ - "trillian_admin_api.proto", - ], - deps = [ - ":trillian_proto", - "@com_google_googleapis//google/api:annotations_proto", - "@com_google_googleapis//google/rpc:status_proto", - "@com_google_protobuf//:field_mask_proto", - ], -) - -# A proto library for the Trillian Log gRPC API. -proto_library( - name = "trillian_log_api_proto", - srcs = [ - "trillian_log_api.proto", - ], - deps = [ - ":trillian_proto", - "@com_google_googleapis//google/api:annotations_proto", - "@com_google_googleapis//google/rpc:status_proto", - "@com_google_protobuf//:api_proto", - "@com_google_protobuf//:timestamp_proto", - ], -) - -# Common proto definitions used within the Trillian gRPC APIs. -proto_library( - name = "trillian_proto", - srcs = [ - "crypto/keyspb/keyspb.proto", - "trillian.proto", - ], - deps = [ - "@com_google_protobuf//:any_proto", - "@com_google_protobuf//:api_proto", - "@com_google_protobuf//:duration_proto", - "@com_google_protobuf//:timestamp_proto", - ], -) diff --git a/vendor/github.com/google/trillian/CHANGELOG.md b/vendor/github.com/google/trillian/CHANGELOG.md index 7a072252d2..b7f2393d1a 100644 --- a/vendor/github.com/google/trillian/CHANGELOG.md +++ b/vendor/github.com/google/trillian/CHANGELOG.md @@ -2,6 +2,32 @@ ## HEAD +## v.1.5.2 + +* Recommended go version for development: 1.19 + * This is the version used by the cloudbuild presubmits. Using a + different version can lead to presubmits failing due to unexpected + diffs. + +### Storage + +#### CloudSpanner + +* Removed use of the `--cloudspanner_write_sessions` flag. + This was related to preparing some fraction of CloudSpanner sessionpool entries with + Read/Write transactions, however this functionality is no longer supported by the client + library. + +### Repo config +* Enable all lint checks in trillian repo by @mhutchinson in https://github.com/google/trillian/pull/2979 + +### Dependency updates + +* Bump contrib.go.opencensus.io/exporter/stackdriver from 0.13.12 to 0.13.14 by @samuelattwood in https://github.com/google/trillian/pull/2950 +* Bump Go version from 1.17 to 1.19. +* Updated golangci-lint to v1.51.1 (developers should update to this version) +* Update transparency-dev/merkle to v0.0.2 + ## v1.5.1 ### Storage @@ -10,6 +36,7 @@ with support provided by Equinix Metal. ### Misc + * Fix log server not exiting properly on SIGINT ### Dependency updates diff --git a/vendor/github.com/google/trillian/README.md b/vendor/github.com/google/trillian/README.md index 9ebb3a2dee..76f51fe951 100644 --- a/vendor/github.com/google/trillian/README.md +++ b/vendor/github.com/google/trillian/README.md @@ -73,7 +73,7 @@ The current state of feature implementation is recorded in the To build and test Trillian you need: - - Go 1.17 or later (go 1.17 matches cloudbuild, and is preferred for developers + - Go 1.19 or later (go 1.19 matches cloudbuild, and is preferred for developers that will be submitting PRs to this project). To run many of the tests (and production deployment) you need: @@ -193,7 +193,6 @@ go generate -x ./... # hunts for //go:generate comments and runs them The Trillian codebase uses go.mod to declare fixed versions of its dependencies. With Go modules, updating a dependency simply involves running `go get`: ``` -export GO111MODULE=on go get package/path # Fetch the latest published version go get package/path@X.Y.Z # Fetch a specific published version go get package/path@HEAD # Fetch the latest commit @@ -215,7 +214,7 @@ and tests over the codebase. #### Install [golangci-lint](https://github.com/golangci/golangci-lint#local-installation). ```bash -go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.47.3 +go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.1 ``` #### Run code generation, build, test and linters diff --git a/vendor/github.com/google/trillian/cloudbuild.yaml b/vendor/github.com/google/trillian/cloudbuild.yaml index b1ee8f780f..3e38dbed2a 100644 --- a/vendor/github.com/google/trillian/cloudbuild.yaml +++ b/vendor/github.com/google/trillian/cloudbuild.yaml @@ -11,7 +11,6 @@ options: - name: go-modules path: /go env: - - GO111MODULE=on - GOPATH=/go - GOLANG_PROTOBUF_REGISTRATION_CONFLICT=ignore # Temporary work-around v1.proto already registered error. - DOCKER_CLIENT_TIMEOUT=120 diff --git a/vendor/github.com/google/trillian/trillian.pb.go b/vendor/github.com/google/trillian/trillian.pb.go index 6855aca394..74d84d97e7 100644 --- a/vendor/github.com/google/trillian/trillian.pb.go +++ b/vendor/github.com/google/trillian/trillian.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.20.1 // source: trillian.proto @@ -172,11 +172,11 @@ const ( TreeState_FROZEN TreeState = 2 // Deprecated: now tracked in Tree.deleted. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in trillian.proto. TreeState_DEPRECATED_SOFT_DELETED TreeState = 3 // Deprecated: now tracked in Tree.deleted. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in trillian.proto. TreeState_DEPRECATED_HARD_DELETED TreeState = 4 // A tree that is draining will continue to integrate queued entries. // No new entries should be accepted. @@ -461,19 +461,21 @@ type SignedLogRoot struct { // in RFC5246 notation): // // enum { v1(1), (65535)} Version; - // struct { - // uint64 tree_size; - // opaque root_hash<0..128>; - // uint64 timestamp_nanos; - // uint64 revision; - // opaque metadata<0..65535>; - // } LogRootV1; - // struct { - // Version version; - // select(version) { - // case v1: LogRootV1; - // } - // } LogRoot; + // + // struct { + // uint64 tree_size; + // opaque root_hash<0..128>; + // uint64 timestamp_nanos; + // uint64 revision; + // opaque metadata<0..65535>; + // } LogRootV1; + // + // struct { + // Version version; + // select(version) { + // case v1: LogRootV1; + // } + // } LogRoot; // // A serialized v1 log root will therefore be laid out as: // diff --git a/vendor/github.com/google/trillian/trillian_admin_api.pb.go b/vendor/github.com/google/trillian/trillian_admin_api.pb.go index 2d97bbf1cb..a4123cdd49 100644 --- a/vendor/github.com/google/trillian/trillian_admin_api.pb.go +++ b/vendor/github.com/google/trillian/trillian_admin_api.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.20.1 // source: trillian_admin_api.proto diff --git a/vendor/github.com/google/trillian/trillian_admin_api_grpc.pb.go b/vendor/github.com/google/trillian/trillian_admin_api_grpc.pb.go index 6253c03093..d01ca0759d 100644 --- a/vendor/github.com/google/trillian/trillian_admin_api_grpc.pb.go +++ b/vendor/github.com/google/trillian/trillian_admin_api_grpc.pb.go @@ -1,6 +1,20 @@ +// Copyright 2016 Google LLC. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 +// - protoc-gen-go-grpc v1.3.0 // - protoc v3.20.1 // source: trillian_admin_api.proto @@ -18,6 +32,15 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + TrillianAdmin_ListTrees_FullMethodName = "/trillian.TrillianAdmin/ListTrees" + TrillianAdmin_GetTree_FullMethodName = "/trillian.TrillianAdmin/GetTree" + TrillianAdmin_CreateTree_FullMethodName = "/trillian.TrillianAdmin/CreateTree" + TrillianAdmin_UpdateTree_FullMethodName = "/trillian.TrillianAdmin/UpdateTree" + TrillianAdmin_DeleteTree_FullMethodName = "/trillian.TrillianAdmin/DeleteTree" + TrillianAdmin_UndeleteTree_FullMethodName = "/trillian.TrillianAdmin/UndeleteTree" +) + // TrillianAdminClient is the client API for TrillianAdmin service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -54,7 +77,7 @@ func NewTrillianAdminClient(cc grpc.ClientConnInterface) TrillianAdminClient { func (c *trillianAdminClient) ListTrees(ctx context.Context, in *ListTreesRequest, opts ...grpc.CallOption) (*ListTreesResponse, error) { out := new(ListTreesResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianAdmin/ListTrees", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianAdmin_ListTrees_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -63,7 +86,7 @@ func (c *trillianAdminClient) ListTrees(ctx context.Context, in *ListTreesReques func (c *trillianAdminClient) GetTree(ctx context.Context, in *GetTreeRequest, opts ...grpc.CallOption) (*Tree, error) { out := new(Tree) - err := c.cc.Invoke(ctx, "/trillian.TrillianAdmin/GetTree", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianAdmin_GetTree_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -72,7 +95,7 @@ func (c *trillianAdminClient) GetTree(ctx context.Context, in *GetTreeRequest, o func (c *trillianAdminClient) CreateTree(ctx context.Context, in *CreateTreeRequest, opts ...grpc.CallOption) (*Tree, error) { out := new(Tree) - err := c.cc.Invoke(ctx, "/trillian.TrillianAdmin/CreateTree", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianAdmin_CreateTree_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -81,7 +104,7 @@ func (c *trillianAdminClient) CreateTree(ctx context.Context, in *CreateTreeRequ func (c *trillianAdminClient) UpdateTree(ctx context.Context, in *UpdateTreeRequest, opts ...grpc.CallOption) (*Tree, error) { out := new(Tree) - err := c.cc.Invoke(ctx, "/trillian.TrillianAdmin/UpdateTree", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianAdmin_UpdateTree_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -90,7 +113,7 @@ func (c *trillianAdminClient) UpdateTree(ctx context.Context, in *UpdateTreeRequ func (c *trillianAdminClient) DeleteTree(ctx context.Context, in *DeleteTreeRequest, opts ...grpc.CallOption) (*Tree, error) { out := new(Tree) - err := c.cc.Invoke(ctx, "/trillian.TrillianAdmin/DeleteTree", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianAdmin_DeleteTree_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -99,7 +122,7 @@ func (c *trillianAdminClient) DeleteTree(ctx context.Context, in *DeleteTreeRequ func (c *trillianAdminClient) UndeleteTree(ctx context.Context, in *UndeleteTreeRequest, opts ...grpc.CallOption) (*Tree, error) { out := new(Tree) - err := c.cc.Invoke(ctx, "/trillian.TrillianAdmin/UndeleteTree", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianAdmin_UndeleteTree_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -176,7 +199,7 @@ func _TrillianAdmin_ListTrees_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianAdmin/ListTrees", + FullMethod: TrillianAdmin_ListTrees_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianAdminServer).ListTrees(ctx, req.(*ListTreesRequest)) @@ -194,7 +217,7 @@ func _TrillianAdmin_GetTree_Handler(srv interface{}, ctx context.Context, dec fu } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianAdmin/GetTree", + FullMethod: TrillianAdmin_GetTree_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianAdminServer).GetTree(ctx, req.(*GetTreeRequest)) @@ -212,7 +235,7 @@ func _TrillianAdmin_CreateTree_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianAdmin/CreateTree", + FullMethod: TrillianAdmin_CreateTree_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianAdminServer).CreateTree(ctx, req.(*CreateTreeRequest)) @@ -230,7 +253,7 @@ func _TrillianAdmin_UpdateTree_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianAdmin/UpdateTree", + FullMethod: TrillianAdmin_UpdateTree_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianAdminServer).UpdateTree(ctx, req.(*UpdateTreeRequest)) @@ -248,7 +271,7 @@ func _TrillianAdmin_DeleteTree_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianAdmin/DeleteTree", + FullMethod: TrillianAdmin_DeleteTree_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianAdminServer).DeleteTree(ctx, req.(*DeleteTreeRequest)) @@ -266,7 +289,7 @@ func _TrillianAdmin_UndeleteTree_Handler(srv interface{}, ctx context.Context, d } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianAdmin/UndeleteTree", + FullMethod: TrillianAdmin_UndeleteTree_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianAdminServer).UndeleteTree(ctx, req.(*UndeleteTreeRequest)) diff --git a/vendor/github.com/google/trillian/trillian_log_api.pb.go b/vendor/github.com/google/trillian/trillian_log_api.pb.go index 738e46e437..c8cb663f21 100644 --- a/vendor/github.com/google/trillian/trillian_log_api.pb.go +++ b/vendor/github.com/google/trillian/trillian_log_api.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.30.0 // protoc v3.20.1 // source: trillian_log_api.proto @@ -1225,17 +1225,17 @@ type QueuedLogLeaf struct { unknownFields protoimpl.UnknownFields // The leaf as it was stored by Trillian. Empty unless `status.code` is: - // - `google.rpc.OK`: the `leaf` data is the same as in the request. - // - `google.rpc.ALREADY_EXISTS` or 'google.rpc.FAILED_PRECONDITION`: the - // `leaf` is the conflicting one already in the log. + // - `google.rpc.OK`: the `leaf` data is the same as in the request. + // - `google.rpc.ALREADY_EXISTS` or 'google.rpc.FAILED_PRECONDITION`: the + // `leaf` is the conflicting one already in the log. Leaf *LogLeaf `protobuf:"bytes,1,opt,name=leaf,proto3" json:"leaf,omitempty"` // The status of adding the leaf. - // - `google.rpc.OK`: successfully added. - // - `google.rpc.ALREADY_EXISTS`: the leaf is a duplicate of an already - // existing one. Either `leaf_identity_hash` is the same in the `LOG` - // mode, or `leaf_index` in the `PREORDERED_LOG`. - // - `google.rpc.FAILED_PRECONDITION`: A conflicting entry is already - // present in the log, e.g., same `leaf_index` but different `leaf_data`. + // - `google.rpc.OK`: successfully added. + // - `google.rpc.ALREADY_EXISTS`: the leaf is a duplicate of an already + // existing one. Either `leaf_identity_hash` is the same in the `LOG` + // mode, or `leaf_index` in the `PREORDERED_LOG`. + // - `google.rpc.FAILED_PRECONDITION`: A conflicting entry is already + // present in the log, e.g., same `leaf_index` but different `leaf_data`. Status *status.Status `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` } @@ -1336,7 +1336,6 @@ type LogLeaf struct { // whereas the Merkle leaf hash encompasses both the certificate and its // submission time -- allowing duplicate certificates to be detected. // - // // Continuing the CT example, for a CT mirror personality (which must allow // dupes since the source log could contain them), the part of the // personality which fetches and submits the entries might set diff --git a/vendor/github.com/google/trillian/trillian_log_api_grpc.pb.go b/vendor/github.com/google/trillian/trillian_log_api_grpc.pb.go index 32e2ff8b39..679b9c525c 100644 --- a/vendor/github.com/google/trillian/trillian_log_api_grpc.pb.go +++ b/vendor/github.com/google/trillian/trillian_log_api_grpc.pb.go @@ -1,6 +1,20 @@ +// Copyright 2016 Google LLC. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.2.0 +// - protoc-gen-go-grpc v1.3.0 // - protoc v3.20.1 // source: trillian_log_api.proto @@ -18,6 +32,18 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 +const ( + TrillianLog_QueueLeaf_FullMethodName = "/trillian.TrillianLog/QueueLeaf" + TrillianLog_GetInclusionProof_FullMethodName = "/trillian.TrillianLog/GetInclusionProof" + TrillianLog_GetInclusionProofByHash_FullMethodName = "/trillian.TrillianLog/GetInclusionProofByHash" + TrillianLog_GetConsistencyProof_FullMethodName = "/trillian.TrillianLog/GetConsistencyProof" + TrillianLog_GetLatestSignedLogRoot_FullMethodName = "/trillian.TrillianLog/GetLatestSignedLogRoot" + TrillianLog_GetEntryAndProof_FullMethodName = "/trillian.TrillianLog/GetEntryAndProof" + TrillianLog_InitLog_FullMethodName = "/trillian.TrillianLog/InitLog" + TrillianLog_AddSequencedLeaves_FullMethodName = "/trillian.TrillianLog/AddSequencedLeaves" + TrillianLog_GetLeavesByRange_FullMethodName = "/trillian.TrillianLog/GetLeavesByRange" +) + // TrillianLogClient is the client API for TrillianLog service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -78,7 +104,7 @@ func NewTrillianLogClient(cc grpc.ClientConnInterface) TrillianLogClient { func (c *trillianLogClient) QueueLeaf(ctx context.Context, in *QueueLeafRequest, opts ...grpc.CallOption) (*QueueLeafResponse, error) { out := new(QueueLeafResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/QueueLeaf", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_QueueLeaf_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -87,7 +113,7 @@ func (c *trillianLogClient) QueueLeaf(ctx context.Context, in *QueueLeafRequest, func (c *trillianLogClient) GetInclusionProof(ctx context.Context, in *GetInclusionProofRequest, opts ...grpc.CallOption) (*GetInclusionProofResponse, error) { out := new(GetInclusionProofResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/GetInclusionProof", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_GetInclusionProof_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -96,7 +122,7 @@ func (c *trillianLogClient) GetInclusionProof(ctx context.Context, in *GetInclus func (c *trillianLogClient) GetInclusionProofByHash(ctx context.Context, in *GetInclusionProofByHashRequest, opts ...grpc.CallOption) (*GetInclusionProofByHashResponse, error) { out := new(GetInclusionProofByHashResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/GetInclusionProofByHash", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_GetInclusionProofByHash_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -105,7 +131,7 @@ func (c *trillianLogClient) GetInclusionProofByHash(ctx context.Context, in *Get func (c *trillianLogClient) GetConsistencyProof(ctx context.Context, in *GetConsistencyProofRequest, opts ...grpc.CallOption) (*GetConsistencyProofResponse, error) { out := new(GetConsistencyProofResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/GetConsistencyProof", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_GetConsistencyProof_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -114,7 +140,7 @@ func (c *trillianLogClient) GetConsistencyProof(ctx context.Context, in *GetCons func (c *trillianLogClient) GetLatestSignedLogRoot(ctx context.Context, in *GetLatestSignedLogRootRequest, opts ...grpc.CallOption) (*GetLatestSignedLogRootResponse, error) { out := new(GetLatestSignedLogRootResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/GetLatestSignedLogRoot", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_GetLatestSignedLogRoot_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -123,7 +149,7 @@ func (c *trillianLogClient) GetLatestSignedLogRoot(ctx context.Context, in *GetL func (c *trillianLogClient) GetEntryAndProof(ctx context.Context, in *GetEntryAndProofRequest, opts ...grpc.CallOption) (*GetEntryAndProofResponse, error) { out := new(GetEntryAndProofResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/GetEntryAndProof", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_GetEntryAndProof_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -132,7 +158,7 @@ func (c *trillianLogClient) GetEntryAndProof(ctx context.Context, in *GetEntryAn func (c *trillianLogClient) InitLog(ctx context.Context, in *InitLogRequest, opts ...grpc.CallOption) (*InitLogResponse, error) { out := new(InitLogResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/InitLog", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_InitLog_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -141,7 +167,7 @@ func (c *trillianLogClient) InitLog(ctx context.Context, in *InitLogRequest, opt func (c *trillianLogClient) AddSequencedLeaves(ctx context.Context, in *AddSequencedLeavesRequest, opts ...grpc.CallOption) (*AddSequencedLeavesResponse, error) { out := new(AddSequencedLeavesResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/AddSequencedLeaves", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_AddSequencedLeaves_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -150,7 +176,7 @@ func (c *trillianLogClient) AddSequencedLeaves(ctx context.Context, in *AddSeque func (c *trillianLogClient) GetLeavesByRange(ctx context.Context, in *GetLeavesByRangeRequest, opts ...grpc.CallOption) (*GetLeavesByRangeResponse, error) { out := new(GetLeavesByRangeResponse) - err := c.cc.Invoke(ctx, "/trillian.TrillianLog/GetLeavesByRange", in, out, opts...) + err := c.cc.Invoke(ctx, TrillianLog_GetLeavesByRange_FullMethodName, in, out, opts...) if err != nil { return nil, err } @@ -260,7 +286,7 @@ func _TrillianLog_QueueLeaf_Handler(srv interface{}, ctx context.Context, dec fu } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/QueueLeaf", + FullMethod: TrillianLog_QueueLeaf_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).QueueLeaf(ctx, req.(*QueueLeafRequest)) @@ -278,7 +304,7 @@ func _TrillianLog_GetInclusionProof_Handler(srv interface{}, ctx context.Context } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/GetInclusionProof", + FullMethod: TrillianLog_GetInclusionProof_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).GetInclusionProof(ctx, req.(*GetInclusionProofRequest)) @@ -296,7 +322,7 @@ func _TrillianLog_GetInclusionProofByHash_Handler(srv interface{}, ctx context.C } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/GetInclusionProofByHash", + FullMethod: TrillianLog_GetInclusionProofByHash_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).GetInclusionProofByHash(ctx, req.(*GetInclusionProofByHashRequest)) @@ -314,7 +340,7 @@ func _TrillianLog_GetConsistencyProof_Handler(srv interface{}, ctx context.Conte } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/GetConsistencyProof", + FullMethod: TrillianLog_GetConsistencyProof_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).GetConsistencyProof(ctx, req.(*GetConsistencyProofRequest)) @@ -332,7 +358,7 @@ func _TrillianLog_GetLatestSignedLogRoot_Handler(srv interface{}, ctx context.Co } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/GetLatestSignedLogRoot", + FullMethod: TrillianLog_GetLatestSignedLogRoot_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).GetLatestSignedLogRoot(ctx, req.(*GetLatestSignedLogRootRequest)) @@ -350,7 +376,7 @@ func _TrillianLog_GetEntryAndProof_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/GetEntryAndProof", + FullMethod: TrillianLog_GetEntryAndProof_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).GetEntryAndProof(ctx, req.(*GetEntryAndProofRequest)) @@ -368,7 +394,7 @@ func _TrillianLog_InitLog_Handler(srv interface{}, ctx context.Context, dec func } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/InitLog", + FullMethod: TrillianLog_InitLog_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).InitLog(ctx, req.(*InitLogRequest)) @@ -386,7 +412,7 @@ func _TrillianLog_AddSequencedLeaves_Handler(srv interface{}, ctx context.Contex } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/AddSequencedLeaves", + FullMethod: TrillianLog_AddSequencedLeaves_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).AddSequencedLeaves(ctx, req.(*AddSequencedLeavesRequest)) @@ -404,7 +430,7 @@ func _TrillianLog_GetLeavesByRange_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/trillian.TrillianLog/GetLeavesByRange", + FullMethod: TrillianLog_GetLeavesByRange_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TrillianLogServer).GetLeavesByRange(ctx, req.(*GetLeavesByRangeRequest)) diff --git a/vendor/github.com/jedisct1/go-minisign/.gitignore b/vendor/github.com/jedisct1/go-minisign/.gitignore new file mode 100644 index 0000000000..a1338d6851 --- /dev/null +++ b/vendor/github.com/jedisct1/go-minisign/.gitignore @@ -0,0 +1,14 @@ +# Binaries for programs and plugins +*.exe +*.dll +*.so +*.dylib + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736 +.glide/ diff --git a/vendor/github.com/jedisct1/go-minisign/LICENSE b/vendor/github.com/jedisct1/go-minisign/LICENSE new file mode 100644 index 0000000000..010ad6e7a4 --- /dev/null +++ b/vendor/github.com/jedisct1/go-minisign/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018-2021 Frank Denis + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/jedisct1/go-minisign/README.md b/vendor/github.com/jedisct1/go-minisign/README.md new file mode 100644 index 0000000000..bd33a8fa1b --- /dev/null +++ b/vendor/github.com/jedisct1/go-minisign/README.md @@ -0,0 +1,4 @@ +# go-minisign + +A Golang library to verify [Minisign](https://jedisct1.github.io/minisign/) signatures. + diff --git a/vendor/github.com/jedisct1/go-minisign/minisign.go b/vendor/github.com/jedisct1/go-minisign/minisign.go new file mode 100644 index 0000000000..3e79646abb --- /dev/null +++ b/vendor/github.com/jedisct1/go-minisign/minisign.go @@ -0,0 +1,133 @@ +package minisign + +import ( + "encoding/base64" + "errors" + "io/ioutil" + "strings" + + "golang.org/x/crypto/blake2b" + "golang.org/x/crypto/ed25519" +) + +type PublicKey struct { + SignatureAlgorithm [2]byte + KeyId [8]byte + PublicKey [32]byte +} + +type Signature struct { + UntrustedComment string + SignatureAlgorithm [2]byte + KeyId [8]byte + Signature [64]byte + TrustedComment string + GlobalSignature [64]byte +} + +func NewPublicKey(publicKeyStr string) (PublicKey, error) { + var publicKey PublicKey + bin, err := base64.StdEncoding.DecodeString(publicKeyStr) + if err != nil || len(bin) != 42 { + return publicKey, errors.New("Invalid encoded public key") + } + copy(publicKey.SignatureAlgorithm[:], bin[0:2]) + copy(publicKey.KeyId[:], bin[2:10]) + copy(publicKey.PublicKey[:], bin[10:42]) + return publicKey, nil +} + +func DecodePublicKey(in string) (PublicKey, error) { + var publicKey PublicKey + lines := strings.SplitN(in, "\n", 2) + if len(lines) < 2 { + return publicKey, errors.New("Incomplete encoded public key") + } + return NewPublicKey(lines[1]) +} + +func trimCarriageReturn(input string) string { + return strings.TrimRight(input, "\r") +} + +func DecodeSignature(in string) (Signature, error) { + var signature Signature + lines := strings.SplitN(in, "\n", 4) + if len(lines) < 4 { + return signature, errors.New("Incomplete encoded signature") + } + signature.UntrustedComment = trimCarriageReturn(lines[0]) + bin1, err := base64.StdEncoding.DecodeString(lines[1]) + if err != nil || len(bin1) != 74 { + return signature, errors.New("Invalid encoded signature") + } + signature.TrustedComment = trimCarriageReturn(lines[2]) + bin2, err := base64.StdEncoding.DecodeString(lines[3]) + if err != nil || len(bin2) != 64 { + return signature, errors.New("Invalid encoded signature") + } + copy(signature.SignatureAlgorithm[:], bin1[0:2]) + copy(signature.KeyId[:], bin1[2:10]) + copy(signature.Signature[:], bin1[10:74]) + copy(signature.GlobalSignature[:], bin2) + return signature, nil +} + +func NewPublicKeyFromFile(file string) (PublicKey, error) { + var publicKey PublicKey + bin, err := ioutil.ReadFile(file) + if err != nil { + return publicKey, err + } + return DecodePublicKey(string(bin)) +} + +func NewSignatureFromFile(file string) (Signature, error) { + var signature Signature + bin, err := ioutil.ReadFile(file) + if err != nil { + return signature, err + } + return DecodeSignature(string(bin)) +} + +func (publicKey *PublicKey) Verify(bin []byte, signature Signature) (bool, error) { + if publicKey.SignatureAlgorithm != [2]byte{'E', 'd'} { + return false, errors.New("Incompatible signature algorithm") + } + prehashed := false + if signature.SignatureAlgorithm[0] == 0x45 && signature.SignatureAlgorithm[1] == 0x64 { + prehashed = false + } else if signature.SignatureAlgorithm[0] == 0x45 && signature.SignatureAlgorithm[1] == 0x44 { + prehashed = true + } else { + return false, errors.New("Unsupported signature algorithm") + } + if publicKey.KeyId != signature.KeyId { + return false, errors.New("Incompatible key identifiers") + } + if !strings.HasPrefix(signature.TrustedComment, "trusted comment: ") { + return false, errors.New("Unexpected format for the trusted comment") + } + + if prehashed { + h, _ := blake2b.New512(nil) + h.Write(bin) + bin = h.Sum(nil) + } + if !ed25519.Verify(ed25519.PublicKey(publicKey.PublicKey[:]), bin, signature.Signature[:]) { + return false, errors.New("Invalid signature") + } + if !ed25519.Verify(ed25519.PublicKey(publicKey.PublicKey[:]), append(signature.Signature[:], []byte(signature.TrustedComment)[17:]...), signature.GlobalSignature[:]) { + return false, errors.New("Invalid global signature") + } + return true, nil +} + +func (publicKey *PublicKey) VerifyFromFile(file string, signature Signature) (bool, error) { + bin, err := ioutil.ReadFile(file) + if err != nil { + return false, err + } + return publicKey.Verify(bin, signature) +} diff --git a/vendor/github.com/leodido/go-urn/.gitignore b/vendor/github.com/leodido/go-urn/.gitignore new file mode 100644 index 0000000000..89d4bc55dc --- /dev/null +++ b/vendor/github.com/leodido/go-urn/.gitignore @@ -0,0 +1,12 @@ +*.exe +*.dll +*.so +*.dylib + +*.test + +*.out +*.txt + +vendor/ +/removecomments \ No newline at end of file diff --git a/vendor/github.com/leodido/go-urn/LICENSE b/vendor/github.com/leodido/go-urn/LICENSE new file mode 100644 index 0000000000..8c3504a5a9 --- /dev/null +++ b/vendor/github.com/leodido/go-urn/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 Leonardo Di Donato + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/leodido/go-urn/README.md b/vendor/github.com/leodido/go-urn/README.md new file mode 100644 index 0000000000..731eecbb5f --- /dev/null +++ b/vendor/github.com/leodido/go-urn/README.md @@ -0,0 +1,81 @@ +[![Build](https://img.shields.io/circleci/build/github/leodido/go-urn?style=for-the-badge)](https://app.circleci.com/pipelines/github/leodido/go-urn) [![Coverage](https://img.shields.io/codecov/c/github/leodido/go-urn.svg?style=for-the-badge)](https://codecov.io/gh/leodido/go-urn) [![Documentation](https://img.shields.io/badge/godoc-reference-blue.svg?style=for-the-badge)](https://godoc.org/github.com/leodido/go-urn) + +**A parser for URNs**. + +> As seen on [RFC 2141](https://tools.ietf.org/html/rfc2141#ref-1). + +[API documentation](https://godoc.org/github.com/leodido/go-urn). + +## Installation + +``` +go get github.com/leodido/go-urn +``` + +## Performances + +This implementation results to be really fast. + +Usually below ½ microsecond on my machine[1](#mymachine). + +Notice it also performs, while parsing: + +1. fine-grained and informative erroring +2. specific-string normalization + +``` +ok/00/urn:a:b______________________________________/-4 20000000 265 ns/op 182 B/op 6 allocs/op +ok/01/URN:foo:a123,456_____________________________/-4 30000000 296 ns/op 200 B/op 6 allocs/op +ok/02/urn:foo:a123%2c456___________________________/-4 20000000 331 ns/op 208 B/op 6 allocs/op +ok/03/urn:ietf:params:scim:schemas:core:2.0:User___/-4 20000000 430 ns/op 280 B/op 6 allocs/op +ok/04/urn:ietf:params:scim:schemas:extension:enterp/-4 20000000 411 ns/op 312 B/op 6 allocs/op +ok/05/urn:ietf:params:scim:schemas:extension:enterp/-4 20000000 472 ns/op 344 B/op 6 allocs/op +ok/06/urn:burnout:nss______________________________/-4 30000000 257 ns/op 192 B/op 6 allocs/op +ok/07/urn:abcdefghilmnopqrstuvzabcdefghilm:x_______/-4 20000000 375 ns/op 213 B/op 6 allocs/op +ok/08/urn:urnurnurn:urn____________________________/-4 30000000 265 ns/op 197 B/op 6 allocs/op +ok/09/urn:ciao:@!=%2c(xyz)+a,b.*@g=$_'_____________/-4 20000000 307 ns/op 248 B/op 6 allocs/op +ok/10/URN:x:abc%1dz%2f%3az_________________________/-4 30000000 259 ns/op 212 B/op 6 allocs/op +no/11/URN:-xxx:x___________________________________/-4 20000000 445 ns/op 320 B/op 6 allocs/op +no/12/urn::colon:nss_______________________________/-4 20000000 461 ns/op 320 B/op 6 allocs/op +no/13/urn:abcdefghilmnopqrstuvzabcdefghilmn:specifi/-4 10000000 660 ns/op 320 B/op 6 allocs/op +no/14/URN:a!?:x____________________________________/-4 20000000 507 ns/op 320 B/op 6 allocs/op +no/15/urn:urn:NSS__________________________________/-4 20000000 429 ns/op 288 B/op 6 allocs/op +no/16/urn:white_space:NSS__________________________/-4 20000000 482 ns/op 320 B/op 6 allocs/op +no/17/urn:concat:no_spaces_________________________/-4 20000000 539 ns/op 328 B/op 7 allocs/op +no/18/urn:a:/______________________________________/-4 20000000 470 ns/op 320 B/op 7 allocs/op +no/19/urn:UrN:NSS__________________________________/-4 20000000 399 ns/op 288 B/op 6 allocs/op +``` + +--- + +* [1]: Intel Core i7-7600U CPU @ 2.80GHz + +--- + +## Example +```go +package main + +import ( + "fmt" + "github.com/leodido/go-urn" +) + +func main() { + var uid = "URN:foo:a123,456" + + u, ok := urn.Parse([]byte(uid)) + if !ok { + panic("error parsing urn") + } + + fmt.Println(u.ID) + fmt.Println(u.SS) + + // Output: + // foo + // a123,456 +} +``` + +[![Analytics](https://ga-beacon.appspot.com/UA-49657176-1/go-urn?flat)](https://github.com/igrigorik/ga-beacon) \ No newline at end of file diff --git a/vendor/github.com/leodido/go-urn/machine.go b/vendor/github.com/leodido/go-urn/machine.go new file mode 100644 index 0000000000..f8d57b412d --- /dev/null +++ b/vendor/github.com/leodido/go-urn/machine.go @@ -0,0 +1,1688 @@ +package urn + +import ( + "fmt" +) + +var ( + errPrefix = "expecting the prefix to be the \"urn\" string (whatever case) [col %d]" + errIdentifier = "expecting the identifier to be string (1..31 alnum chars, also containing dashes but not at its start) [col %d]" + errSpecificString = "expecting the specific string to be a string containing alnum, hex, or others ([()+,-.:=@;$_!*']) chars [col %d]" + errNoUrnWithinID = "expecting the identifier to not contain the \"urn\" reserved string [col %d]" + errHex = "expecting the specific string hex chars to be well-formed (%%alnum{2}) [col %d]" + errParse = "parsing error [col %d]" +) + +const start int = 1 +const firstFinal int = 44 + +const enFail int = 46 +const enMain int = 1 + +// Machine is the interface representing the FSM +type Machine interface { + Error() error + Parse(input []byte) (*URN, error) +} + +type machine struct { + data []byte + cs int + p, pe, eof, pb int + err error + tolower []int +} + +// NewMachine creates a new FSM able to parse RFC 2141 strings. +func NewMachine() Machine { + m := &machine{} + + return m +} + +// Err returns the error that occurred on the last call to Parse. +// +// If the result is nil, then the line was parsed successfully. +func (m *machine) Error() error { + return m.err +} + +func (m *machine) text() []byte { + return m.data[m.pb:m.p] +} + +// Parse parses the input byte array as a RFC 2141 string. +func (m *machine) Parse(input []byte) (*URN, error) { + m.data = input + m.p = 0 + m.pb = 0 + m.pe = len(input) + m.eof = len(input) + m.err = nil + m.tolower = []int{} + output := &URN{} + { + m.cs = start + } + { + if (m.p) == (m.pe) { + goto _testEof + } + switch m.cs { + case 1: + goto stCase1 + case 0: + goto stCase0 + case 2: + goto stCase2 + case 3: + goto stCase3 + case 4: + goto stCase4 + case 5: + goto stCase5 + case 6: + goto stCase6 + case 7: + goto stCase7 + case 8: + goto stCase8 + case 9: + goto stCase9 + case 10: + goto stCase10 + case 11: + goto stCase11 + case 12: + goto stCase12 + case 13: + goto stCase13 + case 14: + goto stCase14 + case 15: + goto stCase15 + case 16: + goto stCase16 + case 17: + goto stCase17 + case 18: + goto stCase18 + case 19: + goto stCase19 + case 20: + goto stCase20 + case 21: + goto stCase21 + case 22: + goto stCase22 + case 23: + goto stCase23 + case 24: + goto stCase24 + case 25: + goto stCase25 + case 26: + goto stCase26 + case 27: + goto stCase27 + case 28: + goto stCase28 + case 29: + goto stCase29 + case 30: + goto stCase30 + case 31: + goto stCase31 + case 32: + goto stCase32 + case 33: + goto stCase33 + case 34: + goto stCase34 + case 35: + goto stCase35 + case 36: + goto stCase36 + case 37: + goto stCase37 + case 38: + goto stCase38 + case 44: + goto stCase44 + case 39: + goto stCase39 + case 40: + goto stCase40 + case 45: + goto stCase45 + case 41: + goto stCase41 + case 42: + goto stCase42 + case 43: + goto stCase43 + case 46: + goto stCase46 + } + goto stOut + stCase1: + switch (m.data)[(m.p)] { + case 85: + goto tr1 + case 117: + goto tr1 + } + goto tr0 + tr0: + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + goto st0 + tr3: + + m.err = fmt.Errorf(errPrefix, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + goto st0 + tr6: + + m.err = fmt.Errorf(errIdentifier, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + goto st0 + tr41: + + m.err = fmt.Errorf(errSpecificString, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + goto st0 + tr44: + + m.err = fmt.Errorf(errHex, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errSpecificString, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + goto st0 + tr50: + + m.err = fmt.Errorf(errPrefix, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errIdentifier, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + goto st0 + tr52: + + m.err = fmt.Errorf(errNoUrnWithinID, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errIdentifier, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + goto st0 + stCase0: + st0: + m.cs = 0 + goto _out + tr1: + + m.pb = m.p + + goto st2 + st2: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof2 + } + stCase2: + switch (m.data)[(m.p)] { + case 82: + goto st3 + case 114: + goto st3 + } + goto tr0 + st3: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof3 + } + stCase3: + switch (m.data)[(m.p)] { + case 78: + goto st4 + case 110: + goto st4 + } + goto tr3 + st4: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof4 + } + stCase4: + if (m.data)[(m.p)] == 58 { + goto tr5 + } + goto tr0 + tr5: + + output.prefix = string(m.text()) + + goto st5 + st5: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof5 + } + stCase5: + switch (m.data)[(m.p)] { + case 85: + goto tr8 + case 117: + goto tr8 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto tr7 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto tr7 + } + default: + goto tr7 + } + goto tr6 + tr7: + + m.pb = m.p + + goto st6 + st6: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof6 + } + stCase6: + switch (m.data)[(m.p)] { + case 45: + goto st7 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st7 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st7 + } + default: + goto st7 + } + goto tr6 + st7: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof7 + } + stCase7: + switch (m.data)[(m.p)] { + case 45: + goto st8 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st8 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st8 + } + default: + goto st8 + } + goto tr6 + st8: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof8 + } + stCase8: + switch (m.data)[(m.p)] { + case 45: + goto st9 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st9 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st9 + } + default: + goto st9 + } + goto tr6 + st9: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof9 + } + stCase9: + switch (m.data)[(m.p)] { + case 45: + goto st10 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st10 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st10 + } + default: + goto st10 + } + goto tr6 + st10: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof10 + } + stCase10: + switch (m.data)[(m.p)] { + case 45: + goto st11 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st11 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st11 + } + default: + goto st11 + } + goto tr6 + st11: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof11 + } + stCase11: + switch (m.data)[(m.p)] { + case 45: + goto st12 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st12 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st12 + } + default: + goto st12 + } + goto tr6 + st12: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof12 + } + stCase12: + switch (m.data)[(m.p)] { + case 45: + goto st13 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st13 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st13 + } + default: + goto st13 + } + goto tr6 + st13: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof13 + } + stCase13: + switch (m.data)[(m.p)] { + case 45: + goto st14 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st14 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st14 + } + default: + goto st14 + } + goto tr6 + st14: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof14 + } + stCase14: + switch (m.data)[(m.p)] { + case 45: + goto st15 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st15 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st15 + } + default: + goto st15 + } + goto tr6 + st15: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof15 + } + stCase15: + switch (m.data)[(m.p)] { + case 45: + goto st16 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st16 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st16 + } + default: + goto st16 + } + goto tr6 + st16: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof16 + } + stCase16: + switch (m.data)[(m.p)] { + case 45: + goto st17 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st17 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st17 + } + default: + goto st17 + } + goto tr6 + st17: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof17 + } + stCase17: + switch (m.data)[(m.p)] { + case 45: + goto st18 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st18 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st18 + } + default: + goto st18 + } + goto tr6 + st18: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof18 + } + stCase18: + switch (m.data)[(m.p)] { + case 45: + goto st19 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st19 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st19 + } + default: + goto st19 + } + goto tr6 + st19: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof19 + } + stCase19: + switch (m.data)[(m.p)] { + case 45: + goto st20 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st20 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st20 + } + default: + goto st20 + } + goto tr6 + st20: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof20 + } + stCase20: + switch (m.data)[(m.p)] { + case 45: + goto st21 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st21 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st21 + } + default: + goto st21 + } + goto tr6 + st21: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof21 + } + stCase21: + switch (m.data)[(m.p)] { + case 45: + goto st22 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st22 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st22 + } + default: + goto st22 + } + goto tr6 + st22: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof22 + } + stCase22: + switch (m.data)[(m.p)] { + case 45: + goto st23 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st23 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st23 + } + default: + goto st23 + } + goto tr6 + st23: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof23 + } + stCase23: + switch (m.data)[(m.p)] { + case 45: + goto st24 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st24 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st24 + } + default: + goto st24 + } + goto tr6 + st24: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof24 + } + stCase24: + switch (m.data)[(m.p)] { + case 45: + goto st25 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st25 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st25 + } + default: + goto st25 + } + goto tr6 + st25: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof25 + } + stCase25: + switch (m.data)[(m.p)] { + case 45: + goto st26 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st26 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st26 + } + default: + goto st26 + } + goto tr6 + st26: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof26 + } + stCase26: + switch (m.data)[(m.p)] { + case 45: + goto st27 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st27 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st27 + } + default: + goto st27 + } + goto tr6 + st27: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof27 + } + stCase27: + switch (m.data)[(m.p)] { + case 45: + goto st28 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st28 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st28 + } + default: + goto st28 + } + goto tr6 + st28: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof28 + } + stCase28: + switch (m.data)[(m.p)] { + case 45: + goto st29 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st29 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st29 + } + default: + goto st29 + } + goto tr6 + st29: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof29 + } + stCase29: + switch (m.data)[(m.p)] { + case 45: + goto st30 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st30 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st30 + } + default: + goto st30 + } + goto tr6 + st30: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof30 + } + stCase30: + switch (m.data)[(m.p)] { + case 45: + goto st31 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st31 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st31 + } + default: + goto st31 + } + goto tr6 + st31: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof31 + } + stCase31: + switch (m.data)[(m.p)] { + case 45: + goto st32 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st32 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st32 + } + default: + goto st32 + } + goto tr6 + st32: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof32 + } + stCase32: + switch (m.data)[(m.p)] { + case 45: + goto st33 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st33 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st33 + } + default: + goto st33 + } + goto tr6 + st33: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof33 + } + stCase33: + switch (m.data)[(m.p)] { + case 45: + goto st34 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st34 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st34 + } + default: + goto st34 + } + goto tr6 + st34: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof34 + } + stCase34: + switch (m.data)[(m.p)] { + case 45: + goto st35 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st35 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st35 + } + default: + goto st35 + } + goto tr6 + st35: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof35 + } + stCase35: + switch (m.data)[(m.p)] { + case 45: + goto st36 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st36 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st36 + } + default: + goto st36 + } + goto tr6 + st36: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof36 + } + stCase36: + switch (m.data)[(m.p)] { + case 45: + goto st37 + case 58: + goto tr10 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st37 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st37 + } + default: + goto st37 + } + goto tr6 + st37: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof37 + } + stCase37: + if (m.data)[(m.p)] == 58 { + goto tr10 + } + goto tr6 + tr10: + + output.ID = string(m.text()) + + goto st38 + st38: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof38 + } + stCase38: + switch (m.data)[(m.p)] { + case 33: + goto tr42 + case 36: + goto tr42 + case 37: + goto tr43 + case 61: + goto tr42 + case 95: + goto tr42 + } + switch { + case (m.data)[(m.p)] < 48: + if 39 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 46 { + goto tr42 + } + case (m.data)[(m.p)] > 59: + switch { + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto tr42 + } + case (m.data)[(m.p)] >= 64: + goto tr42 + } + default: + goto tr42 + } + goto tr41 + tr42: + + m.pb = m.p + + goto st44 + st44: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof44 + } + stCase44: + switch (m.data)[(m.p)] { + case 33: + goto st44 + case 36: + goto st44 + case 37: + goto st39 + case 61: + goto st44 + case 95: + goto st44 + } + switch { + case (m.data)[(m.p)] < 48: + if 39 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 46 { + goto st44 + } + case (m.data)[(m.p)] > 59: + switch { + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st44 + } + case (m.data)[(m.p)] >= 64: + goto st44 + } + default: + goto st44 + } + goto tr41 + tr43: + + m.pb = m.p + + goto st39 + st39: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof39 + } + stCase39: + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st40 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st40 + } + default: + goto tr46 + } + goto tr44 + tr46: + + m.tolower = append(m.tolower, m.p-m.pb) + + goto st40 + st40: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof40 + } + stCase40: + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st45 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st45 + } + default: + goto tr48 + } + goto tr44 + tr48: + + m.tolower = append(m.tolower, m.p-m.pb) + + goto st45 + st45: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof45 + } + stCase45: + switch (m.data)[(m.p)] { + case 33: + goto st44 + case 36: + goto st44 + case 37: + goto st39 + case 61: + goto st44 + case 95: + goto st44 + } + switch { + case (m.data)[(m.p)] < 48: + if 39 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 46 { + goto st44 + } + case (m.data)[(m.p)] > 59: + switch { + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st44 + } + case (m.data)[(m.p)] >= 64: + goto st44 + } + default: + goto st44 + } + goto tr44 + tr8: + + m.pb = m.p + + goto st41 + st41: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof41 + } + stCase41: + switch (m.data)[(m.p)] { + case 45: + goto st7 + case 58: + goto tr10 + case 82: + goto st42 + case 114: + goto st42 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st7 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st7 + } + default: + goto st7 + } + goto tr6 + st42: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof42 + } + stCase42: + switch (m.data)[(m.p)] { + case 45: + goto st8 + case 58: + goto tr10 + case 78: + goto st43 + case 110: + goto st43 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st8 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st8 + } + default: + goto st8 + } + goto tr50 + st43: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof43 + } + stCase43: + if (m.data)[(m.p)] == 45 { + goto st9 + } + switch { + case (m.data)[(m.p)] < 65: + if 48 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 57 { + goto st9 + } + case (m.data)[(m.p)] > 90: + if 97 <= (m.data)[(m.p)] && (m.data)[(m.p)] <= 122 { + goto st9 + } + default: + goto st9 + } + goto tr52 + st46: + if (m.p)++; (m.p) == (m.pe) { + goto _testEof46 + } + stCase46: + switch (m.data)[(m.p)] { + case 10: + goto st0 + case 13: + goto st0 + } + goto st46 + stOut: + _testEof2: + m.cs = 2 + goto _testEof + _testEof3: + m.cs = 3 + goto _testEof + _testEof4: + m.cs = 4 + goto _testEof + _testEof5: + m.cs = 5 + goto _testEof + _testEof6: + m.cs = 6 + goto _testEof + _testEof7: + m.cs = 7 + goto _testEof + _testEof8: + m.cs = 8 + goto _testEof + _testEof9: + m.cs = 9 + goto _testEof + _testEof10: + m.cs = 10 + goto _testEof + _testEof11: + m.cs = 11 + goto _testEof + _testEof12: + m.cs = 12 + goto _testEof + _testEof13: + m.cs = 13 + goto _testEof + _testEof14: + m.cs = 14 + goto _testEof + _testEof15: + m.cs = 15 + goto _testEof + _testEof16: + m.cs = 16 + goto _testEof + _testEof17: + m.cs = 17 + goto _testEof + _testEof18: + m.cs = 18 + goto _testEof + _testEof19: + m.cs = 19 + goto _testEof + _testEof20: + m.cs = 20 + goto _testEof + _testEof21: + m.cs = 21 + goto _testEof + _testEof22: + m.cs = 22 + goto _testEof + _testEof23: + m.cs = 23 + goto _testEof + _testEof24: + m.cs = 24 + goto _testEof + _testEof25: + m.cs = 25 + goto _testEof + _testEof26: + m.cs = 26 + goto _testEof + _testEof27: + m.cs = 27 + goto _testEof + _testEof28: + m.cs = 28 + goto _testEof + _testEof29: + m.cs = 29 + goto _testEof + _testEof30: + m.cs = 30 + goto _testEof + _testEof31: + m.cs = 31 + goto _testEof + _testEof32: + m.cs = 32 + goto _testEof + _testEof33: + m.cs = 33 + goto _testEof + _testEof34: + m.cs = 34 + goto _testEof + _testEof35: + m.cs = 35 + goto _testEof + _testEof36: + m.cs = 36 + goto _testEof + _testEof37: + m.cs = 37 + goto _testEof + _testEof38: + m.cs = 38 + goto _testEof + _testEof44: + m.cs = 44 + goto _testEof + _testEof39: + m.cs = 39 + goto _testEof + _testEof40: + m.cs = 40 + goto _testEof + _testEof45: + m.cs = 45 + goto _testEof + _testEof41: + m.cs = 41 + goto _testEof + _testEof42: + m.cs = 42 + goto _testEof + _testEof43: + m.cs = 43 + goto _testEof + _testEof46: + m.cs = 46 + goto _testEof + + _testEof: + { + } + if (m.p) == (m.eof) { + switch m.cs { + case 44, 45: + + raw := m.text() + output.SS = string(raw) + // Iterate upper letters lowering them + for _, i := range m.tolower { + raw[i] = raw[i] + 32 + } + output.norm = string(raw) + + case 1, 2, 4: + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + case 3: + + m.err = fmt.Errorf(errPrefix, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + case 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 41: + + m.err = fmt.Errorf(errIdentifier, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + case 38: + + m.err = fmt.Errorf(errSpecificString, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + case 42: + + m.err = fmt.Errorf(errPrefix, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errIdentifier, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + case 43: + + m.err = fmt.Errorf(errNoUrnWithinID, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errIdentifier, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + + case 39, 40: + + m.err = fmt.Errorf(errHex, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errSpecificString, m.p) + (m.p)-- + + { + goto st46 + } + + m.err = fmt.Errorf(errParse, m.p) + (m.p)-- + + { + goto st46 + } + } + } + + _out: + { + } + } + + if m.cs < firstFinal || m.cs == enFail { + return nil, m.err + } + + return output, nil +} diff --git a/vendor/github.com/leodido/go-urn/machine.go.rl b/vendor/github.com/leodido/go-urn/machine.go.rl new file mode 100644 index 0000000000..3bc05a651a --- /dev/null +++ b/vendor/github.com/leodido/go-urn/machine.go.rl @@ -0,0 +1,159 @@ +package urn + +import ( + "fmt" +) + +var ( + errPrefix = "expecting the prefix to be the \"urn\" string (whatever case) [col %d]" + errIdentifier = "expecting the identifier to be string (1..31 alnum chars, also containing dashes but not at its start) [col %d]" + errSpecificString = "expecting the specific string to be a string containing alnum, hex, or others ([()+,-.:=@;$_!*']) chars [col %d]" + errNoUrnWithinID = "expecting the identifier to not contain the \"urn\" reserved string [col %d]" + errHex = "expecting the specific string hex chars to be well-formed (%%alnum{2}) [col %d]" + errParse = "parsing error [col %d]" +) + +%%{ +machine urn; + +# unsigned alphabet +alphtype uint8; + +action mark { + m.pb = m.p +} + +action tolower { + m.tolower = append(m.tolower, m.p - m.pb) +} + +action set_pre { + output.prefix = string(m.text()) +} + +action set_nid { + output.ID = string(m.text()) +} + +action set_nss { + raw := m.text() + output.SS = string(raw) + // Iterate upper letters lowering them + for _, i := range m.tolower { + raw[i] = raw[i] + 32 + } + output.norm = string(raw) +} + +action err_pre { + m.err = fmt.Errorf(errPrefix, m.p) + fhold; + fgoto fail; +} + +action err_nid { + m.err = fmt.Errorf(errIdentifier, m.p) + fhold; + fgoto fail; +} + +action err_nss { + m.err = fmt.Errorf(errSpecificString, m.p) + fhold; + fgoto fail; +} + +action err_urn { + m.err = fmt.Errorf(errNoUrnWithinID, m.p) + fhold; + fgoto fail; +} + +action err_hex { + m.err = fmt.Errorf(errHex, m.p) + fhold; + fgoto fail; +} + +action err_parse { + m.err = fmt.Errorf(errParse, m.p) + fhold; + fgoto fail; +} + +pre = ([uU][rR][nN] @err(err_pre)) >mark %set_pre; + +nid = (alnum >mark (alnum | '-'){0,31}) %set_nid; + +hex = '%' (digit | lower | upper >tolower){2} $err(err_hex); + +sss = (alnum | [()+,\-.:=@;$_!*']); + +nss = (sss | hex)+ $err(err_nss); + +fail := (any - [\n\r])* @err{ fgoto main; }; + +main := (pre ':' (nid - pre %err(err_urn)) $err(err_nid) ':' nss >mark %set_nss) $err(err_parse); + +}%% + +%% write data noerror noprefix; + +// Machine is the interface representing the FSM +type Machine interface { + Error() error + Parse(input []byte) (*URN, error) +} + +type machine struct { + data []byte + cs int + p, pe, eof, pb int + err error + tolower []int +} + +// NewMachine creates a new FSM able to parse RFC 2141 strings. +func NewMachine() Machine { + m := &machine{} + + %% access m.; + %% variable p m.p; + %% variable pe m.pe; + %% variable eof m.eof; + %% variable data m.data; + + return m +} + +// Err returns the error that occurred on the last call to Parse. +// +// If the result is nil, then the line was parsed successfully. +func (m *machine) Error() error { + return m.err +} + +func (m *machine) text() []byte { + return m.data[m.pb:m.p] +} + +// Parse parses the input byte array as a RFC 2141 string. +func (m *machine) Parse(input []byte) (*URN, error) { + m.data = input + m.p = 0 + m.pb = 0 + m.pe = len(input) + m.eof = len(input) + m.err = nil + m.tolower = []int{} + output := &URN{} + + %% write init; + %% write exec; + + if m.cs < first_final || m.cs == en_fail { + return nil, m.err + } + + return output, nil +} diff --git a/vendor/github.com/leodido/go-urn/makefile b/vendor/github.com/leodido/go-urn/makefile new file mode 100644 index 0000000000..df87cdc6d2 --- /dev/null +++ b/vendor/github.com/leodido/go-urn/makefile @@ -0,0 +1,53 @@ +SHELL := /bin/bash +RAGEL := ragel +GOFMT := go fmt + +export GO_TEST=env GOTRACEBACK=all go test $(GO_ARGS) + +.PHONY: build +build: machine.go + +.PHONY: clean +clean: + @rm -rf docs + @rm -f machine.go + +.PHONY: images +images: docs/urn.png + +.PHONY: removecomments +removecomments: + @cd ./tools/removecomments; go build -o ../../removecomments . + +machine.go: machine.go.rl + +machine.go: removecomments + +machine.go: + $(RAGEL) -Z -G2 -e -o $@ $< + @./removecomments $@ + $(MAKE) -s file=$@ snake2camel + $(GOFMT) $@ + +docs/urn.dot: machine.go.rl + @mkdir -p docs + $(RAGEL) -Z -e -Vp $< -o $@ + +docs/urn.png: docs/urn.dot + dot $< -Tpng -o $@ + +.PHONY: bench +bench: *_test.go machine.go + go test -bench=. -benchmem -benchtime=5s ./... + +.PHONY: tests +tests: *_test.go + $(GO_TEST) ./... + +.PHONY: snake2camel +snake2camel: + @awk -i inplace '{ \ + while ( match($$0, /(.*)([a-z]+[0-9]*)_([a-zA-Z0-9])(.*)/, cap) ) \ + $$0 = cap[1] cap[2] toupper(cap[3]) cap[4]; \ + print \ + }' $(file) diff --git a/vendor/github.com/leodido/go-urn/urn.go b/vendor/github.com/leodido/go-urn/urn.go new file mode 100644 index 0000000000..d51a6c915b --- /dev/null +++ b/vendor/github.com/leodido/go-urn/urn.go @@ -0,0 +1,86 @@ +package urn + +import ( + "encoding/json" + "fmt" + "strings" +) + +const errInvalidURN = "invalid URN: %s" + +// URN represents an Uniform Resource Name. +// +// The general form represented is: +// +// urn:: +// +// Details at https://tools.ietf.org/html/rfc2141. +type URN struct { + prefix string // Static prefix. Equal to "urn" when empty. + ID string // Namespace identifier + SS string // Namespace specific string + norm string // Normalized namespace specific string +} + +// Normalize turns the receiving URN into its norm version. +// +// Which means: lowercase prefix, lowercase namespace identifier, and immutate namespace specific string chars (except tokens which are lowercased). +func (u *URN) Normalize() *URN { + return &URN{ + prefix: "urn", + ID: strings.ToLower(u.ID), + SS: u.norm, + } +} + +// Equal checks the lexical equivalence of the current URN with another one. +func (u *URN) Equal(x *URN) bool { + return *u.Normalize() == *x.Normalize() +} + +// String reassembles the URN into a valid URN string. +// +// This requires both ID and SS fields to be non-empty. +// Otherwise it returns an empty string. +// +// Default URN prefix is "urn". +func (u *URN) String() string { + var res string + if u.ID != "" && u.SS != "" { + if u.prefix == "" { + res += "urn" + } + res += u.prefix + ":" + u.ID + ":" + u.SS + } + + return res +} + +// Parse is responsible to create an URN instance from a byte array matching the correct URN syntax. +func Parse(u []byte) (*URN, bool) { + urn, err := NewMachine().Parse(u) + if err != nil { + return nil, false + } + + return urn, true +} + +// MarshalJSON marshals the URN to JSON string form (e.g. `"urn:oid:1.2.3.4"`). +func (u URN) MarshalJSON() ([]byte, error) { + return json.Marshal(u.String()) +} + +// MarshalJSON unmarshals a URN from JSON string form (e.g. `"urn:oid:1.2.3.4"`). +func (u *URN) UnmarshalJSON(bytes []byte) error { + var str string + if err := json.Unmarshal(bytes, &str); err != nil { + return err + } + if value, ok := Parse([]byte(str)); !ok { + return fmt.Errorf(errInvalidURN, str) + } else { + *u = *value + } + return nil +} \ No newline at end of file diff --git a/vendor/github.com/sassoftware/relic/LICENSE b/vendor/github.com/sassoftware/relic/LICENSE new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/sassoftware/relic/lib/pkcs7/attributes.go b/vendor/github.com/sassoftware/relic/lib/pkcs7/attributes.go new file mode 100644 index 0000000000..0a2d801f5b --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/pkcs7/attributes.go @@ -0,0 +1,88 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package pkcs7 + +import ( + "encoding/asn1" + "fmt" +) + +type ErrNoAttribute struct { + ID asn1.ObjectIdentifier +} + +func (e ErrNoAttribute) Error() string { + return fmt.Sprintf("attribute not found: %s", e.ID) +} + +// marshal authenticated attributes for digesting +func (l *AttributeList) Bytes() ([]byte, error) { + // needs an explicit SET OF tag but not the class-specific tag from the + // original struct. see RFC 2315 9.3, 2nd paragraph + encoded, err := asn1.Marshal(struct { + A []Attribute `asn1:"set"` + }{A: *l}) + if err != nil { + return nil, err + } + var raw asn1.RawValue + if _, err := asn1.Unmarshal(encoded, &raw); err != nil { + return nil, err + } + return raw.Bytes, nil +} + +// unmarshal a single attribute, if it exists +func (l *AttributeList) GetOne(oid asn1.ObjectIdentifier, dest interface{}) error { + for _, raw := range *l { + if !raw.Type.Equal(oid) { + continue + } + rest, err := asn1.Unmarshal(raw.Values.Bytes, dest) + if err != nil { + return err + } else if len(rest) != 0 { + return fmt.Errorf("attribute %s: expected one, found multiple", oid) + } else { + return nil + } + } + return ErrNoAttribute{oid} +} + +// create or append to an attribute +func (l *AttributeList) Add(oid asn1.ObjectIdentifier, obj interface{}) error { + value, err := asn1.Marshal(obj) + if err != nil { + return err + } + for _, attr := range *l { + if attr.Type.Equal(oid) { + attr.Values.Bytes = append(attr.Values.Bytes, value...) + return nil + } + } + *l = append(*l, Attribute{ + Type: oid, + Values: asn1.RawValue{ + Class: asn1.ClassUniversal, + Tag: asn1.TagSet, + IsCompound: true, + Bytes: value, + }}) + return nil +} diff --git a/vendor/github.com/sassoftware/relic/lib/pkcs7/builder.go b/vendor/github.com/sassoftware/relic/lib/pkcs7/builder.go new file mode 100644 index 0000000000..652f392996 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/pkcs7/builder.go @@ -0,0 +1,151 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package pkcs7 + +import ( + "crypto" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/asn1" + "errors" + "fmt" + + "github.com/sassoftware/relic/lib/x509tools" +) + +type SignatureBuilder struct { + contentInfo ContentInfo + hash crypto.Hash + digest []byte + certs []*x509.Certificate + privateKey crypto.Signer + signerOpts crypto.SignerOpts + authAttrs AttributeList +} + +// Build a PKCS#7 signature procedurally. Returns a structure that can have +// content and attributes attached to it. +func NewBuilder(privKey crypto.Signer, certs []*x509.Certificate, opts crypto.SignerOpts) *SignatureBuilder { + return &SignatureBuilder{ + privateKey: privKey, + signerOpts: opts, + certs: certs, + } +} + +// Embed bytes or a structure into the PKCS#7 content +func (sb *SignatureBuilder) SetContent(ctype asn1.ObjectIdentifier, data interface{}) error { + cinfo, err := NewContentInfo(ctype, data) + if err != nil { + return err + } + return sb.SetContentInfo(cinfo) +} + +// Set content to a generic "data" blob +func (sb *SignatureBuilder) SetContentData(data []byte) error { + return sb.SetContent(OidData, data) +} + +// Set a ContentInfo structure as the PKCS#7 content +func (sb *SignatureBuilder) SetContentInfo(cinfo ContentInfo) error { + blob, err := cinfo.Bytes() + if err != nil { + return err + } + d := sb.signerOpts.HashFunc().New() + d.Write(blob) + sb.contentInfo = cinfo + sb.digest = d.Sum(nil) + return nil +} + +// Set a "detached" content type, with digest +func (sb *SignatureBuilder) SetDetachedContent(ctype asn1.ObjectIdentifier, digest []byte) error { + if len(digest) != sb.signerOpts.HashFunc().Size() { + return errors.New("digest size mismatch") + } + cinfo, _ := NewContentInfo(ctype, nil) + sb.contentInfo = cinfo + sb.digest = digest + return nil +} + +// Add an authenticated attribute to SignerInfo +func (sb *SignatureBuilder) AddAuthenticatedAttribute(oid asn1.ObjectIdentifier, data interface{}) error { + return sb.authAttrs.Add(oid, data) +} + +// Complete the signature and return the full PKCS#7 structure +func (sb *SignatureBuilder) Sign() (*ContentInfoSignedData, error) { + if sb.digest == nil { + return nil, errors.New("SetContent was not called") + } + pubKey := sb.privateKey.Public() + digestAlg, pkeyAlg, err := x509tools.PkixAlgorithms(pubKey, sb.signerOpts) + if err != nil { + return nil, fmt.Errorf("pkcs7: %s", err) + } + if len(sb.certs) < 1 || !x509tools.SameKey(pubKey, sb.certs[0].PublicKey) { + return nil, errors.New("pkcs7: first certificate must match private key") + } + digest := sb.digest + if sb.authAttrs != nil { + // When authenticated attributes are present, then these are required. + if err := sb.authAttrs.Add(OidAttributeContentType, sb.contentInfo.ContentType); err != nil { + return nil, err + } + if err := sb.authAttrs.Add(OidAttributeMessageDigest, sb.digest); err != nil { + return nil, err + } + // Now the signature is over the authenticated attributes instead of + // the content directly. + attrbytes, err := sb.authAttrs.Bytes() + if err != nil { + return nil, err + } + w := sb.signerOpts.HashFunc().New() + w.Write(attrbytes) + digest = w.Sum(nil) + } + sig, err := sb.privateKey.Sign(rand.Reader, digest, sb.signerOpts) + if err != nil { + return nil, err + } + return &ContentInfoSignedData{ + ContentType: OidSignedData, + Content: SignedData{ + Version: 1, + DigestAlgorithmIdentifiers: []pkix.AlgorithmIdentifier{digestAlg}, + ContentInfo: sb.contentInfo, + Certificates: marshalCertificates(sb.certs), + CRLs: nil, + SignerInfos: []SignerInfo{SignerInfo{ + Version: 1, + IssuerAndSerialNumber: IssuerAndSerial{ + IssuerName: asn1.RawValue{FullBytes: sb.certs[0].RawIssuer}, + SerialNumber: sb.certs[0].SerialNumber, + }, + DigestAlgorithm: digestAlg, + DigestEncryptionAlgorithm: pkeyAlg, + AuthenticatedAttributes: sb.authAttrs, + EncryptedDigest: sig, + }}, + }, + }, nil +} diff --git a/vendor/github.com/sassoftware/relic/lib/pkcs7/content.go b/vendor/github.com/sassoftware/relic/lib/pkcs7/content.go new file mode 100644 index 0000000000..befa517074 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/pkcs7/content.go @@ -0,0 +1,81 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package pkcs7 + +import ( + "encoding/asn1" +) + +type contentInfo2 struct { + ContentType asn1.ObjectIdentifier + Value asn1.RawValue +} + +// Create a ContentInfo structure for the given bytes or structure. data can be +// nil for detached signatures. +func NewContentInfo(contentType asn1.ObjectIdentifier, data interface{}) (ci ContentInfo, err error) { + if data == nil { + return ContentInfo{ContentType: contentType}, nil + } + // There's no way to just encode the struct with the asn1.RawValue directly + // while also supporting the ability to not emit the 2nd field for the nil + // case, so instead this stupid dance of encoding it with the field then + // stuffing it into Raw is necessary... + encoded, err := asn1.Marshal(data) + if err != nil { + return ContentInfo{}, err + } + ci2 := contentInfo2{ + ContentType: contentType, + Value: asn1.RawValue{ + Class: asn1.ClassContextSpecific, + Tag: 0, + IsCompound: true, + Bytes: encoded, + }, + } + ciblob, err := asn1.Marshal(ci2) + if err != nil { + return ContentInfo{}, nil + } + return ContentInfo{Raw: ciblob, ContentType: contentType}, nil +} + +// Unmarshal a structure from a ContentInfo. +func (ci ContentInfo) Unmarshal(dest interface{}) (err error) { + // First re-decode the contentinfo but this time with the second field + var ci2 contentInfo2 + _, err = asn1.Unmarshal(ci.Raw, &ci2) + if err == nil { + // Now decode the raw value in the second field + _, err = asn1.Unmarshal(ci2.Value.Bytes, dest) + } + return +} + +// Get raw content in DER encoding, or nil if it's not present +func (ci ContentInfo) Bytes() ([]byte, error) { + var value asn1.RawValue + if err := ci.Unmarshal(&value); err != nil { + if _, ok := err.(asn1.SyntaxError); ok { + // short sequence because the value was omitted + return nil, nil + } + return nil, err + } + return value.Bytes, nil +} diff --git a/vendor/github.com/sassoftware/relic/lib/pkcs7/marshal.go b/vendor/github.com/sassoftware/relic/lib/pkcs7/marshal.go new file mode 100644 index 0000000000..03c0b82b28 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/pkcs7/marshal.go @@ -0,0 +1,74 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package pkcs7 + +import ( + "bytes" + "crypto/x509" + "encoding/asn1" + "errors" + "fmt" +) + +// Parse a signature from bytes +func Unmarshal(blob []byte) (*ContentInfoSignedData, error) { + psd := new(ContentInfoSignedData) + if rest, err := asn1.Unmarshal(blob, psd); err != nil { + return nil, err + } else if len(bytes.TrimRight(rest, "\x00")) != 0 { + return nil, errors.New("pkcs7: trailing garbage after PKCS#7 structure") + } + return psd, nil +} + +// Marshal the signature to bytes +func (psd *ContentInfoSignedData) Marshal() ([]byte, error) { + return asn1.Marshal(*psd) +} + +// Remove and return inlined content from the document, leaving a detached signature +func (psd *ContentInfoSignedData) Detach() ([]byte, error) { + content, err := psd.Content.ContentInfo.Bytes() + if err != nil { + return nil, fmt.Errorf("pkcs7: %s", err) + } + psd.Content.ContentInfo, _ = NewContentInfo(psd.Content.ContentInfo.ContentType, nil) + return content, nil +} + +// dump raw certificates to structure +func marshalCertificates(certs []*x509.Certificate) RawCertificates { + var buf bytes.Buffer + for _, cert := range certs { + buf.Write(cert.Raw) + } + val := asn1.RawValue{Bytes: buf.Bytes(), Class: 2, Tag: 0, IsCompound: true} + b, _ := asn1.Marshal(val) + return RawCertificates{Raw: b} +} + +// parse raw certificates from structure +func (raw RawCertificates) Parse() ([]*x509.Certificate, error) { + var val asn1.RawValue + if len(raw.Raw) == 0 { + return nil, nil + } + if _, err := asn1.Unmarshal(raw.Raw, &val); err != nil { + return nil, err + } + return x509.ParseCertificates(val.Bytes) +} diff --git a/vendor/github.com/sassoftware/relic/lib/pkcs7/structs.go b/vendor/github.com/sassoftware/relic/lib/pkcs7/structs.go new file mode 100644 index 0000000000..522ed75c22 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/pkcs7/structs.go @@ -0,0 +1,85 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// PKCS#7 is a specification for signing or encrypting data using ASN.1 +// structures. It is also known as CMS (cryptographic message syntax) and is +// discussed in RFC 2315, RFC 3369, RFC 3852, and RFC 5652. +// +// This package implements signature operations needed for creating and +// validating signature technologies based on PKCS#7 including Java and +// Microsoft Authenticode +package pkcs7 + +import ( + "crypto/x509/pkix" + "encoding/asn1" + "math/big" +) + +var ( + OidData = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 1} + OidSignedData = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2} + OidAttributeContentType = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3} + OidAttributeMessageDigest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4} + OidAttributeSigningTime = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5} +) + +const MimeType = "application/pkcs7-mime" + +type ContentInfo struct { + Raw asn1.RawContent + ContentType asn1.ObjectIdentifier +} + +type ContentInfoSignedData struct { + ContentType asn1.ObjectIdentifier + Content SignedData `asn1:"explicit,optional,tag:0"` +} + +type SignedData struct { + Version int `asn1:"default:1"` + DigestAlgorithmIdentifiers []pkix.AlgorithmIdentifier `asn1:"set"` + ContentInfo ContentInfo `` + Certificates RawCertificates `asn1:"optional,tag:0"` + CRLs []pkix.CertificateList `asn1:"optional,tag:1"` + SignerInfos []SignerInfo `asn1:"set"` +} + +type RawCertificates struct { + Raw asn1.RawContent +} + +type Attribute struct { + Type asn1.ObjectIdentifier + Values asn1.RawValue +} + +type AttributeList []Attribute + +type SignerInfo struct { + Version int `asn1:"default:1"` + IssuerAndSerialNumber IssuerAndSerial `` + DigestAlgorithm pkix.AlgorithmIdentifier `` + AuthenticatedAttributes AttributeList `asn1:"optional,tag:0"` + DigestEncryptionAlgorithm pkix.AlgorithmIdentifier `` + EncryptedDigest []byte `` + UnauthenticatedAttributes AttributeList `asn1:"optional,tag:1"` +} + +type IssuerAndSerial struct { + IssuerName asn1.RawValue + SerialNumber *big.Int +} diff --git a/vendor/github.com/sassoftware/relic/lib/pkcs7/verify.go b/vendor/github.com/sassoftware/relic/lib/pkcs7/verify.go new file mode 100644 index 0000000000..4880731d4c --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/pkcs7/verify.go @@ -0,0 +1,162 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package pkcs7 + +import ( + "bytes" + "crypto/hmac" + "crypto/rsa" + "crypto/x509" + "fmt" + "time" + + "github.com/pkg/errors" + "github.com/sassoftware/relic/lib/x509tools" +) + +type Signature struct { + SignerInfo *SignerInfo + Certificate *x509.Certificate + Intermediates []*x509.Certificate +} + +// Verify the content in a SignedData structure. External content may be +// provided if it is a detached signature. Information about the signature is +// returned, however X509 chains are not validated. Call VerifyChain() to +// complete the verification process. +// +// If skipDigests is true, then the main content section is not checked, but +// the SignerInfos are still checked for a valid signature. +func (sd *SignedData) Verify(externalContent []byte, skipDigests bool) (Signature, error) { + var content []byte + if !skipDigests { + var err error + content, err = sd.ContentInfo.Bytes() + if err != nil { + return Signature{}, err + } else if content == nil { + if externalContent == nil { + return Signature{}, errors.New("pkcs7: missing content") + } + content = externalContent + } else if externalContent != nil { + if !bytes.Equal(externalContent, content) { + return Signature{}, errors.New("pkcs7: internal and external content were both provided but are not equal") + } + } + } + certs, err := sd.Certificates.Parse() + if err != nil { + return Signature{}, fmt.Errorf("pkcs7: %s", err) + } else if len(certs) == 0 { + return Signature{}, errors.New("pkcs7: certificate missing from signedData") + } + var cert *x509.Certificate + var sig Signature + for _, si := range sd.SignerInfos { + cert, err = si.Verify(content, skipDigests, certs) + if err != nil { + return Signature{}, err + } + sig = Signature{&si, cert, certs} + } + return sig, nil +} + +// Find the certificate that signed this SignerInfo from the bucket of certs +func (si *SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error) { + is := si.IssuerAndSerialNumber + for _, cert := range certs { + if bytes.Equal(cert.RawIssuer, is.IssuerName.FullBytes) && cert.SerialNumber.Cmp(is.SerialNumber) == 0 { + return cert, nil + } + } + return nil, errors.New("pkcs7: certificate missing from signedData") +} + +// Verify the signature contained in this SignerInfo and return the leaf +// certificate. X509 chains are not validated. +func (si *SignerInfo) Verify(content []byte, skipDigests bool, certs []*x509.Certificate) (*x509.Certificate, error) { + hash, err := x509tools.PkixDigestToHashE(si.DigestAlgorithm) + if err != nil { + return nil, errors.Wrap(err, "pkcs7") + } + var digest []byte + if !skipDigests { + w := hash.New() + w.Write(content) + digest = w.Sum(nil) + } + if len(si.AuthenticatedAttributes) != 0 { + // check the content digest against the messageDigest attribute + var md []byte + if err := si.AuthenticatedAttributes.GetOne(OidAttributeMessageDigest, &md); err != nil { + return nil, err + } else if digest != nil && !hmac.Equal(md, digest) { + return nil, errors.New("pkcs7: content digest does not match") + } + // now pivot to verifying the hash over the authenticated attributes + w := hash.New() + attrbytes, err := si.AuthenticatedAttributes.Bytes() + if err != nil { + return nil, err + } + w.Write(attrbytes) + digest = w.Sum(nil) + } // otherwise the content hash is verified directly + cert, err := si.FindCertificate(certs) + if err != nil { + return nil, err + } + // If skipDigests is set and AuthenticatedAttributes is not present then + // there's no digest to check the signature against. For RSA at least it's + // possible to decrypt the signature and check the padding but there's not + // much point to it. + if digest != nil { + err = x509tools.PkixVerify(cert.PublicKey, si.DigestAlgorithm, si.DigestEncryptionAlgorithm, digest, si.EncryptedDigest) + if err == rsa.ErrVerification { + // "Symantec Time Stamping Services Signer" seems to be emitting + // signatures without the AlgorithmIdentifier strucuture, so try + // without it. + err = x509tools.Verify(cert.PublicKey, 0, digest, si.EncryptedDigest) + } + } + return cert, err +} + +// Verify the X509 chain from a signature against the given roots. extraCerts +// will be added to the intermediates if provided. usage gives the certificate +// usage required for the leaf certificate, or ExtKeyUsageAny otherwise. If a +// PKCS#9 trusted timestamp was found, pass that timestamp in currentTime to +// validate the chain as of the time of the signature. +func (info Signature) VerifyChain(roots *x509.CertPool, extraCerts []*x509.Certificate, usage x509.ExtKeyUsage, currentTime time.Time) error { + pool := x509.NewCertPool() + for _, cert := range extraCerts { + pool.AddCert(cert) + } + for _, cert := range info.Intermediates { + pool.AddCert(cert) + } + opts := x509.VerifyOptions{ + Intermediates: pool, + Roots: roots, + CurrentTime: currentTime, + KeyUsages: []x509.ExtKeyUsage{usage}, + } + _, err := info.Certificate.Verify(opts) + return err +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/certpool.go b/vendor/github.com/sassoftware/relic/lib/x509tools/certpool.go new file mode 100644 index 0000000000..771d3509e6 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/certpool.go @@ -0,0 +1,51 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "io/ioutil" +) + +// Load a certificate pool from a file and set it as the root CA for a TLS +// config. If path is empty then the system pool will be used. If the filename +// starts with + then both the system pool and the contents of the file will be +// used. +func LoadCertPool(path string, tconf *tls.Config) error { + if path == "" { + return nil + } else if path[0] == '+' { + pool, err := x509.SystemCertPool() + if err != nil { + return err + } + tconf.RootCAs = pool + path = path[1:] + } else { + tconf.RootCAs = x509.NewCertPool() + } + contents, err := ioutil.ReadFile(path) + if err != nil { + return err + } + if !tconf.RootCAs.AppendCertsFromPEM(contents) { + return fmt.Errorf("no CA certificates in %s", path) + } + return nil +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/digests.go b/vendor/github.com/sassoftware/relic/lib/x509tools/digests.go new file mode 100644 index 0000000000..5861cb86f0 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/digests.go @@ -0,0 +1,97 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto" + "crypto/x509/pkix" + "encoding/asn1" + "strings" + "sync" +) + +var ( + // RFC 3279 + OidDigestMD5 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5} + OidDigestSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26} + // RFC 5758 + OidDigestSHA224 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 4} + OidDigestSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} + OidDigestSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} + OidDigestSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} +) + +var HashOids = map[crypto.Hash]asn1.ObjectIdentifier{ + crypto.MD5: OidDigestMD5, + crypto.SHA1: OidDigestSHA1, + crypto.SHA224: OidDigestSHA224, + crypto.SHA256: OidDigestSHA256, + crypto.SHA384: OidDigestSHA384, + crypto.SHA512: OidDigestSHA512, +} + +var HashNames = map[crypto.Hash]string{ + crypto.MD5: "MD5", + crypto.SHA1: "SHA1", + crypto.SHA224: "SHA-224", + crypto.SHA256: "SHA-256", + crypto.SHA384: "SHA-384", + crypto.SHA512: "SHA-512", +} + +var ( + hashesByName map[string]crypto.Hash + once sync.Once +) + +func HashShortName(hash crypto.Hash) string { + return normalName(HashNames[hash]) +} + +func normalName(name string) string { + return strings.Replace(strings.ToLower(name), "-", "", 1) +} + +func HashByName(name string) crypto.Hash { + name = normalName(name) + once.Do(func() { + hashesByName = make(map[string]crypto.Hash, len(HashNames)) + for h, hn := range HashNames { + hashesByName[normalName(hn)] = h + } + }) + return hashesByName[name] +} + +type digestInfo struct { + DigestAlgorithm pkix.AlgorithmIdentifier + Digest []byte +} + +// Pack a digest along with an algorithm identifier. Mainly useful for +// PKCS#1v1.5 padding (RSA). +func MarshalDigest(hash crypto.Hash, digest []byte) (der []byte, ok bool) { + alg, ok := PkixDigestAlgorithm(hash) + if !ok { + return nil, false + } + der, err := asn1.Marshal(digestInfo{alg, digest}) + if err != nil { + return nil, false + } + return der, true +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/ecdsa_curves.go b/vendor/github.com/sassoftware/relic/lib/x509tools/ecdsa_curves.go new file mode 100644 index 0000000000..1e3a6fabc8 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/ecdsa_curves.go @@ -0,0 +1,191 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "encoding/asn1" + "errors" + "fmt" + "math/big" + "strconv" + "strings" +) + +// Predefined named ECDSA curve +type CurveDefinition struct { + Bits uint + Curve elliptic.Curve + Oid asn1.ObjectIdentifier +} + +var DefinedCurves = []CurveDefinition{ + {256, elliptic.P256(), asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}}, + {384, elliptic.P384(), asn1.ObjectIdentifier{1, 3, 132, 0, 34}}, + {521, elliptic.P521(), asn1.ObjectIdentifier{1, 3, 132, 0, 35}}, +} + +// Return the DER encoding of the ASN.1 OID of this named curve +func (def *CurveDefinition) ToDer() []byte { + der, err := asn1.Marshal(def.Oid) + if err != nil { + panic(err) + } + return der +} + +// Return the names of all supported ECDSA curves +func SupportedCurves() string { + curves := make([]string, len(DefinedCurves)) + for i, def := range DefinedCurves { + curves[i] = strconv.FormatUint(uint64(def.Bits), 10) + } + return strings.Join(curves, ", ") +} + +// Get a curve by its ASN.1 object identifier +func CurveByOid(oid asn1.ObjectIdentifier) (*CurveDefinition, error) { + for _, def := range DefinedCurves { + if oid.Equal(def.Oid) { + return &def, nil + } + } + return nil, fmt.Errorf("Unsupported ECDSA curve with OID: %s\nSupported curves: %s", oid, SupportedCurves()) +} + +// Get a curve by a dotted decimal OID string +func CurveByOidString(oidstr string) (*CurveDefinition, error) { + parts := strings.Split(oidstr, ".") + oid := make(asn1.ObjectIdentifier, 0, len(parts)) + for _, n := range parts { + v, err := strconv.Atoi(n) + if err != nil { + return nil, errors.New("invalid OID") + } + oid = append(oid, v) + } + return CurveByOid(oid) +} + +// Get a curve by the DER encoding of its OID +func CurveByDer(der []byte) (*CurveDefinition, error) { + var oid asn1.ObjectIdentifier + _, err := asn1.Unmarshal(der, &oid) + if err != nil { + return nil, err + } + return CurveByOid(oid) +} + +// Get a curve by an elliptic.Curve value +func CurveByCurve(curve elliptic.Curve) (*CurveDefinition, error) { + for _, def := range DefinedCurves { + if curve == def.Curve { + return &def, nil + } + } + return nil, fmt.Errorf("Unsupported ECDSA curve: %v\nSupported curves: %s", curve, SupportedCurves()) +} + +// Get a curve by a number of bits +func CurveByBits(bits uint) (*CurveDefinition, error) { + for _, def := range DefinedCurves { + if bits == def.Bits { + return &def, nil + } + } + return nil, fmt.Errorf("Unsupported ECDSA curve: %v\nSupported curves: %s", bits, SupportedCurves()) +} + +// Decode an ECDSA public key from its DER encoding. Both octet and bitstring +// encodings are supported. +func DerToPoint(curve elliptic.Curve, der []byte) (*big.Int, *big.Int) { + var blob []byte + switch der[0] { + case asn1.TagOctetString: + _, err := asn1.Unmarshal(der, &blob) + if err != nil { + return nil, nil + } + case asn1.TagBitString: + var bits asn1.BitString + _, err := asn1.Unmarshal(der, &bits) + if err != nil { + return nil, nil + } + blob = bits.Bytes + default: + return nil, nil + } + return elliptic.Unmarshal(curve, blob) +} + +func PointToDer(pub *ecdsa.PublicKey) []byte { + blob := elliptic.Marshal(pub.Curve, pub.X, pub.Y) + der, err := asn1.Marshal(blob) + if err != nil { + return nil + } + return der +} + +// ASN.1 structure used to encode an ECDSA signature +type EcdsaSignature struct { + R, S *big.Int +} + +// Unpack an ECDSA signature from an ASN.1 DER sequence +func UnmarshalEcdsaSignature(der []byte) (sig EcdsaSignature, err error) { + der, err = asn1.Unmarshal(der, &sig) + if err != nil || len(der) != 0 { + err = errors.New("invalid ECDSA signature") + } + return +} + +// Unpack an ECDSA signature consisting of two numbers concatenated per IEEE 1363 +func UnpackEcdsaSignature(packed []byte) (sig EcdsaSignature, err error) { + byteLen := len(packed) / 2 + if len(packed) != byteLen*2 { + err = errors.New("ecdsa signature is incorrect size") + } else { + sig.R = new(big.Int).SetBytes(packed[:byteLen]) + sig.S = new(big.Int).SetBytes(packed[byteLen:]) + } + return +} + +// Marshal an ECDSA signature as an ASN.1 structure +func (sig EcdsaSignature) Marshal() []byte { + ret, _ := asn1.Marshal(sig) + return ret +} + +// Pack an ECDSA signature by concatenating the two numbers per IEEE 1363 +func (sig EcdsaSignature) Pack() []byte { + rbytes := sig.R.Bytes() + sbytes := sig.S.Bytes() + byteLen := len(rbytes) + if len(sbytes) > byteLen { + byteLen = len(sbytes) + } + ret := make([]byte, byteLen*2) + copy(ret[byteLen-len(rbytes):], rbytes) + copy(ret[2*byteLen-len(sbytes):], sbytes) + return ret +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/keylogfile.go b/vendor/github.com/sassoftware/relic/lib/x509tools/keylogfile.go new file mode 100644 index 0000000000..2989f5cefe --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/keylogfile.go @@ -0,0 +1,37 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto/tls" + "fmt" + "os" +) + +// If the SSLKEYLOGFILE environment variable is set, then open it for appending +// and write TLS master secrets there in the "NSS Key Log Format". Use this for +// debugging TLS and HTTP problems with Wireshark. +func SetKeyLogFile(tconf *tls.Config) { + if klf := os.Getenv("SSLKEYLOGFILE"); klf != "" { + fmt.Fprintln(os.Stderr, "WARNING: SSLKEYLOGFILE is set! TLS master secrets will be logged.") + f, err := os.OpenFile(klf, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0600) + if err != nil { + panic(err) + } + tconf.KeyLogWriter = f + } +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/names.go b/vendor/github.com/sassoftware/relic/lib/x509tools/names.go new file mode 100644 index 0000000000..8b8461d131 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/names.go @@ -0,0 +1,214 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto/x509" + "encoding/asn1" + "encoding/binary" + "fmt" + "strings" + "unicode/utf16" +) + +type rdnAttr struct { + Type asn1.ObjectIdentifier + Value asn1.RawValue +} + +type rdnNameSet []rdnAttr + +type NameStyle int + +const ( + NameStyleOpenSsl NameStyle = iota + NameStyleLdap + NameStyleMsOsco +) + +type attrName struct { + Type asn1.ObjectIdentifier + Name string +} + +var nameStyleLdap = []attrName{ + attrName{asn1.ObjectIdentifier{2, 5, 4, 3}, "CN"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 4}, "surname"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 5}, "serialNumber"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 6}, "C"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 7}, "L"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 8}, "ST"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 9}, "street"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 10}, "O"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 11}, "OU"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 12}, "title"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 13}, "description"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 17}, "postalCode"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 18}, "postOfficeBox"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 20}, "telephoneNumber"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 42}, "givenName"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 43}, "initials"}, + attrName{asn1.ObjectIdentifier{0, 9, 2342, 19200300, 100, 1, 25}, "dc"}, + attrName{asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}, "emailAddress"}, +} + +// Per [MS-OSCO] +// https://msdn.microsoft.com/en-us/library/dd947276(v=office.12).aspx +var nameStyleMsOsco = []attrName{ + attrName{asn1.ObjectIdentifier{2, 5, 4, 3}, "CN"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 7}, "L"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 10}, "O"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 11}, "OU"}, + attrName{asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}, "E"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 6}, "C"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 8}, "S"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 9}, "STREET"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 12}, "T"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 42}, "G"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 43}, "I"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 4}, "SN"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 5}, "SERIALNUMBER"}, + attrName{asn1.ObjectIdentifier{0, 9, 2342, 19200300, 100, 1, 25}, "DC"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 13}, "Description"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 17}, "PostalCode"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 18}, "POBox"}, + attrName{asn1.ObjectIdentifier{2, 5, 4, 20}, "Phone"}, +} + +// returned by the Format* functions in case there's something cripplingly +// wrong with it +const InvalidName = "" + +// Format the name (RDN sequence) from its raw DER to a readable style. +func FormatPkixName(der []byte, style NameStyle) string { + var seq asn1.RawValue + if _, err := asn1.Unmarshal(der, &seq); err != nil { + return InvalidName + } + seqbytes := seq.Bytes + var formatted []string + for len(seqbytes) > 0 { + var rdnSet rdnNameSet + var err error + seqbytes, err = asn1.UnmarshalWithParams(seqbytes, &rdnSet, "set") + if err != nil { + return InvalidName + } + for _, attr := range rdnSet { + formatted = append(formatted, fmt.Sprintf("%s=%s", attName(attr.Type, style), attValue(attr.Value, style))) + } + } + if len(formatted) == 0 { + return "" + } + switch style { + case NameStyleOpenSsl: + return "/" + strings.Join(formatted, "/") + "/" + case NameStyleLdap, NameStyleMsOsco: + // Per RFC 2253 2.1, reverse the order + for i := 0; i < len(formatted)/2; i++ { + j := len(formatted) - i - 1 + formatted[i], formatted[j] = formatted[j], formatted[i] + } + return strings.Join(formatted, ", ") + default: + panic("invalid style argument") + } +} + +func attName(t asn1.ObjectIdentifier, style NameStyle) string { + var names []attrName + var defaultPrefix string + switch style { + case NameStyleLdap, NameStyleOpenSsl: + names = nameStyleLdap + case NameStyleMsOsco: + names = nameStyleMsOsco + defaultPrefix = "OID." + default: + panic("invalid style argument") + } + for _, name := range names { + if name.Type.Equal(t) { + return name.Name + } + } + return defaultPrefix + t.String() +} + +func attValue(raw asn1.RawValue, style NameStyle) string { + var value string + switch raw.Tag { + case asn1.TagUTF8String, asn1.TagIA5String, asn1.TagPrintableString: + var ret interface{} + if _, err := asn1.Unmarshal(raw.FullBytes, &ret); err != nil { + return InvalidName + } + value = ret.(string) + case Asn1TagBMPString: + value = ParseBMPString(raw) + default: + return InvalidName + } + switch style { + case NameStyleOpenSsl: + value = strings.Replace(value, "/", "\\/", -1) + case NameStyleLdap, NameStyleMsOsco: + quote := false + if len(value) == 0 { + quote = true + } + if strings.HasPrefix(value, " ") || strings.HasSuffix(value, " ") { + quote = true + } + if i := strings.IndexAny(value, ",+=\n<>#;'\""); i >= 0 { + quote = true + } + value = strings.Replace(value, "\"", "\"\"", -1) + if quote { + value = "\"" + value + "\"" + } + } + return value +} + +func ParseBMPString(raw asn1.RawValue) string { + runes := make([]uint16, len(raw.Bytes)/2) + for i := range runes { + runes[i] = binary.BigEndian.Uint16(raw.Bytes[i*2:]) + } + return string(utf16.Decode(runes)) +} + +func ToBMPString(value string) asn1.RawValue { + runes := utf16.Encode([]rune(value)) + raw := make([]byte, 2*len(runes)) + for i, r := range runes { + binary.BigEndian.PutUint16(raw[i*2:], r) + } + return asn1.RawValue{Tag: Asn1TagBMPString, Bytes: raw} +} + +// Format the certificate subject name in LDAP style +func FormatSubject(cert *x509.Certificate) string { + return FormatPkixName(cert.RawSubject, NameStyleLdap) +} + +// Format the certificate issuer name in LDAP style +func FormatIssuer(cert *x509.Certificate) string { + return FormatPkixName(cert.RawIssuer, NameStyleLdap) +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/pkix.go b/vendor/github.com/sassoftware/relic/lib/x509tools/pkix.go new file mode 100644 index 0000000000..691c189b3e --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/pkix.go @@ -0,0 +1,209 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/asn1" + "errors" + "fmt" +) + +var ( + // RFC 3279 + OidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} + OidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} + OidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1} + + oidSignatureMD2WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} + oidSignatureMD5WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} + oidSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} + oidSignatureSHA256WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} + oidSignatureSHA384WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} + oidSignatureSHA512WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} + oidSignatureDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 3} + oidSignatureDSAWithSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 3, 2} + oidSignatureECDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 1} + oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2} + oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3} + oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4} + oidISOSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 29} + + // RFC 4055 + OidMGF1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8} + OidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} + + Asn1TagBMPString = 30 +) + +type sigAlgInfo struct { + oid asn1.ObjectIdentifier + pubKeyAlgo x509.PublicKeyAlgorithm + hash crypto.Hash +} + +var sigAlgInfos = []sigAlgInfo{ + // without a digest + {OidPublicKeyRSA, x509.RSA, 0}, + {OidSignatureRSAPSS, x509.RSA, 0}, + {OidPublicKeyDSA, x509.DSA, 0}, + {OidPublicKeyECDSA, x509.ECDSA, 0}, + // with a digest + {oidSignatureMD5WithRSA, x509.RSA, crypto.MD5}, + {oidSignatureSHA1WithRSA, x509.RSA, crypto.SHA1}, + {oidISOSignatureSHA1WithRSA, x509.RSA, crypto.SHA1}, + {oidSignatureSHA256WithRSA, x509.RSA, crypto.SHA256}, + {oidSignatureSHA384WithRSA, x509.RSA, crypto.SHA384}, + {oidSignatureSHA512WithRSA, x509.RSA, crypto.SHA512}, + {oidSignatureDSAWithSHA1, x509.DSA, crypto.SHA1}, + {oidSignatureDSAWithSHA256, x509.DSA, crypto.SHA256}, + {oidSignatureECDSAWithSHA1, x509.ECDSA, crypto.SHA1}, + {oidSignatureECDSAWithSHA256, x509.ECDSA, crypto.SHA256}, + {oidSignatureECDSAWithSHA384, x509.ECDSA, crypto.SHA384}, + {oidSignatureECDSAWithSHA512, x509.ECDSA, crypto.SHA512}, +} + +// Given a public key and signer options, return the appropriate X.509 digest and signature algorithms +func PkixAlgorithms(pub crypto.PublicKey, opts crypto.SignerOpts) (digestAlg, sigAlg pkix.AlgorithmIdentifier, err error) { + digestAlg, ok := PkixDigestAlgorithm(opts.HashFunc()) + if !ok { + err = errors.New("unsupported digest algorithm") + return + } + if pss, ok := opts.(*rsa.PSSOptions); ok { + rsapub, ok := pub.(*rsa.PublicKey) + if !ok { + err = errors.New("RSA-PSS is only valid for RSA keys") + return + } + var params asn1.RawValue + params, err = MarshalRSAPSSParameters(rsapub, pss) + if err != nil { + return + } + sigAlg = pkix.AlgorithmIdentifier{ + Algorithm: OidSignatureRSAPSS, + Parameters: params, + } + return + } + switch pub.(type) { + case *rsa.PublicKey: + sigAlg.Algorithm = OidPublicKeyRSA + case *ecdsa.PublicKey: + sigAlg.Algorithm = OidPublicKeyECDSA + default: + err = errors.New("unsupported public key algorithm") + return + } + sigAlg.Parameters = asn1.NullRawValue + return +} + +// Convert a crypto.Hash to a X.509 AlgorithmIdentifier +func PkixDigestAlgorithm(hash crypto.Hash) (alg pkix.AlgorithmIdentifier, ok bool) { + if oid, ok2 := HashOids[hash]; ok2 { + alg.Algorithm = oid + alg.Parameters = asn1.NullRawValue + ok = true + } + return +} + +// Convert a X.509 AlgorithmIdentifier to a crypto.Hash +func PkixDigestToHash(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, ok bool) { + for hash, oid := range HashOids { + if alg.Algorithm.Equal(oid) { + return hash, true + } + } + return 0, false +} + +// Convert a X.509 AlgorithmIdentifier to a crypto.Hash +func PkixDigestToHashE(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, err error) { + hash, ok := PkixDigestToHash(alg) + if ok && hash.Available() { + return hash, nil + } + return 0, UnknownDigestError{Algorithm: alg.Algorithm} +} + +// Convert a crypto.PublicKey to a X.509 AlgorithmIdentifier +func PkixPublicKeyAlgorithm(pub crypto.PublicKey) (alg pkix.AlgorithmIdentifier, ok bool) { + _, alg, err := PkixAlgorithms(pub, nil) + return alg, err == nil +} + +// Verify a signature using the algorithm specified by the given X.509 AlgorithmIdentifier +func PkixVerify(pub crypto.PublicKey, digestAlg, sigAlg pkix.AlgorithmIdentifier, digest, sig []byte) error { + hash, err := PkixDigestToHashE(digestAlg) + if err != nil { + return err + } + var info sigAlgInfo + for _, a := range sigAlgInfos { + if sigAlg.Algorithm.Equal(a.oid) { + info = a + } + } + if info.hash != 0 && info.hash != hash { + return errors.New("signature type does not match digest type") + } + switch info.pubKeyAlgo { + case x509.RSA: + key, ok := pub.(*rsa.PublicKey) + if !ok { + return errors.New("incorrect key type for signature") + } + if sigAlg.Algorithm.Equal(OidSignatureRSAPSS) { + opts, err := UnmarshalRSAPSSParameters(hash, sigAlg.Parameters) + if err != nil { + return err + } + return rsa.VerifyPSS(key, hash, digest, sig, opts) + } + return rsa.VerifyPKCS1v15(key, hash, digest, sig) + case x509.ECDSA: + key, ok := pub.(*ecdsa.PublicKey) + if !ok { + return errors.New("incorrect key type for signature") + } + esig, err := UnmarshalEcdsaSignature(sig) + if err != nil { + return err + } + if !ecdsa.Verify(key, digest, esig.R, esig.S) { + return errors.New("ECDSA verification failed") + } + return nil + default: + return errors.New("unsupported public key algorithm") + } +} + +type UnknownDigestError struct { + Algorithm asn1.ObjectIdentifier +} + +func (e UnknownDigestError) Error() string { + return fmt.Sprintf("unsupported hash algorithm %s", e.Algorithm) +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/printcert.go b/vendor/github.com/sassoftware/relic/lib/x509tools/printcert.go new file mode 100644 index 0000000000..402bbf9779 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/printcert.go @@ -0,0 +1,275 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto/ecdsa" + "crypto/rsa" + "crypto/x509" + "encoding/asn1" + "fmt" + "io" + "time" +) + +var keyUsageNames = map[x509.KeyUsage]string{ + x509.KeyUsageDigitalSignature: "digitalSignature", + x509.KeyUsageContentCommitment: "nonRepudiation", + x509.KeyUsageKeyEncipherment: "keyEncipherment", + x509.KeyUsageDataEncipherment: "dataEncipherment", + x509.KeyUsageKeyAgreement: "keyAgreement", + x509.KeyUsageCertSign: "keyCertSign", + x509.KeyUsageCRLSign: "cRLSign", + x509.KeyUsageEncipherOnly: "encipherOnly", + x509.KeyUsageDecipherOnly: "decipherOnly", +} + +var extKeyUsageNames = map[x509.ExtKeyUsage]string{ + x509.ExtKeyUsageAny: "any", + x509.ExtKeyUsageServerAuth: "serverAuth", + x509.ExtKeyUsageClientAuth: "clientAuth", + x509.ExtKeyUsageCodeSigning: "codeSigning", + x509.ExtKeyUsageEmailProtection: "emailProtection", + x509.ExtKeyUsageIPSECEndSystem: "ipsecEndSystem", + x509.ExtKeyUsageIPSECTunnel: "ipsecTunnel", + x509.ExtKeyUsageIPSECUser: "ipsecUser", + x509.ExtKeyUsageTimeStamping: "timeStamping", + x509.ExtKeyUsageOCSPSigning: "OCSPSigning", + + x509.ExtKeyUsageMicrosoftServerGatedCrypto: "msServerGatedCrypto", + x509.ExtKeyUsageNetscapeServerGatedCrypto: "nsServerGatedCrypto", + x509.ExtKeyUsageMicrosoftCommercialCodeSigning: "msCodeCom", + x509.ExtKeyUsageMicrosoftKernelCodeSigning: "msKernCode", +} + +var knownExtensions = []asn1.ObjectIdentifier{ + asn1.ObjectIdentifier{2, 5, 29, 14}, // oidExtensionSubjectKeyId + asn1.ObjectIdentifier{2, 5, 29, 15}, // oidExtensionKeyUsage + asn1.ObjectIdentifier{2, 5, 29, 37}, // oidExtensionExtendedKeyUsage + asn1.ObjectIdentifier{2, 5, 29, 35}, // oidExtensionAuthorityKeyId + asn1.ObjectIdentifier{2, 5, 29, 19}, // oidExtensionBasicConstraints + asn1.ObjectIdentifier{2, 5, 29, 17}, // oidExtensionSubjectAltName + asn1.ObjectIdentifier{2, 5, 29, 32}, // oidExtensionCertificatePolicies + asn1.ObjectIdentifier{2, 5, 29, 30}, // oidExtensionNameConstraints + asn1.ObjectIdentifier{2, 5, 29, 31}, // oidExtensionCRLDistributionPoints + asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}, // oidExtensionAuthorityInfoAccess + asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1}, // oidAuthorityInfoAccessOcsp + asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2}, // oidAuthorityInfoAccessIssuers +} + +// FprintCertificate formats a certificate for display +func FprintCertificate(w io.Writer, cert *x509.Certificate) { + fmt.Fprintln(w, "Version:", cert.Version) + if cert.SerialNumber.BitLen() > 63 { + fmt.Fprintf(w, "Serial: 0x%x\n", cert.SerialNumber) + } else { + fmt.Fprintf(w, "Serial: %d (0x%x)\n", cert.SerialNumber, cert.SerialNumber) + } + fmt.Fprintln(w, "Subject:", FormatSubject(cert)) + fmt.Fprintln(w, "Issuer: ", FormatIssuer(cert)) + fmt.Fprintln(w, "Valid: ", cert.NotBefore) + fmt.Fprintln(w, "Expires:", cert.NotAfter) + fmt.Fprintln(w, "Period: ", subDate(cert.NotAfter, cert.NotBefore)) + switch k := cert.PublicKey.(type) { + case *rsa.PublicKey: + n := fmt.Sprintf("%x", k.N) + fmt.Fprintf(w, "Pub key: RSA bits=%d e=%d n=%s...%s\n", k.N.BitLen(), k.E, n[:8], n[len(n)-8:]) + case *ecdsa.PublicKey: + p := k.Params() + x := fmt.Sprintf("%x", k.X) + y := fmt.Sprintf("%x", k.Y) + fmt.Fprintf(w, "Public key: ECDSA bits=%d name=%s x=%s... y=...%s\n", p.BitSize, p.Name, x[:8], y[len(y)-8:]) + default: + fmt.Fprintf(w, "Public key: %T\n", k) + } + fmt.Fprintln(w, "Sig alg:", cert.SignatureAlgorithm) + fmt.Fprintln(w, "Extensions:") + // subject alternate names + printSAN(w, cert) + // basic constraints + if cert.BasicConstraintsValid { + cons := fmt.Sprintf("isCA=%t", cert.IsCA) + if cert.MaxPathLenZero { + cons += " MaxPathLen=0" + } else if cert.MaxPathLen > 0 { + cons += fmt.Sprintf(" MaxPathLen=%d", cert.MaxPathLen) + } + fmt.Fprintln(w, " Basic constraints: "+cons) + } + // Name constraints + printNameConstraints(w, cert) + // key usage + usage := "" + for n, name := range keyUsageNames { + if cert.KeyUsage&n != 0 { + usage += ", " + name + } + } + if usage != "" { + fmt.Fprintln(w, " Key Usage:", usage[2:]) + } + // extended key usage + usage = "" + for _, u := range cert.ExtKeyUsage { + name := extKeyUsageNames[u] + if name == "" { + name = fmt.Sprintf("%d", u) + } + usage += ", " + name + } + for _, u := range cert.UnknownExtKeyUsage { + usage += ", " + u.String() + } + if usage != "" { + fmt.Fprintln(w, " Extended key usage:", usage[2:]) + } + // keyids + if len(cert.SubjectKeyId) != 0 { + fmt.Fprintf(w, " Subject key ID: %x\n", cert.SubjectKeyId) + } + if len(cert.AuthorityKeyId) != 0 { + fmt.Fprintf(w, " Authority key ID: %x\n", cert.AuthorityKeyId) + } + // authority info + if len(cert.OCSPServer) != 0 { + fmt.Fprintln(w, " OCSP Servers:") + for _, s := range cert.OCSPServer { + fmt.Fprintln(w, " ", s) + } + } + if len(cert.IssuingCertificateURL) != 0 { + fmt.Fprintln(w, " Issuing authority URLs:") + for _, s := range cert.IssuingCertificateURL { + fmt.Fprintln(w, " ", s) + } + } + // CRL + if len(cert.CRLDistributionPoints) != 0 { + fmt.Fprintln(w, " CRL Distribution Points:") + for _, s := range cert.CRLDistributionPoints { + fmt.Fprintln(w, " ", s) + } + } + // Policy IDs + if len(cert.PolicyIdentifiers) != 0 { + fmt.Fprintln(w, " Policy Identifiers:") + for _, s := range cert.PolicyIdentifiers { + fmt.Fprintln(w, " ", s.String()) + } + } + // Other + for _, ex := range cert.Extensions { + if knownExtension(ex.Id) { + continue + } + critical := "" + if ex.Critical { + critical = " (critical)" + } + fmt.Fprintf(w, " Extension %s%s: %x\n", ex.Id, critical, ex.Value) + } +} + +func knownExtension(id asn1.ObjectIdentifier) bool { + for _, known := range knownExtensions { + if known.Equal(id) { + return true + } + } + return false +} + +const ( + durYear = 8766 * time.Hour + yearSlop = 2 * 24 * time.Hour +) + +// calculate duration using calendar dates +func subDate(end, start time.Time) string { + approx := "~" + dur := end.Sub(start) + switch { + case dur >= durYear-yearSlop: + years := int((dur + yearSlop) / durYear) + if start.AddDate(years, 0, 0).Equal(end) { + approx = "" + } + if years > 1 { + return fmt.Sprintf("%s%d years", approx, years) + } + return approx + "1 year" + case dur >= 24*time.Hour: + days := int(dur / (24 * time.Hour)) + if start.AddDate(0, 0, days).Equal(end) { + approx = "" + } + if days > 1 { + return fmt.Sprintf("%s%d days", approx, days) + } + return approx + "1 day" + default: + return dur.String() + } +} + +func printSAN(w io.Writer, cert *x509.Certificate) { + if len(cert.DNSNames) != 0 || len(cert.EmailAddresses) != 0 || len(cert.IPAddresses) != 0 || len(cert.URIs) != 0 { + fmt.Fprintln(w, " Subject alternate names:") + for _, s := range cert.DNSNames { + fmt.Fprintln(w, " dns:"+s) + } + for _, s := range cert.EmailAddresses { + fmt.Fprintln(w, " email:"+s) + } + for _, s := range cert.IPAddresses { + fmt.Fprintln(w, " ip:"+s.String()) + } + for _, s := range cert.URIs { + fmt.Fprintln(w, " uri:"+s.String()) + } + } +} + +func printNameConstraints(w io.Writer, cert *x509.Certificate) { + if len(cert.PermittedDNSDomains) != 0 || len(cert.ExcludedDNSDomains) != 0 || len(cert.PermittedIPRanges) != 0 || len(cert.ExcludedIPRanges) != 0 || len(cert.PermittedEmailAddresses) != 0 || len(cert.ExcludedEmailAddresses) != 0 || len(cert.PermittedURIDomains) != 0 || len(cert.ExcludedURIDomains) != 0 { + fmt.Fprintln(w, " Name constraints:") + for _, s := range cert.PermittedDNSDomains { + fmt.Fprintln(w, " Permitted DNS domain:", s) + } + for _, s := range cert.ExcludedDNSDomains { + fmt.Fprintln(w, " Excluded DNS domain:", s) + } + for _, s := range cert.PermittedIPRanges { + fmt.Fprintln(w, " Permitted IP range:", s) + } + for _, s := range cert.ExcludedIPRanges { + fmt.Fprintln(w, " Excluded IP range:", s) + } + for _, s := range cert.PermittedEmailAddresses { + fmt.Fprintln(w, " Permitted Email Addresses:", s) + } + for _, s := range cert.ExcludedEmailAddresses { + fmt.Fprintln(w, " Excluded Email Addresses:", s) + } + for _, s := range cert.PermittedURIDomains { + fmt.Fprintln(w, " Permitted URI domain:", s) + } + for _, s := range cert.ExcludedURIDomains { + fmt.Fprintln(w, " Excluded URI domain:", s) + } + } +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/rsapss.go b/vendor/github.com/sassoftware/relic/lib/x509tools/rsapss.go new file mode 100644 index 0000000000..a6ec5a11d8 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/rsapss.go @@ -0,0 +1,108 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto" + "crypto/rsa" + "crypto/x509/pkix" + "encoding/asn1" + "errors" +) + +// pssParameters reflects the parameters in an AlgorithmIdentifier that +// specifies RSA PSS. See https://tools.ietf.org/html/rfc3447#appendix-A.2.3 +type pssParameters struct { + // The following three fields are not marked as + // optional because the default values specify SHA-1, + // which is no longer suitable for use in signatures. + Hash pkix.AlgorithmIdentifier `asn1:"explicit,tag:0"` + MGF pkix.AlgorithmIdentifier `asn1:"explicit,tag:1"` + SaltLength int `asn1:"explicit,tag:2"` + TrailerField int `asn1:"optional,explicit,tag:3,default:1"` +} + +func MarshalRSAPSSParameters(pub *rsa.PublicKey, opts *rsa.PSSOptions) (asn1.RawValue, error) { + hashAlg, ok := PkixDigestAlgorithm(opts.Hash) + if !ok { + return asn1.RawValue{}, errors.New("unsupported digest algorithm") + } + hashRaw, err := asn1.Marshal(hashAlg) + if err != nil { + return asn1.RawValue{}, err + } + saltLength := opts.SaltLength + switch saltLength { + case rsa.PSSSaltLengthAuto: + saltLength = (pub.N.BitLen()+7)/8 - 2 - opts.Hash.Size() + case rsa.PSSSaltLengthEqualsHash: + saltLength = opts.Hash.Size() + } + params := pssParameters{ + Hash: hashAlg, + MGF: pkix.AlgorithmIdentifier{ + Algorithm: OidMGF1, + Parameters: asn1.RawValue{FullBytes: hashRaw}, + }, + SaltLength: saltLength, + TrailerField: 1, + } + serialized, err := asn1.Marshal(params) + if err != nil { + return asn1.RawValue{}, err + } + return asn1.RawValue{FullBytes: serialized}, nil +} + +func UnmarshalRSAPSSParameters(hash crypto.Hash, raw asn1.RawValue) (*rsa.PSSOptions, error) { + hashOid, ok := HashOids[hash] + if !ok { + return nil, errors.New("unsupported digest algorithm") + } + if raw.Tag == asn1.TagNull { + // defaults + if hash != crypto.SHA1 { + return nil, errors.New("RSA-PSS parameters not provided but digest type is not SHA-1") + } + return &rsa.PSSOptions{Hash: crypto.SHA1, SaltLength: 20}, nil + } + var params pssParameters + if rest, err := asn1.Unmarshal(raw.FullBytes, ¶ms); err != nil || len(rest) > 0 { + return nil, errors.New("invalid RSA-PSS parameters") + } + // validate that all hash OIDs match + if !params.Hash.Algorithm.Equal(hashOid) { + return nil, errors.New("digest type mismatch in RSA-PSS parameters") + } + if !params.MGF.Algorithm.Equal(OidMGF1) { + return nil, errors.New("unsupported MGF in RSA-PSS parameters") + } + var mgfDigest pkix.AlgorithmIdentifier + if rest, err := asn1.Unmarshal(params.MGF.Parameters.FullBytes, &mgfDigest); err != nil || len(rest) > 0 { + return nil, errors.New("invalid RSA-PSS parameters") + } + if !mgfDigest.Algorithm.Equal(hashOid) { + return nil, errors.New("digest type mismatch in RSA-PSS parameters") + } + if params.TrailerField != 0 && params.TrailerField != 1 { + return nil, errors.New("invalid RSA-PSS parameters") + } + if params.SaltLength == 0 { + params.SaltLength = hash.Size() + } + return &rsa.PSSOptions{Hash: hash, SaltLength: params.SaltLength}, nil +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/util.go b/vendor/github.com/sassoftware/relic/lib/x509tools/util.go new file mode 100644 index 0000000000..c26e5a5de1 --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/util.go @@ -0,0 +1,130 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rand" + "crypto/rsa" + "crypto/sha1" + "crypto/x509" + "crypto/x509/pkix" + "encoding/asn1" + "errors" + "io" + "math/big" +) + +// Make a random 12 byte big.Int +func MakeSerial() *big.Int { + blob := make([]byte, 12) + if _, err := io.ReadFull(rand.Reader, blob); err != nil { + return nil + } + return new(big.Int).SetBytes(blob) +} + +// Choose a X509 signature algorithm suitable for the specified public key +func X509SignatureAlgorithm(pub crypto.PublicKey) x509.SignatureAlgorithm { + switch pub.(type) { + case *rsa.PublicKey: + if ArgRSAPSS { + return x509.SHA256WithRSAPSS + } + return x509.SHA256WithRSA + case *ecdsa.PublicKey: + return x509.ECDSAWithSHA256 + default: + return x509.UnknownSignatureAlgorithm + } +} + +type pkixPublicKey struct { + Algo pkix.AlgorithmIdentifier + BitString asn1.BitString +} + +// Calculcate subject key identifier from a public key per RFC 3280 +func SubjectKeyID(pub crypto.PublicKey) ([]byte, error) { + der, err := x509.MarshalPKIXPublicKey(pub) + if err != nil { + return nil, err + } + // extract the raw "bit string" part of the public key bytes + var pki pkixPublicKey + if rest, err := asn1.Unmarshal(der, &pki); err != nil { + return nil, err + } else if len(rest) != 0 { + return nil, errors.New("trailing garbage on public key") + } + digest := sha1.Sum(pki.BitString.RightAlign()) + return digest[:], nil +} + +// Test whether two public or private keys have the same public key +func SameKey(pub1, pub2 interface{}) bool { + if privkey, ok := pub1.(crypto.Signer); ok { + pub1 = privkey.Public() + } + if privkey, ok := pub2.(crypto.Signer); ok { + pub2 = privkey.Public() + } + switch key1 := pub1.(type) { + case *rsa.PublicKey: + key2, ok := pub2.(*rsa.PublicKey) + return ok && key1.E == key2.E && key1.N.Cmp(key2.N) == 0 + case *ecdsa.PublicKey: + key2, ok := pub2.(*ecdsa.PublicKey) + return ok && key1.X.Cmp(key2.X) == 0 && key1.Y.Cmp(key2.Y) == 0 + default: + return false + } +} + +// Verify an RSA or ECDSA signature +func Verify(pub interface{}, hash crypto.Hash, hashed []byte, sig []byte) error { + switch pubk := pub.(type) { + case *rsa.PublicKey: + return rsa.VerifyPKCS1v15(pubk, hash, hashed, sig) + case *ecdsa.PublicKey: + esig, err := UnmarshalEcdsaSignature(sig) + if err != nil { + return err + } + if !ecdsa.Verify(pubk, hashed, esig.R, esig.S) { + return errors.New("ECDSA verification failed") + } + return nil + } + return errors.New("unsupported public key algorithm") +} + +// Determine the type of a public or private key +func GetPublicKeyAlgorithm(key interface{}) x509.PublicKeyAlgorithm { + if privkey, ok := key.(crypto.Signer); ok { + key = privkey.Public() + } + switch key.(type) { + case *rsa.PublicKey: + return x509.RSA + case *ecdsa.PublicKey: + return x509.ECDSA + default: + return x509.UnknownPublicKeyAlgorithm + } +} diff --git a/vendor/github.com/sassoftware/relic/lib/x509tools/x509cmd.go b/vendor/github.com/sassoftware/relic/lib/x509tools/x509cmd.go new file mode 100644 index 0000000000..ee89eec72b --- /dev/null +++ b/vendor/github.com/sassoftware/relic/lib/x509tools/x509cmd.go @@ -0,0 +1,340 @@ +// +// Copyright (c) SAS Institute Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package x509tools + +import ( + "bytes" + "crypto" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "errors" + "fmt" + "io" + "math/big" + "os" + "strings" + "time" + + "github.com/spf13/cobra" + "golang.org/x/crypto/ssh/terminal" +) + +var ( + ArgCountry string + ArgOrganization string + ArgOrganizationalUnit string + ArgLocality string + ArgProvince string + ArgCommonName string + ArgDNSNames string + ArgEmailNames string + ArgKeyUsage string + ArgExpireDays uint + ArgCertAuthority bool + ArgSerial string + ArgInteractive bool + ArgRSAPSS bool +) + +// Add flags associated with X509 requests to the given command +func AddRequestFlags(cmd *cobra.Command) { + cmd.Flags().StringVar(&ArgCountry, "countryName", "", "Subject name") + cmd.Flags().StringVar(&ArgProvince, "stateOrProvinceName", "", "Subject name") + cmd.Flags().StringVar(&ArgLocality, "localityName", "", "Subject name") + cmd.Flags().StringVar(&ArgOrganization, "organizationName", "", "Subject name") + cmd.Flags().StringVar(&ArgOrganizationalUnit, "organizationalUnitName", "", "Subject name") + cmd.Flags().StringVarP(&ArgCommonName, "commonName", "n", "", "Subject commonName") + cmd.Flags().StringVar(&ArgDNSNames, "alternate-dns", "", "DNS subject alternate name (comma or space separated)") + cmd.Flags().StringVar(&ArgEmailNames, "alternate-email", "", "Email subject alternate name (comma or space separated)") + cmd.Flags().BoolVarP(&ArgInteractive, "interactive", "i", false, "Prompt before signing certificate") + cmd.Flags().BoolVar(&ArgRSAPSS, "rsa-pss", false, "Use RSA-PSS signature") +} + +// Add flags associated with X509 certificate creation to the given command +func AddCertFlags(cmd *cobra.Command) { + AddRequestFlags(cmd) + cmd.Flags().BoolVar(&ArgCertAuthority, "cert-authority", false, "If this certificate is an authority") + cmd.Flags().StringVarP(&ArgKeyUsage, "key-usage", "U", "", "Key usage, one of: serverAuth clientAuth codeSigning emailProtection keyCertSign") + cmd.Flags().UintVarP(&ArgExpireDays, "expire-days", "e", 36523, "Number of days before certificate expires") + cmd.Flags().StringVar(&ArgSerial, "serial", "", "Set the serial number of the certificate. Random if not specified.") +} + +// Split a space- and/or comma-seperated string +func splitAndTrim(s string) []string { + if s == "" { + return nil + } + s = strings.Replace(s, ",", " ", -1) + pieces := strings.Split(s, " ") + ret := make([]string, 0, len(pieces)) + for _, p := range pieces { + p = strings.Trim(p, " ") + if p != "" { + ret = append(ret, p) + } + } + return ret +} + +// Build a subject name from command-line arguments +func subjName() (name pkix.Name) { + if ArgCountry != "" { + name.Country = []string{ArgCountry} + } + if ArgProvince != "" { + name.Province = []string{ArgProvince} + } + if ArgLocality != "" { + name.Locality = []string{ArgLocality} + } + if ArgOrganization != "" { + name.Organization = []string{ArgOrganization} + } + if ArgOrganizationalUnit != "" { + name.OrganizationalUnit = []string{ArgOrganizationalUnit} + } + name.CommonName = ArgCommonName + return +} + +// Set both basic and extended key usage +func setUsage(template *x509.Certificate) error { + usage := x509.KeyUsageDigitalSignature + var extended []x509.ExtKeyUsage + switch strings.ToLower(ArgKeyUsage) { + case "serverauth": + usage |= x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement + extended = append(extended, x509.ExtKeyUsageServerAuth) + case "clientauth": + usage |= x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement + extended = append(extended, x509.ExtKeyUsageClientAuth) + case "codesigning": + extended = append(extended, x509.ExtKeyUsageCodeSigning) + case "emailprotection": + usage |= x509.KeyUsageContentCommitment | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement + extended = append(extended, x509.ExtKeyUsageEmailProtection) + case "keycertsign": + usage |= x509.KeyUsageCertSign | x509.KeyUsageCRLSign + case "": + return nil + default: + return errors.New("invalid key-usage") + } + template.KeyUsage = usage + template.ExtKeyUsage = extended + return nil +} + +func fillCertFields(template *x509.Certificate, subjectPub, issuerPub crypto.PublicKey) error { + if ArgSerial != "" { + serial, ok := new(big.Int).SetString(ArgSerial, 0) + if !ok { + return errors.New("invalid serial number, must be decimal or hexadecimal format") + } + template.SerialNumber = serial + } else if template.SerialNumber == nil { + template.SerialNumber = MakeSerial() + if template.SerialNumber == nil { + return errors.New("Failed to generate a serial number") + } + } + if ArgCommonName != "" { + template.Subject = subjName() + } + if ArgDNSNames != "" { + template.DNSNames = splitAndTrim(ArgDNSNames) + } + if ArgEmailNames != "" { + template.EmailAddresses = splitAndTrim(ArgEmailNames) + } + template.SignatureAlgorithm = X509SignatureAlgorithm(issuerPub) + template.NotBefore = time.Now().Add(time.Hour * -24) + template.NotAfter = time.Now().Add(time.Hour * 24 * time.Duration(ArgExpireDays)) + template.IsCA = ArgCertAuthority + template.BasicConstraintsValid = true + ski, err := SubjectKeyID(subjectPub) + if err != nil { + return err + } + template.SubjectKeyId = ski + return setUsage(template) +} + +func toPemString(der []byte, pemType string) string { + block := &pem.Block{Type: pemType, Bytes: der} + return string(pem.EncodeToMemory(block)) +} + +// Make a X509 certificate request using command-line arguments and return the +// PEM string +func MakeRequest(rand io.Reader, key crypto.Signer) (string, error) { + var template x509.CertificateRequest + template.Subject = subjName() + template.DNSNames = splitAndTrim(ArgDNSNames) + template.EmailAddresses = splitAndTrim(ArgEmailNames) + template.SignatureAlgorithm = X509SignatureAlgorithm(key.Public()) + csr, err := x509.CreateCertificateRequest(rand, &template, key) + if err != nil { + return "", err + } + return toPemString(csr, "CERTIFICATE REQUEST"), nil +} + +// Make a self-signed X509 certificate using command-line arguments and return +// the PEM string +func MakeCertificate(rand io.Reader, key crypto.Signer) (string, error) { + var template x509.Certificate + if err := fillCertFields(&template, key.Public(), key.Public()); err != nil { + return "", err + } + template.Issuer = template.Subject + cert, err := confirmAndCreate(&template, &template, key.Public(), key) + if err != nil { + return "", err + } + return toPemString(cert, "CERTIFICATE"), nil +} + +// SignCSR takes a PKCS#10 signing request in PEM or DER format as input and +// produces a signed certificate in PEM format. Any command-line flags set will +// override the CSR contents. +func SignCSR(csrBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate, copyExtensions bool) (string, error) { + // parse and validate CSR + csrBytes, err := parseMaybePEM(csrBytes, "CERTIFICATE REQUEST") + if err != nil { + return "", err + } + csr, err := x509.ParseCertificateRequest(csrBytes) + if err != nil { + return "", fmt.Errorf("parsing CSR: %s", err) + } + if err := csr.CheckSignature(); err != nil { + return "", fmt.Errorf("validating CSR: %s", err) + } + // update fields + template := &x509.Certificate{Subject: csr.Subject} + if copyExtensions { + template.ExtraExtensions = csr.Extensions + template.DNSNames = csr.DNSNames + template.EmailAddresses = csr.EmailAddresses + template.IPAddresses = csr.IPAddresses + template.URIs = csr.URIs + } + if err := fillCertFields(template, csr.PublicKey, key.Public()); err != nil { + return "", err + } + certDer, err := confirmAndCreate(template, cacert, csr.PublicKey, key) + if err != nil { + return "", err + } + return toPemString(certDer, "CERTIFICATE"), nil +} + +// CrossSign takes a certificate as input and re-signs it using the given key. +// Any command-line flags set will override the CSR contents. +func CrossSign(certBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate) (string, error) { + certBytes, err := parseMaybePEM(certBytes, "CERTIFICATE") + if err != nil { + return "", err + } + template, err := x509.ParseCertificate(certBytes) + if err != nil { + return "", fmt.Errorf("parsing certificate: %s", err) + } + if err := fillCertFields(template, template.PublicKey, key.Public()); err != nil { + return "", err + } + newCert, err := confirmAndCreate(template, cacert, template.PublicKey, key) + if err != nil { + return "", err + } + return toPemString(newCert, "CERTIFICATE"), nil +} + +type fakeSigner struct{ pub crypto.PublicKey } + +func (f fakeSigner) Public() crypto.PublicKey { + return f.pub +} + +func (f fakeSigner) Sign(io.Reader, []byte, crypto.SignerOpts) ([]byte, error) { + return nil, nil +} + +func confirmAndCreate(template, parent *x509.Certificate, pub crypto.PublicKey, priv crypto.PrivateKey) ([]byte, error) { + if ArgInteractive { + // call CreateCertificate with a fake signer to get what the final cert will look like + pub := priv.(crypto.Signer).Public() + der, err := x509.CreateCertificate(rand.Reader, template, parent, pub, fakeSigner{pub}) + if err != nil { + return nil, err + } + cert, err := x509.ParseCertificate(der) + if err != nil { + return nil, err + } + fmt.Fprintln(os.Stderr, "Signing certificate:") + fmt.Fprintln(os.Stderr) + FprintCertificate(os.Stderr, cert) + fmt.Fprintln(os.Stderr) + if !promptYN("Sign this cert? [Y/n] ") { + fmt.Fprintln(os.Stderr, "operation canceled") + os.Exit(2) + } + } + return x509.CreateCertificate(rand.Reader, template, parent, pub, priv) +} + +func promptYN(prompt string) bool { + fmt.Fprint(os.Stderr, prompt) + if !terminal.IsTerminal(0) { + fmt.Fprintln(os.Stderr, "input is not a terminal, assuming true") + return true + } + state, err := terminal.MakeRaw(0) + if err == nil { + defer fmt.Fprintln(os.Stderr) + defer terminal.Restore(0, state) + } + var d [1]byte + if _, err := os.Stdin.Read(d[:]); err != nil { + return false + } + if d[0] == 'Y' || d[0] == 'y' { + return true + } + return false +} + +func parseMaybePEM(blob []byte, pemType string) ([]byte, error) { + if bytes.Contains(blob, []byte("-----BEGIN")) { + for { + var block *pem.Block + block, blob = pem.Decode(blob) + if block == nil { + break + } else if block.Type == pemType { + return block.Bytes, nil + } + } + } else if len(blob) > 0 && blob[0] == 0x30 { + return blob, nil + } + return nil, fmt.Errorf("expected a %s in PEM or DER format", strings.ToLower(pemType)) +} diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/LICENSE b/vendor/github.com/secure-systems-lab/go-securesystemslib/LICENSE new file mode 100644 index 0000000000..e51324f9b5 --- /dev/null +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2021 NYU Secure Systems Lab + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go new file mode 100644 index 0000000000..abc860a491 --- /dev/null +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go @@ -0,0 +1,151 @@ +package cjson + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "reflect" + "sort" + "strings" +) + +/* +encodeCanonicalString is a helper function to canonicalize the passed string +according to the OLPC canonical JSON specification for strings (see +http://wiki.laptop.org/go/Canonical_JSON). String canonicalization consists of +escaping backslashes ("\") and double quotes (") and wrapping the resulting +string in double quotes ("). +*/ +func encodeCanonicalString(s string) string { + // Escape backslashes + s = strings.ReplaceAll(s, "\\", "\\\\") + // Escape double quotes + s = strings.ReplaceAll(s, "\"", "\\\"") + // Wrap with double quotes + return fmt.Sprintf("\"%s\"", s) +} + +/* +encodeCanonical is a helper function to recursively canonicalize the passed +object according to the OLPC canonical JSON specification (see +http://wiki.laptop.org/go/Canonical_JSON) and write it to the passed +*bytes.Buffer. If canonicalization fails it returns an error. +*/ +func encodeCanonical(obj interface{}, result *strings.Builder) (err error) { + switch objAsserted := obj.(type) { + case string: + result.WriteString(encodeCanonicalString(objAsserted)) + + case bool: + if objAsserted { + result.WriteString("true") + } else { + result.WriteString("false") + } + + // The wrapping `EncodeCanonical` function decodes the passed json data with + // `decoder.UseNumber` so that any numeric value is stored as `json.Number` + // (instead of the default `float64`). This allows us to assert that it is a + // non-floating point number, which are the only numbers allowed by the used + // canonicalization specification. + case json.Number: + if _, err := objAsserted.Int64(); err != nil { + panic(fmt.Sprintf("Can't canonicalize floating point number '%s'", + objAsserted)) + } + result.WriteString(objAsserted.String()) + + case nil: + result.WriteString("null") + + // Canonicalize slice + case []interface{}: + result.WriteString("[") + for i, val := range objAsserted { + if err := encodeCanonical(val, result); err != nil { + return err + } + if i < (len(objAsserted) - 1) { + result.WriteString(",") + } + } + result.WriteString("]") + + case map[string]interface{}: + result.WriteString("{") + + // Make a list of keys + var mapKeys []string + for key := range objAsserted { + mapKeys = append(mapKeys, key) + } + // Sort keys + sort.Strings(mapKeys) + + // Canonicalize map + for i, key := range mapKeys { + if err := encodeCanonical(key, result); err != nil { + return err + } + + result.WriteString(":") + if err := encodeCanonical(objAsserted[key], result); err != nil { + return err + } + if i < (len(mapKeys) - 1) { + result.WriteString(",") + } + i++ + } + result.WriteString("}") + + default: + // We recover in a deferred function defined above + panic(fmt.Sprintf("Can't canonicalize '%s' of type '%s'", + objAsserted, reflect.TypeOf(objAsserted))) + } + return nil +} + +/* +EncodeCanonical JSON canonicalizes the passed object and returns it as a byte +slice. It uses the OLPC canonical JSON specification (see +http://wiki.laptop.org/go/Canonical_JSON). If canonicalization fails the byte +slice is nil and the second return value contains the error. +*/ +func EncodeCanonical(obj interface{}) (out []byte, err error) { + // We use panic if an error occurs and recover in a deferred function, + // which is always called before returning. + // There we set the error that is returned eventually. + defer func() { + if r := recover(); r != nil { + err = errors.New(r.(string)) + } + }() + + // FIXME: Terrible hack to turn the passed struct into a map, converting + // the struct's variable names to the json key names defined in the struct + data, err := json.Marshal(obj) + if err != nil { + return nil, err + } + var jsonMap interface{} + + dec := json.NewDecoder(bytes.NewReader(data)) + dec.UseNumber() + if err := dec.Decode(&jsonMap); err != nil { + return nil, err + } + + // Create a buffer and write the canonicalized JSON bytes to it + var result strings.Builder + // Allocate output result buffer with the input size. + result.Grow(len(data)) + // Recursively encode the jsonmap + if err := encodeCanonical(jsonMap, &result); err != nil { + return nil, err + } + + return []byte(result.String()), nil +} diff --git a/vendor/github.com/sigstore/protobuf-specs/COPYRIGHT.txt b/vendor/github.com/sigstore/protobuf-specs/COPYRIGHT.txt new file mode 100644 index 0000000000..8b16ae0122 --- /dev/null +++ b/vendor/github.com/sigstore/protobuf-specs/COPYRIGHT.txt @@ -0,0 +1,14 @@ + +Copyright 2022 The Sigstore Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/vendor/github.com/sigstore/protobuf-specs/LICENSE b/vendor/github.com/sigstore/protobuf-specs/LICENSE new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/vendor/github.com/sigstore/protobuf-specs/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go new file mode 100644 index 0000000000..c32b7567a1 --- /dev/null +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go @@ -0,0 +1,1343 @@ +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.6 +// source: sigstore_common.proto + +package v1 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Only a subset of the secure hash standard algorithms are supported. +// See for more +// details. +// UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force +// any proto JSON serialization to emit the used hash algorithm, as default +// option is to *omit* the default value of an enum (which is the first +// value, represented by '0'. +type HashAlgorithm int32 + +const ( + HashAlgorithm_HASH_ALGORITHM_UNSPECIFIED HashAlgorithm = 0 + HashAlgorithm_SHA2_256 HashAlgorithm = 1 +) + +// Enum value maps for HashAlgorithm. +var ( + HashAlgorithm_name = map[int32]string{ + 0: "HASH_ALGORITHM_UNSPECIFIED", + 1: "SHA2_256", + } + HashAlgorithm_value = map[string]int32{ + "HASH_ALGORITHM_UNSPECIFIED": 0, + "SHA2_256": 1, + } +) + +func (x HashAlgorithm) Enum() *HashAlgorithm { + p := new(HashAlgorithm) + *p = x + return p +} + +func (x HashAlgorithm) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (HashAlgorithm) Descriptor() protoreflect.EnumDescriptor { + return file_sigstore_common_proto_enumTypes[0].Descriptor() +} + +func (HashAlgorithm) Type() protoreflect.EnumType { + return &file_sigstore_common_proto_enumTypes[0] +} + +func (x HashAlgorithm) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use HashAlgorithm.Descriptor instead. +func (HashAlgorithm) EnumDescriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{0} +} + +// Details of a specific public key, capturing the the key encoding method, +// and signature algorithm. +// To avoid the possibility of contradicting formats such as PKCS1 with +// ED25519 the valid permutations are listed as a linear set instead of a +// cartesian set (i.e one combined variable instead of two, one for encoding +// and one for the signature algorithm). +type PublicKeyDetails int32 + +const ( + PublicKeyDetails_PUBLIC_KEY_DETAILS_UNSPECIFIED PublicKeyDetails = 0 + // RSA + PublicKeyDetails_PKCS1_RSA_PKCS1V5 PublicKeyDetails = 1 // See RFC8017 + PublicKeyDetails_PKCS1_RSA_PSS PublicKeyDetails = 2 // See RFC8017 + PublicKeyDetails_PKIX_RSA_PKCS1V5 PublicKeyDetails = 3 + PublicKeyDetails_PKIX_RSA_PSS PublicKeyDetails = 4 + // ECDSA + PublicKeyDetails_PKIX_ECDSA_P256_SHA_256 PublicKeyDetails = 5 // See NIST FIPS 186-4 + PublicKeyDetails_PKIX_ECDSA_P256_HMAC_SHA_256 PublicKeyDetails = 6 // See RFC6979 + // Ed 25519 + PublicKeyDetails_PKIX_ED25519 PublicKeyDetails = 7 // See RFC8032 +) + +// Enum value maps for PublicKeyDetails. +var ( + PublicKeyDetails_name = map[int32]string{ + 0: "PUBLIC_KEY_DETAILS_UNSPECIFIED", + 1: "PKCS1_RSA_PKCS1V5", + 2: "PKCS1_RSA_PSS", + 3: "PKIX_RSA_PKCS1V5", + 4: "PKIX_RSA_PSS", + 5: "PKIX_ECDSA_P256_SHA_256", + 6: "PKIX_ECDSA_P256_HMAC_SHA_256", + 7: "PKIX_ED25519", + } + PublicKeyDetails_value = map[string]int32{ + "PUBLIC_KEY_DETAILS_UNSPECIFIED": 0, + "PKCS1_RSA_PKCS1V5": 1, + "PKCS1_RSA_PSS": 2, + "PKIX_RSA_PKCS1V5": 3, + "PKIX_RSA_PSS": 4, + "PKIX_ECDSA_P256_SHA_256": 5, + "PKIX_ECDSA_P256_HMAC_SHA_256": 6, + "PKIX_ED25519": 7, + } +) + +func (x PublicKeyDetails) Enum() *PublicKeyDetails { + p := new(PublicKeyDetails) + *p = x + return p +} + +func (x PublicKeyDetails) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (PublicKeyDetails) Descriptor() protoreflect.EnumDescriptor { + return file_sigstore_common_proto_enumTypes[1].Descriptor() +} + +func (PublicKeyDetails) Type() protoreflect.EnumType { + return &file_sigstore_common_proto_enumTypes[1] +} + +func (x PublicKeyDetails) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use PublicKeyDetails.Descriptor instead. +func (PublicKeyDetails) EnumDescriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{1} +} + +type SubjectAlternativeNameType int32 + +const ( + SubjectAlternativeNameType_SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED SubjectAlternativeNameType = 0 + SubjectAlternativeNameType_EMAIL SubjectAlternativeNameType = 1 + SubjectAlternativeNameType_URI SubjectAlternativeNameType = 2 + // OID 1.3.6.1.4.1.57264.1.7 + // See https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726417--othername-san + // for more details. + SubjectAlternativeNameType_OTHER_NAME SubjectAlternativeNameType = 3 +) + +// Enum value maps for SubjectAlternativeNameType. +var ( + SubjectAlternativeNameType_name = map[int32]string{ + 0: "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED", + 1: "EMAIL", + 2: "URI", + 3: "OTHER_NAME", + } + SubjectAlternativeNameType_value = map[string]int32{ + "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED": 0, + "EMAIL": 1, + "URI": 2, + "OTHER_NAME": 3, + } +) + +func (x SubjectAlternativeNameType) Enum() *SubjectAlternativeNameType { + p := new(SubjectAlternativeNameType) + *p = x + return p +} + +func (x SubjectAlternativeNameType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (SubjectAlternativeNameType) Descriptor() protoreflect.EnumDescriptor { + return file_sigstore_common_proto_enumTypes[2].Descriptor() +} + +func (SubjectAlternativeNameType) Type() protoreflect.EnumType { + return &file_sigstore_common_proto_enumTypes[2] +} + +func (x SubjectAlternativeNameType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use SubjectAlternativeNameType.Descriptor instead. +func (SubjectAlternativeNameType) EnumDescriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{2} +} + +// HashOutput captures a digest of a 'message' (generic octet sequence) +// and the corresponding hash algorithm used. +type HashOutput struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Algorithm HashAlgorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=dev.sigstore.common.v1.HashAlgorithm" json:"algorithm,omitempty"` + // This is the raw octets of the message digest as computed by + // the hash algorithm. + Digest []byte `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest,omitempty"` +} + +func (x *HashOutput) Reset() { + *x = HashOutput{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HashOutput) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HashOutput) ProtoMessage() {} + +func (x *HashOutput) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HashOutput.ProtoReflect.Descriptor instead. +func (*HashOutput) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{0} +} + +func (x *HashOutput) GetAlgorithm() HashAlgorithm { + if x != nil { + return x.Algorithm + } + return HashAlgorithm_HASH_ALGORITHM_UNSPECIFIED +} + +func (x *HashOutput) GetDigest() []byte { + if x != nil { + return x.Digest + } + return nil +} + +// MessageSignature stores the computed signature over a message. +type MessageSignature struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Message digest can be used to identify the artifact. + MessageDigest *HashOutput `protobuf:"bytes,1,opt,name=message_digest,json=messageDigest,proto3" json:"message_digest,omitempty"` + // The raw bytes as returned from the signature algorithm. + // The signature algorithm (and so the format of the signature bytes) + // are determined by the contents of the 'verification_material', + // either a key-pair or a certificate. If using a certificate, the + // certificate contains the required information on the signature + // algorithm. + // When using a key pair, the algorithm MUST be part of the public + // key, which MUST be communicated out-of-band. + Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` +} + +func (x *MessageSignature) Reset() { + *x = MessageSignature{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MessageSignature) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MessageSignature) ProtoMessage() {} + +func (x *MessageSignature) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MessageSignature.ProtoReflect.Descriptor instead. +func (*MessageSignature) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{1} +} + +func (x *MessageSignature) GetMessageDigest() *HashOutput { + if x != nil { + return x.MessageDigest + } + return nil +} + +func (x *MessageSignature) GetSignature() []byte { + if x != nil { + return x.Signature + } + return nil +} + +// LogId captures the identity of a transparency log. +type LogId struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The unique id of the log, represented as the SHA-256 hash + // of the log's public key, computed over the DER encoding. + // + KeyId []byte `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` +} + +func (x *LogId) Reset() { + *x = LogId{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LogId) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LogId) ProtoMessage() {} + +func (x *LogId) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LogId.ProtoReflect.Descriptor instead. +func (*LogId) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{2} +} + +func (x *LogId) GetKeyId() []byte { + if x != nil { + return x.KeyId + } + return nil +} + +// This message holds a RFC 3161 timestamp. +type RFC3161SignedTimestamp struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Signed timestamp is the DER encoded TimeStampResponse. + // See https://www.rfc-editor.org/rfc/rfc3161.html#section-2.4.2 + SignedTimestamp []byte `protobuf:"bytes,1,opt,name=signed_timestamp,json=signedTimestamp,proto3" json:"signed_timestamp,omitempty"` +} + +func (x *RFC3161SignedTimestamp) Reset() { + *x = RFC3161SignedTimestamp{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RFC3161SignedTimestamp) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RFC3161SignedTimestamp) ProtoMessage() {} + +func (x *RFC3161SignedTimestamp) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RFC3161SignedTimestamp.ProtoReflect.Descriptor instead. +func (*RFC3161SignedTimestamp) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{3} +} + +func (x *RFC3161SignedTimestamp) GetSignedTimestamp() []byte { + if x != nil { + return x.SignedTimestamp + } + return nil +} + +type PublicKey struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // DER-encoded public key, encoding method is specified by the + // key_details attribute. + RawBytes []byte `protobuf:"bytes,1,opt,name=raw_bytes,json=rawBytes,proto3,oneof" json:"raw_bytes,omitempty"` + // Key encoding and signature algorithm to use for this key. + KeyDetails PublicKeyDetails `protobuf:"varint,2,opt,name=key_details,json=keyDetails,proto3,enum=dev.sigstore.common.v1.PublicKeyDetails" json:"key_details,omitempty"` + // Optional validity period for this key. + ValidFor *TimeRange `protobuf:"bytes,3,opt,name=valid_for,json=validFor,proto3,oneof" json:"valid_for,omitempty"` +} + +func (x *PublicKey) Reset() { + *x = PublicKey{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PublicKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PublicKey) ProtoMessage() {} + +func (x *PublicKey) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PublicKey.ProtoReflect.Descriptor instead. +func (*PublicKey) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{4} +} + +func (x *PublicKey) GetRawBytes() []byte { + if x != nil { + return x.RawBytes + } + return nil +} + +func (x *PublicKey) GetKeyDetails() PublicKeyDetails { + if x != nil { + return x.KeyDetails + } + return PublicKeyDetails_PUBLIC_KEY_DETAILS_UNSPECIFIED +} + +func (x *PublicKey) GetValidFor() *TimeRange { + if x != nil { + return x.ValidFor + } + return nil +} + +// PublicKeyIdentifier can be used to identify an (out of band) delivered +// key, to verify a signature. +type PublicKeyIdentifier struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Optional unauthenticated hint on which key to use. + // The format of the hint must be agreed upon out of band by the + // signer and the verifiers, and so is not subject to this + // specification. + // Example use-case is to specify the public key to use, from a + // trusted key-ring. + // Implementors are RECOMMENDED to derive the value from the public + // key as described in RFC 6962. + // See: + Hint string `protobuf:"bytes,1,opt,name=hint,proto3" json:"hint,omitempty"` +} + +func (x *PublicKeyIdentifier) Reset() { + *x = PublicKeyIdentifier{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PublicKeyIdentifier) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PublicKeyIdentifier) ProtoMessage() {} + +func (x *PublicKeyIdentifier) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PublicKeyIdentifier.ProtoReflect.Descriptor instead. +func (*PublicKeyIdentifier) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{5} +} + +func (x *PublicKeyIdentifier) GetHint() string { + if x != nil { + return x.Hint + } + return "" +} + +// An ASN.1 OBJECT IDENTIFIER +type ObjectIdentifier struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id []int32 `protobuf:"varint,1,rep,packed,name=id,proto3" json:"id,omitempty"` +} + +func (x *ObjectIdentifier) Reset() { + *x = ObjectIdentifier{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ObjectIdentifier) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ObjectIdentifier) ProtoMessage() {} + +func (x *ObjectIdentifier) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ObjectIdentifier.ProtoReflect.Descriptor instead. +func (*ObjectIdentifier) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{6} +} + +func (x *ObjectIdentifier) GetId() []int32 { + if x != nil { + return x.Id + } + return nil +} + +// An OID and the corresponding (byte) value. +type ObjectIdentifierValuePair struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Oid *ObjectIdentifier `protobuf:"bytes,1,opt,name=oid,proto3" json:"oid,omitempty"` + Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` +} + +func (x *ObjectIdentifierValuePair) Reset() { + *x = ObjectIdentifierValuePair{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ObjectIdentifierValuePair) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ObjectIdentifierValuePair) ProtoMessage() {} + +func (x *ObjectIdentifierValuePair) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ObjectIdentifierValuePair.ProtoReflect.Descriptor instead. +func (*ObjectIdentifierValuePair) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{7} +} + +func (x *ObjectIdentifierValuePair) GetOid() *ObjectIdentifier { + if x != nil { + return x.Oid + } + return nil +} + +func (x *ObjectIdentifierValuePair) GetValue() []byte { + if x != nil { + return x.Value + } + return nil +} + +type DistinguishedName struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Organization string `protobuf:"bytes,1,opt,name=organization,proto3" json:"organization,omitempty"` + CommonName string `protobuf:"bytes,2,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"` +} + +func (x *DistinguishedName) Reset() { + *x = DistinguishedName{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DistinguishedName) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DistinguishedName) ProtoMessage() {} + +func (x *DistinguishedName) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DistinguishedName.ProtoReflect.Descriptor instead. +func (*DistinguishedName) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{8} +} + +func (x *DistinguishedName) GetOrganization() string { + if x != nil { + return x.Organization + } + return "" +} + +func (x *DistinguishedName) GetCommonName() string { + if x != nil { + return x.CommonName + } + return "" +} + +type X509Certificate struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // DER-encoded X.509 certificate. + RawBytes []byte `protobuf:"bytes,1,opt,name=raw_bytes,json=rawBytes,proto3" json:"raw_bytes,omitempty"` +} + +func (x *X509Certificate) Reset() { + *x = X509Certificate{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *X509Certificate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*X509Certificate) ProtoMessage() {} + +func (x *X509Certificate) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use X509Certificate.ProtoReflect.Descriptor instead. +func (*X509Certificate) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{9} +} + +func (x *X509Certificate) GetRawBytes() []byte { + if x != nil { + return x.RawBytes + } + return nil +} + +type SubjectAlternativeName struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type SubjectAlternativeNameType `protobuf:"varint,1,opt,name=type,proto3,enum=dev.sigstore.common.v1.SubjectAlternativeNameType" json:"type,omitempty"` + // Types that are assignable to Identity: + // *SubjectAlternativeName_Regexp + // *SubjectAlternativeName_Value + Identity isSubjectAlternativeName_Identity `protobuf_oneof:"identity"` +} + +func (x *SubjectAlternativeName) Reset() { + *x = SubjectAlternativeName{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SubjectAlternativeName) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SubjectAlternativeName) ProtoMessage() {} + +func (x *SubjectAlternativeName) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SubjectAlternativeName.ProtoReflect.Descriptor instead. +func (*SubjectAlternativeName) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{10} +} + +func (x *SubjectAlternativeName) GetType() SubjectAlternativeNameType { + if x != nil { + return x.Type + } + return SubjectAlternativeNameType_SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED +} + +func (m *SubjectAlternativeName) GetIdentity() isSubjectAlternativeName_Identity { + if m != nil { + return m.Identity + } + return nil +} + +func (x *SubjectAlternativeName) GetRegexp() string { + if x, ok := x.GetIdentity().(*SubjectAlternativeName_Regexp); ok { + return x.Regexp + } + return "" +} + +func (x *SubjectAlternativeName) GetValue() string { + if x, ok := x.GetIdentity().(*SubjectAlternativeName_Value); ok { + return x.Value + } + return "" +} + +type isSubjectAlternativeName_Identity interface { + isSubjectAlternativeName_Identity() +} + +type SubjectAlternativeName_Regexp struct { + // A regular expression describing the expected value for + // the SAN. + Regexp string `protobuf:"bytes,2,opt,name=regexp,proto3,oneof"` +} + +type SubjectAlternativeName_Value struct { + // The exact value to match against. + Value string `protobuf:"bytes,3,opt,name=value,proto3,oneof"` +} + +func (*SubjectAlternativeName_Regexp) isSubjectAlternativeName_Identity() {} + +func (*SubjectAlternativeName_Value) isSubjectAlternativeName_Identity() {} + +// A chain of X.509 certificates. +type X509CertificateChain struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The chain of certificates, with indices 0 to n. + // The first certificate in the array must be the leaf + // certificate used for signing. Any intermediate certificates + // must be stored as offset 1 to n-1, and the root certificate at + // position n. + Certificates []*X509Certificate `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"` +} + +func (x *X509CertificateChain) Reset() { + *x = X509CertificateChain{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *X509CertificateChain) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*X509CertificateChain) ProtoMessage() {} + +func (x *X509CertificateChain) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use X509CertificateChain.ProtoReflect.Descriptor instead. +func (*X509CertificateChain) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{11} +} + +func (x *X509CertificateChain) GetCertificates() []*X509Certificate { + if x != nil { + return x.Certificates + } + return nil +} + +// The time range is half-open and does not include the end timestamp, +// i.e [start, end). +// End is optional to be able to capture a period that has started but +// has no known end. +type TimeRange struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Start *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=start,proto3" json:"start,omitempty"` + End *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=end,proto3,oneof" json:"end,omitempty"` +} + +func (x *TimeRange) Reset() { + *x = TimeRange{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_common_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TimeRange) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TimeRange) ProtoMessage() {} + +func (x *TimeRange) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_common_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TimeRange.ProtoReflect.Descriptor instead. +func (*TimeRange) Descriptor() ([]byte, []int) { + return file_sigstore_common_proto_rawDescGZIP(), []int{12} +} + +func (x *TimeRange) GetStart() *timestamppb.Timestamp { + if x != nil { + return x.Start + } + return nil +} + +func (x *TimeRange) GetEnd() *timestamppb.Timestamp { + if x != nil { + return x.End + } + return nil +} + +var File_sigstore_common_proto protoreflect.FileDescriptor + +var file_sigstore_common_proto_rawDesc = []byte{ + 0x0a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x16, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x1a, + 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, + 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0x69, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x12, + 0x43, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, + 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, + 0x69, 0x74, 0x68, 0x6d, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x85, 0x01, 0x0a, + 0x10, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x12, 0x4e, 0x0a, 0x0e, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x64, 0x69, 0x67, + 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, + 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x03, 0xe0, + 0x41, 0x02, 0x52, 0x0d, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x44, 0x69, 0x67, 0x65, 0x73, + 0x74, 0x12, 0x21, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x22, 0x23, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x1a, 0x0a, + 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, + 0x41, 0x02, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x22, 0x48, 0x0a, 0x16, 0x52, 0x46, 0x43, + 0x33, 0x31, 0x36, 0x31, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x12, 0x2e, 0x0a, 0x10, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x74, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, + 0x41, 0x02, 0x52, 0x0f, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x22, 0xd9, 0x01, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, + 0x79, 0x12, 0x20, 0x0a, 0x09, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, + 0x88, 0x01, 0x01, 0x12, 0x49, 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, + 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, + 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, + 0x6c, 0x73, 0x52, 0x0a, 0x6b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x43, + 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, + 0x61, 0x6e, 0x67, 0x65, 0x48, 0x01, 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, + 0x88, 0x01, 0x01, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, + 0x73, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x22, + 0x29, 0x0a, 0x13, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x22, 0x27, 0x0a, 0x10, 0x4f, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x13, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, + 0x02, 0x69, 0x64, 0x22, 0x6d, 0x0a, 0x19, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x61, 0x69, 0x72, + 0x12, 0x3a, 0x0a, 0x03, 0x6f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, + 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x52, 0x03, 0x6f, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x22, 0x58, 0x0a, 0x11, 0x44, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x75, 0x69, 0x73, + 0x68, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, + 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x6f, + 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0a, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x33, 0x0a, 0x0f, + 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, + 0x20, 0x0a, 0x09, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, + 0x73, 0x22, 0x9e, 0x01, 0x0a, 0x16, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x46, 0x0a, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, + 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, 0x12, 0x16, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x0a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x74, 0x79, 0x22, 0x63, 0x0a, 0x14, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x4b, 0x0a, 0x0c, 0x63, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x22, 0x78, 0x0a, 0x09, 0x54, 0x69, 0x6d, 0x65, 0x52, + 0x61, 0x6e, 0x67, 0x65, 0x12, 0x30, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x31, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x48, + 0x00, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x88, 0x01, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x65, 0x6e, + 0x64, 0x2a, 0x3d, 0x0a, 0x0d, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, + 0x68, 0x6d, 0x12, 0x1e, 0x0a, 0x1a, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, + 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, + 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, + 0x2a, 0xd9, 0x01, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, + 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, + 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, 0x4c, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, + 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x50, 0x4b, 0x43, + 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x01, + 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, + 0x53, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, + 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x35, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, 0x49, + 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x50, + 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, + 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, + 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, + 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x4b, + 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, 0x2a, 0x6f, 0x0a, 0x1a, + 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, + 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, + 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, + 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, + 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, + 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, + 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, 0x65, 0x0a, + 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, + 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_sigstore_common_proto_rawDescOnce sync.Once + file_sigstore_common_proto_rawDescData = file_sigstore_common_proto_rawDesc +) + +func file_sigstore_common_proto_rawDescGZIP() []byte { + file_sigstore_common_proto_rawDescOnce.Do(func() { + file_sigstore_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_sigstore_common_proto_rawDescData) + }) + return file_sigstore_common_proto_rawDescData +} + +var file_sigstore_common_proto_enumTypes = make([]protoimpl.EnumInfo, 3) +var file_sigstore_common_proto_msgTypes = make([]protoimpl.MessageInfo, 13) +var file_sigstore_common_proto_goTypes = []interface{}{ + (HashAlgorithm)(0), // 0: dev.sigstore.common.v1.HashAlgorithm + (PublicKeyDetails)(0), // 1: dev.sigstore.common.v1.PublicKeyDetails + (SubjectAlternativeNameType)(0), // 2: dev.sigstore.common.v1.SubjectAlternativeNameType + (*HashOutput)(nil), // 3: dev.sigstore.common.v1.HashOutput + (*MessageSignature)(nil), // 4: dev.sigstore.common.v1.MessageSignature + (*LogId)(nil), // 5: dev.sigstore.common.v1.LogId + (*RFC3161SignedTimestamp)(nil), // 6: dev.sigstore.common.v1.RFC3161SignedTimestamp + (*PublicKey)(nil), // 7: dev.sigstore.common.v1.PublicKey + (*PublicKeyIdentifier)(nil), // 8: dev.sigstore.common.v1.PublicKeyIdentifier + (*ObjectIdentifier)(nil), // 9: dev.sigstore.common.v1.ObjectIdentifier + (*ObjectIdentifierValuePair)(nil), // 10: dev.sigstore.common.v1.ObjectIdentifierValuePair + (*DistinguishedName)(nil), // 11: dev.sigstore.common.v1.DistinguishedName + (*X509Certificate)(nil), // 12: dev.sigstore.common.v1.X509Certificate + (*SubjectAlternativeName)(nil), // 13: dev.sigstore.common.v1.SubjectAlternativeName + (*X509CertificateChain)(nil), // 14: dev.sigstore.common.v1.X509CertificateChain + (*TimeRange)(nil), // 15: dev.sigstore.common.v1.TimeRange + (*timestamppb.Timestamp)(nil), // 16: google.protobuf.Timestamp +} +var file_sigstore_common_proto_depIdxs = []int32{ + 0, // 0: dev.sigstore.common.v1.HashOutput.algorithm:type_name -> dev.sigstore.common.v1.HashAlgorithm + 3, // 1: dev.sigstore.common.v1.MessageSignature.message_digest:type_name -> dev.sigstore.common.v1.HashOutput + 1, // 2: dev.sigstore.common.v1.PublicKey.key_details:type_name -> dev.sigstore.common.v1.PublicKeyDetails + 15, // 3: dev.sigstore.common.v1.PublicKey.valid_for:type_name -> dev.sigstore.common.v1.TimeRange + 9, // 4: dev.sigstore.common.v1.ObjectIdentifierValuePair.oid:type_name -> dev.sigstore.common.v1.ObjectIdentifier + 2, // 5: dev.sigstore.common.v1.SubjectAlternativeName.type:type_name -> dev.sigstore.common.v1.SubjectAlternativeNameType + 12, // 6: dev.sigstore.common.v1.X509CertificateChain.certificates:type_name -> dev.sigstore.common.v1.X509Certificate + 16, // 7: dev.sigstore.common.v1.TimeRange.start:type_name -> google.protobuf.Timestamp + 16, // 8: dev.sigstore.common.v1.TimeRange.end:type_name -> google.protobuf.Timestamp + 9, // [9:9] is the sub-list for method output_type + 9, // [9:9] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name +} + +func init() { file_sigstore_common_proto_init() } +func file_sigstore_common_proto_init() { + if File_sigstore_common_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_sigstore_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HashOutput); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MessageSignature); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LogId); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RFC3161SignedTimestamp); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PublicKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PublicKeyIdentifier); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ObjectIdentifier); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ObjectIdentifierValuePair); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DistinguishedName); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*X509Certificate); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SubjectAlternativeName); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*X509CertificateChain); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_common_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TimeRange); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_sigstore_common_proto_msgTypes[4].OneofWrappers = []interface{}{} + file_sigstore_common_proto_msgTypes[10].OneofWrappers = []interface{}{ + (*SubjectAlternativeName_Regexp)(nil), + (*SubjectAlternativeName_Value)(nil), + } + file_sigstore_common_proto_msgTypes[12].OneofWrappers = []interface{}{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sigstore_common_proto_rawDesc, + NumEnums: 3, + NumMessages: 13, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sigstore_common_proto_goTypes, + DependencyIndexes: file_sigstore_common_proto_depIdxs, + EnumInfos: file_sigstore_common_proto_enumTypes, + MessageInfos: file_sigstore_common_proto_msgTypes, + }.Build() + File_sigstore_common_proto = out.File + file_sigstore_common_proto_rawDesc = nil + file_sigstore_common_proto_goTypes = nil + file_sigstore_common_proto_depIdxs = nil +} diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go new file mode 100644 index 0000000000..66cf0305b3 --- /dev/null +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go @@ -0,0 +1,606 @@ +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.6 +// source: sigstore_rekor.proto + +package v1 + +import ( + v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// KindVersion contains the entry's kind and api version. +type KindVersion struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Kind is the type of entry being stored in the log. + // See here for a list: https://github.com/sigstore/rekor/tree/main/pkg/types + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + // The specific api version of the type. + Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` +} + +func (x *KindVersion) Reset() { + *x = KindVersion{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_rekor_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *KindVersion) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KindVersion) ProtoMessage() {} + +func (x *KindVersion) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_rekor_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KindVersion.ProtoReflect.Descriptor instead. +func (*KindVersion) Descriptor() ([]byte, []int) { + return file_sigstore_rekor_proto_rawDescGZIP(), []int{0} +} + +func (x *KindVersion) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *KindVersion) GetVersion() string { + if x != nil { + return x.Version + } + return "" +} + +// The checkpoint contains a signature of the tree head (root hash), +// size of the tree, the transparency log's unique identifier (log ID), +// hostname and the current time. +// The result is a string, the format is described here +// https://github.com/transparency-dev/formats/blob/main/log/README.md +// The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114 +// The signature has the same format as +// InclusionPromise.signed_entry_timestamp. See below for more details. +type Checkpoint struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Envelope string `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"` +} + +func (x *Checkpoint) Reset() { + *x = Checkpoint{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_rekor_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Checkpoint) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Checkpoint) ProtoMessage() {} + +func (x *Checkpoint) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_rekor_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Checkpoint.ProtoReflect.Descriptor instead. +func (*Checkpoint) Descriptor() ([]byte, []int) { + return file_sigstore_rekor_proto_rawDescGZIP(), []int{1} +} + +func (x *Checkpoint) GetEnvelope() string { + if x != nil { + return x.Envelope + } + return "" +} + +// InclusionProof is the proof returned from the transparency log. Can +// be used for on line verification against the log. +type InclusionProof struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The index of the entry in the log. + LogIndex int64 `protobuf:"varint,1,opt,name=log_index,json=logIndex,proto3" json:"log_index,omitempty"` + // The hash digest stored at the root of the merkle tree at the time + // the proof was generated. + RootHash []byte `protobuf:"bytes,2,opt,name=root_hash,json=rootHash,proto3" json:"root_hash,omitempty"` + // The size of the merkle tree at the time the proof was generated. + TreeSize int64 `protobuf:"varint,3,opt,name=tree_size,json=treeSize,proto3" json:"tree_size,omitempty"` + // A list of hashes required to compute the inclusion proof, sorted + // in order from leaf to root. + // Not that leaf and root hashes are not included. + // The root has is available separately in this message, and the + // leaf hash should be calculated by the client. + Hashes [][]byte `protobuf:"bytes,4,rep,name=hashes,proto3" json:"hashes,omitempty"` + // Signature of the tree head, as of the time of this proof was + // generated. See above info on 'Checkpoint' for more details. + Checkpoint *Checkpoint `protobuf:"bytes,5,opt,name=checkpoint,proto3" json:"checkpoint,omitempty"` +} + +func (x *InclusionProof) Reset() { + *x = InclusionProof{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_rekor_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *InclusionProof) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InclusionProof) ProtoMessage() {} + +func (x *InclusionProof) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_rekor_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InclusionProof.ProtoReflect.Descriptor instead. +func (*InclusionProof) Descriptor() ([]byte, []int) { + return file_sigstore_rekor_proto_rawDescGZIP(), []int{2} +} + +func (x *InclusionProof) GetLogIndex() int64 { + if x != nil { + return x.LogIndex + } + return 0 +} + +func (x *InclusionProof) GetRootHash() []byte { + if x != nil { + return x.RootHash + } + return nil +} + +func (x *InclusionProof) GetTreeSize() int64 { + if x != nil { + return x.TreeSize + } + return 0 +} + +func (x *InclusionProof) GetHashes() [][]byte { + if x != nil { + return x.Hashes + } + return nil +} + +func (x *InclusionProof) GetCheckpoint() *Checkpoint { + if x != nil { + return x.Checkpoint + } + return nil +} + +// The inclusion promise is calculated by Rekor. It's calculated as a +// signature over a canonical JSON serialization of the persisted entry, the +// log ID, log index and the integration timestamp. +// See https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/api/entries.go#L54 +// The format of the signature depends on the transparency log's public key. +// If the signature algorithm requires a hash function and/or a signature +// scheme (e.g. RSA) those has to be retrieved out-of-band from the log's +// operators, together with the public key. +// This is used to verify the integration timestamp's value and that the log +// has promised to include the entry. +type InclusionPromise struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SignedEntryTimestamp []byte `protobuf:"bytes,1,opt,name=signed_entry_timestamp,json=signedEntryTimestamp,proto3" json:"signed_entry_timestamp,omitempty"` +} + +func (x *InclusionPromise) Reset() { + *x = InclusionPromise{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_rekor_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *InclusionPromise) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InclusionPromise) ProtoMessage() {} + +func (x *InclusionPromise) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_rekor_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InclusionPromise.ProtoReflect.Descriptor instead. +func (*InclusionPromise) Descriptor() ([]byte, []int) { + return file_sigstore_rekor_proto_rawDescGZIP(), []int{3} +} + +func (x *InclusionPromise) GetSignedEntryTimestamp() []byte { + if x != nil { + return x.SignedEntryTimestamp + } + return nil +} + +// TransparencyLogEntry captures all the details required from Rekor to +// reconstruct an entry, given that the payload is provided via other means. +// This type can easily be created from the existing response from Rekor. +// Future iterations could rely on Rekor returning the minimal set of +// attributes (excluding the payload) that are required for verifying the +// inclusion promise. The inclusion promise (called SignedEntryTimestamp in +// the response from Rekor) is similar to a Signed Certificate Timestamp +// as described here https://www.rfc-editor.org/rfc/rfc9162#name-signed-certificate-timestam. +type TransparencyLogEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The index of the entry in the log. + LogIndex int64 `protobuf:"varint,1,opt,name=log_index,json=logIndex,proto3" json:"log_index,omitempty"` + // The unique identifier of the log. + LogId *v1.LogId `protobuf:"bytes,2,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"` + // The kind (type) and version of the object associated with this + // entry. These values are required to construct the entry during + // verification. + KindVersion *KindVersion `protobuf:"bytes,3,opt,name=kind_version,json=kindVersion,proto3" json:"kind_version,omitempty"` + // The UNIX timestamp from the log when the entry was persisted. + IntegratedTime int64 `protobuf:"varint,4,opt,name=integrated_time,json=integratedTime,proto3" json:"integrated_time,omitempty"` + // The inclusion promise/signed entry timestamp from the log. + InclusionPromise *InclusionPromise `protobuf:"bytes,5,opt,name=inclusion_promise,json=inclusionPromise,proto3" json:"inclusion_promise,omitempty"` + // The inclusion proof can be used for online verification that the + // entry was appended to the log, and that the log has not been + // altered. + InclusionProof *InclusionProof `protobuf:"bytes,6,opt,name=inclusion_proof,json=inclusionProof,proto3" json:"inclusion_proof,omitempty"` + // The canonicalized Rekor entry body, used for SET verification. This + // is the same as the body returned by Rekor. It's included here for + // cases where the client cannot deterministically reconstruct the + // bundle from the other fields. Clients MUST verify that the signature + // referenced in the canonicalized_body matches the signature provided + // in the bundle content. + CanonicalizedBody []byte `protobuf:"bytes,7,opt,name=canonicalized_body,json=canonicalizedBody,proto3" json:"canonicalized_body,omitempty"` +} + +func (x *TransparencyLogEntry) Reset() { + *x = TransparencyLogEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_rekor_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TransparencyLogEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TransparencyLogEntry) ProtoMessage() {} + +func (x *TransparencyLogEntry) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_rekor_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TransparencyLogEntry.ProtoReflect.Descriptor instead. +func (*TransparencyLogEntry) Descriptor() ([]byte, []int) { + return file_sigstore_rekor_proto_rawDescGZIP(), []int{4} +} + +func (x *TransparencyLogEntry) GetLogIndex() int64 { + if x != nil { + return x.LogIndex + } + return 0 +} + +func (x *TransparencyLogEntry) GetLogId() *v1.LogId { + if x != nil { + return x.LogId + } + return nil +} + +func (x *TransparencyLogEntry) GetKindVersion() *KindVersion { + if x != nil { + return x.KindVersion + } + return nil +} + +func (x *TransparencyLogEntry) GetIntegratedTime() int64 { + if x != nil { + return x.IntegratedTime + } + return 0 +} + +func (x *TransparencyLogEntry) GetInclusionPromise() *InclusionPromise { + if x != nil { + return x.InclusionPromise + } + return nil +} + +func (x *TransparencyLogEntry) GetInclusionProof() *InclusionProof { + if x != nil { + return x.InclusionProof + } + return nil +} + +func (x *TransparencyLogEntry) GetCanonicalizedBody() []byte { + if x != nil { + return x.CanonicalizedBody + } + return nil +} + +var File_sigstore_rekor_proto protoreflect.FileDescriptor + +var file_sigstore_rekor_proto_rawDesc = []byte{ + 0x0a, 0x14, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x6b, 0x6f, 0x72, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x1a, 0x15, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x3b, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x22, 0x28, 0x0a, 0x0a, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, + 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x22, 0xc2, 0x01, 0x0a, 0x0e, + 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x1b, + 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x03, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x72, + 0x6f, 0x6f, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, + 0x72, 0x6f, 0x6f, 0x74, 0x48, 0x61, 0x73, 0x68, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x72, 0x65, 0x65, + 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x74, 0x72, 0x65, + 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x12, 0x41, 0x0a, + 0x0a, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x70, + 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x0a, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, + 0x22, 0x48, 0x0a, 0x10, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, + 0x6d, 0x69, 0x73, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x14, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xae, 0x03, 0x0a, 0x14, 0x54, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x64, 0x65, 0x78, + 0x12, 0x34, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x49, 0x64, 0x52, + 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x0c, 0x6b, 0x69, 0x6e, 0x64, 0x5f, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, + 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, + 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x52, 0x0b, 0x6b, 0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x27, 0x0a, + 0x0f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, + 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x54, 0x0a, 0x11, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, + 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, + 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x52, 0x10, 0x69, 0x6e, 0x63, 0x6c, + 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x12, 0x4e, 0x0a, 0x0f, + 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, + 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x0e, 0x69, 0x6e, + 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x2d, 0x0a, 0x12, + 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x62, 0x6f, + 0x64, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, + 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x42, 0x6f, 0x64, 0x79, 0x42, 0x62, 0x0a, 0x1b, 0x64, + 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x52, 0x65, 0x6b, 0x6f, + 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, + 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_sigstore_rekor_proto_rawDescOnce sync.Once + file_sigstore_rekor_proto_rawDescData = file_sigstore_rekor_proto_rawDesc +) + +func file_sigstore_rekor_proto_rawDescGZIP() []byte { + file_sigstore_rekor_proto_rawDescOnce.Do(func() { + file_sigstore_rekor_proto_rawDescData = protoimpl.X.CompressGZIP(file_sigstore_rekor_proto_rawDescData) + }) + return file_sigstore_rekor_proto_rawDescData +} + +var file_sigstore_rekor_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_sigstore_rekor_proto_goTypes = []interface{}{ + (*KindVersion)(nil), // 0: dev.sigstore.rekor.v1.KindVersion + (*Checkpoint)(nil), // 1: dev.sigstore.rekor.v1.Checkpoint + (*InclusionProof)(nil), // 2: dev.sigstore.rekor.v1.InclusionProof + (*InclusionPromise)(nil), // 3: dev.sigstore.rekor.v1.InclusionPromise + (*TransparencyLogEntry)(nil), // 4: dev.sigstore.rekor.v1.TransparencyLogEntry + (*v1.LogId)(nil), // 5: dev.sigstore.common.v1.LogId +} +var file_sigstore_rekor_proto_depIdxs = []int32{ + 1, // 0: dev.sigstore.rekor.v1.InclusionProof.checkpoint:type_name -> dev.sigstore.rekor.v1.Checkpoint + 5, // 1: dev.sigstore.rekor.v1.TransparencyLogEntry.log_id:type_name -> dev.sigstore.common.v1.LogId + 0, // 2: dev.sigstore.rekor.v1.TransparencyLogEntry.kind_version:type_name -> dev.sigstore.rekor.v1.KindVersion + 3, // 3: dev.sigstore.rekor.v1.TransparencyLogEntry.inclusion_promise:type_name -> dev.sigstore.rekor.v1.InclusionPromise + 2, // 4: dev.sigstore.rekor.v1.TransparencyLogEntry.inclusion_proof:type_name -> dev.sigstore.rekor.v1.InclusionProof + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_sigstore_rekor_proto_init() } +func file_sigstore_rekor_proto_init() { + if File_sigstore_rekor_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_sigstore_rekor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*KindVersion); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_rekor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Checkpoint); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_rekor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*InclusionProof); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_rekor_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*InclusionPromise); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_rekor_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TransparencyLogEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sigstore_rekor_proto_rawDesc, + NumEnums: 0, + NumMessages: 5, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sigstore_rekor_proto_goTypes, + DependencyIndexes: file_sigstore_rekor_proto_depIdxs, + MessageInfos: file_sigstore_rekor_proto_msgTypes, + }.Build() + File_sigstore_rekor_proto = out.File + file_sigstore_rekor_proto_rawDesc = nil + file_sigstore_rekor_proto_goTypes = nil + file_sigstore_rekor_proto_depIdxs = nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go b/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go index 601dd9d323..206eb87aca 100644 --- a/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go +++ b/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go @@ -15,7 +15,11 @@ package client import ( + "bytes" "crypto/tls" + "encoding/base64" + "encoding/hex" + "fmt" "net/http" "net/url" @@ -24,8 +28,13 @@ import ( "github.com/go-openapi/strfmt" "github.com/hashicorp/go-cleanhttp" retryablehttp "github.com/hashicorp/go-retryablehttp" + rekor_pb_common "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" + rekor_pb "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1" "github.com/sigstore/rekor/pkg/generated/client" + "github.com/sigstore/rekor/pkg/generated/models" + "github.com/sigstore/rekor/pkg/types" "github.com/sigstore/rekor/pkg/util" + "google.golang.org/protobuf/encoding/protojson" ) func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error) { @@ -64,3 +73,70 @@ func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error registry.Add("signedCheckpoint", &util.SignedNote{}, util.SignedCheckpointValidator) return client.New(rt, registry), nil } + +// GenerateTransparencyLogEntry returns a sigstore/protobuf-specs compliant message containing a +// TransparencyLogEntry as defined at https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_rekor.proto +func GenerateTransparencyLogEntry(anon models.LogEntryAnon) (*rekor_pb.TransparencyLogEntry, error) { + logIDHash, err := hex.DecodeString(*anon.LogID) + if err != nil { + return nil, fmt.Errorf("decoding logID string: %w", err) + } + + rootHash, err := hex.DecodeString(*anon.Verification.InclusionProof.RootHash) + if err != nil { + return nil, fmt.Errorf("decoding inclusion proof root hash: %w", err) + } + + inclusionProofHashes := make([][]byte, len(anon.Verification.InclusionProof.Hashes)) + for i, hash := range anon.Verification.InclusionProof.Hashes { + hashBytes, err := hex.DecodeString(hash) + if err != nil { + return nil, fmt.Errorf("decoding inclusion proof hash: %w", err) + } + inclusionProofHashes[i] = hashBytes + } + + b, err := base64.StdEncoding.DecodeString(anon.Body.(string)) + if err != nil { + return nil, fmt.Errorf("base64 decoding body: %w", err) + } + + pe, err := models.UnmarshalProposedEntry(bytes.NewReader(b), runtime.JSONConsumer()) + if err != nil { + return nil, err + } + eimpl, err := types.UnmarshalEntry(pe) + if err != nil { + return nil, err + } + + return &rekor_pb.TransparencyLogEntry{ + LogIndex: *anon.LogIndex, + LogId: &rekor_pb_common.LogId{ + KeyId: logIDHash, + }, + KindVersion: &rekor_pb.KindVersion{ + Kind: pe.Kind(), + Version: eimpl.APIVersion(), + }, + IntegratedTime: *anon.IntegratedTime, + InclusionPromise: &rekor_pb.InclusionPromise{ + SignedEntryTimestamp: anon.Verification.SignedEntryTimestamp, + }, + InclusionProof: &rekor_pb.InclusionProof{ + LogIndex: *anon.LogIndex, + RootHash: rootHash, + TreeSize: *anon.Verification.InclusionProof.TreeSize, + Hashes: inclusionProofHashes, + Checkpoint: &rekor_pb.Checkpoint{ + Envelope: *anon.Verification.InclusionProof.Checkpoint, + }, + }, + CanonicalizedBody: b, // we don't call eimpl.Canonicalize in the case that the logic is different in this caller vs when it was persisted in the log + }, nil +} + +// MarshalTLEToJSON marshals a TransparencyLogEntry message to JSON according to the protobuf JSON encoding rules +func MarshalTLEToJSON(tle *rekor_pb.TransparencyLogEntry) ([]byte, error) { + return protojson.Marshal(tle) +} diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go index e0ae2cdd31..b2e329427c 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go @@ -30,6 +30,7 @@ import ( "github.com/go-openapi/runtime" cr "github.com/go-openapi/runtime/client" "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" ) // NewGetLogInfoParams creates a new GetLogInfoParams object, @@ -76,6 +77,13 @@ GetLogInfoParams contains all the parameters to send to the API endpoint Typically these are written to a http.Request. */ type GetLogInfoParams struct { + + /* Stable. + + Whether to return a stable checkpoint for the active shard + */ + Stable *bool + timeout time.Duration Context context.Context HTTPClient *http.Client @@ -93,7 +101,18 @@ func (o *GetLogInfoParams) WithDefaults() *GetLogInfoParams { // // All values with no default are reset to their zero value. func (o *GetLogInfoParams) SetDefaults() { - // no default values defined for this parameter + var ( + stableDefault = bool(false) + ) + + val := GetLogInfoParams{ + Stable: &stableDefault, + } + + val.timeout = o.timeout + val.Context = o.Context + val.HTTPClient = o.HTTPClient + *o = val } // WithTimeout adds the timeout to the get log info params @@ -129,6 +148,17 @@ func (o *GetLogInfoParams) SetHTTPClient(client *http.Client) { o.HTTPClient = client } +// WithStable adds the stable to the get log info params +func (o *GetLogInfoParams) WithStable(stable *bool) *GetLogInfoParams { + o.SetStable(stable) + return o +} + +// SetStable adds the stable to the get log info params +func (o *GetLogInfoParams) SetStable(stable *bool) { + o.Stable = stable +} + // WriteToRequest writes these params to a swagger request func (o *GetLogInfoParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { @@ -137,6 +167,23 @@ func (o *GetLogInfoParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Re } var res []error + if o.Stable != nil { + + // query param stable + var qrStable bool + + if o.Stable != nil { + qrStable = *o.Stable + } + qStable := swag.FormatBool(qrStable) + if qStable != "" { + + if err := r.SetQueryParam("stable", qStable); err != nil { + return err + } + } + } + if len(res) > 0 { return errors.CompositeValidationError(res...) } diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go new file mode 100644 index 0000000000..dde562054c --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go @@ -0,0 +1,210 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "bytes" + "context" + "encoding/json" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// DSSE DSSE envelope +// +// swagger:model dsse +type DSSE struct { + + // api version + // Required: true + // Pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + APIVersion *string `json:"apiVersion"` + + // spec + // Required: true + Spec DSSESchema `json:"spec"` +} + +// Kind gets the kind of this subtype +func (m *DSSE) Kind() string { + return "dsse" +} + +// SetKind sets the kind of this subtype +func (m *DSSE) SetKind(val string) { +} + +// UnmarshalJSON unmarshals this object with a polymorphic type from a JSON structure +func (m *DSSE) UnmarshalJSON(raw []byte) error { + var data struct { + + // api version + // Required: true + // Pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + APIVersion *string `json:"apiVersion"` + + // spec + // Required: true + Spec DSSESchema `json:"spec"` + } + buf := bytes.NewBuffer(raw) + dec := json.NewDecoder(buf) + dec.UseNumber() + + if err := dec.Decode(&data); err != nil { + return err + } + + var base struct { + /* Just the base type fields. Used for unmashalling polymorphic types.*/ + + Kind string `json:"kind"` + } + buf = bytes.NewBuffer(raw) + dec = json.NewDecoder(buf) + dec.UseNumber() + + if err := dec.Decode(&base); err != nil { + return err + } + + var result DSSE + + if base.Kind != result.Kind() { + /* Not the type we're looking for. */ + return errors.New(422, "invalid kind value: %q", base.Kind) + } + + result.APIVersion = data.APIVersion + result.Spec = data.Spec + + *m = result + + return nil +} + +// MarshalJSON marshals this object with a polymorphic type to a JSON structure +func (m DSSE) MarshalJSON() ([]byte, error) { + var b1, b2, b3 []byte + var err error + b1, err = json.Marshal(struct { + + // api version + // Required: true + // Pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + APIVersion *string `json:"apiVersion"` + + // spec + // Required: true + Spec DSSESchema `json:"spec"` + }{ + + APIVersion: m.APIVersion, + + Spec: m.Spec, + }) + if err != nil { + return nil, err + } + b2, err = json.Marshal(struct { + Kind string `json:"kind"` + }{ + + Kind: m.Kind(), + }) + if err != nil { + return nil, err + } + + return swag.ConcatJSON(b1, b2, b3), nil +} + +// Validate validates this dsse +func (m *DSSE) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateAPIVersion(formats); err != nil { + res = append(res, err) + } + + if err := m.validateSpec(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *DSSE) validateAPIVersion(formats strfmt.Registry) error { + + if err := validate.Required("apiVersion", "body", m.APIVersion); err != nil { + return err + } + + if err := validate.Pattern("apiVersion", "body", *m.APIVersion, `^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`); err != nil { + return err + } + + return nil +} + +func (m *DSSE) validateSpec(formats strfmt.Registry) error { + + if m.Spec == nil { + return errors.Required("spec", "body", nil) + } + + return nil +} + +// ContextValidate validate this dsse based on the context it is used +func (m *DSSE) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +// MarshalBinary interface implementation +func (m *DSSE) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *DSSE) UnmarshalBinary(b []byte) error { + var res DSSE + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go new file mode 100644 index 0000000000..7795626438 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go @@ -0,0 +1,29 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +// DSSESchema DSSE Schema +// +// log entry schema for dsse envelopes +// +// swagger:model dsseSchema +type DSSESchema interface{} diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go new file mode 100644 index 0000000000..a28dd52446 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go @@ -0,0 +1,665 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "encoding/json" + "strconv" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// DSSEV001Schema DSSE v0.0.1 Schema +// +// # Schema for DSSE envelopes +// +// swagger:model dsseV001Schema +type DSSEV001Schema struct { + + // envelope hash + EnvelopeHash *DSSEV001SchemaEnvelopeHash `json:"envelopeHash,omitempty"` + + // payload hash + PayloadHash *DSSEV001SchemaPayloadHash `json:"payloadHash,omitempty"` + + // proposed content + ProposedContent *DSSEV001SchemaProposedContent `json:"proposedContent,omitempty"` + + // extracted collection of all signatures of the envelope's payload; elements will be sorted by lexicographical order of the base64 encoded signature strings + // Read Only: true + // Min Items: 1 + Signatures []*DSSEV001SchemaSignaturesItems0 `json:"signatures"` +} + +// Validate validates this dsse v001 schema +func (m *DSSEV001Schema) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateEnvelopeHash(formats); err != nil { + res = append(res, err) + } + + if err := m.validatePayloadHash(formats); err != nil { + res = append(res, err) + } + + if err := m.validateProposedContent(formats); err != nil { + res = append(res, err) + } + + if err := m.validateSignatures(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *DSSEV001Schema) validateEnvelopeHash(formats strfmt.Registry) error { + if swag.IsZero(m.EnvelopeHash) { // not required + return nil + } + + if m.EnvelopeHash != nil { + if err := m.EnvelopeHash.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("envelopeHash") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("envelopeHash") + } + return err + } + } + + return nil +} + +func (m *DSSEV001Schema) validatePayloadHash(formats strfmt.Registry) error { + if swag.IsZero(m.PayloadHash) { // not required + return nil + } + + if m.PayloadHash != nil { + if err := m.PayloadHash.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("payloadHash") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("payloadHash") + } + return err + } + } + + return nil +} + +func (m *DSSEV001Schema) validateProposedContent(formats strfmt.Registry) error { + if swag.IsZero(m.ProposedContent) { // not required + return nil + } + + if m.ProposedContent != nil { + if err := m.ProposedContent.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("proposedContent") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("proposedContent") + } + return err + } + } + + return nil +} + +func (m *DSSEV001Schema) validateSignatures(formats strfmt.Registry) error { + if swag.IsZero(m.Signatures) { // not required + return nil + } + + iSignaturesSize := int64(len(m.Signatures)) + + if err := validate.MinItems("signatures", "body", iSignaturesSize, 1); err != nil { + return err + } + + for i := 0; i < len(m.Signatures); i++ { + if swag.IsZero(m.Signatures[i]) { // not required + continue + } + + if m.Signatures[i] != nil { + if err := m.Signatures[i].Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("signatures" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("signatures" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// ContextValidate validate this dsse v001 schema based on the context it is used +func (m *DSSEV001Schema) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := m.contextValidateEnvelopeHash(ctx, formats); err != nil { + res = append(res, err) + } + + if err := m.contextValidatePayloadHash(ctx, formats); err != nil { + res = append(res, err) + } + + if err := m.contextValidateProposedContent(ctx, formats); err != nil { + res = append(res, err) + } + + if err := m.contextValidateSignatures(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *DSSEV001Schema) contextValidateEnvelopeHash(ctx context.Context, formats strfmt.Registry) error { + + if m.EnvelopeHash != nil { + if err := m.EnvelopeHash.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("envelopeHash") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("envelopeHash") + } + return err + } + } + + return nil +} + +func (m *DSSEV001Schema) contextValidatePayloadHash(ctx context.Context, formats strfmt.Registry) error { + + if m.PayloadHash != nil { + if err := m.PayloadHash.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("payloadHash") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("payloadHash") + } + return err + } + } + + return nil +} + +func (m *DSSEV001Schema) contextValidateProposedContent(ctx context.Context, formats strfmt.Registry) error { + + if m.ProposedContent != nil { + if err := m.ProposedContent.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("proposedContent") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("proposedContent") + } + return err + } + } + + return nil +} + +func (m *DSSEV001Schema) contextValidateSignatures(ctx context.Context, formats strfmt.Registry) error { + + if err := validate.ReadOnly(ctx, "signatures", "body", []*DSSEV001SchemaSignaturesItems0(m.Signatures)); err != nil { + return err + } + + for i := 0; i < len(m.Signatures); i++ { + + if m.Signatures[i] != nil { + if err := m.Signatures[i].ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("signatures" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("signatures" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// MarshalBinary interface implementation +func (m *DSSEV001Schema) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *DSSEV001Schema) UnmarshalBinary(b []byte) error { + var res DSSEV001Schema + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} + +// DSSEV001SchemaEnvelopeHash Specifies the hash algorithm and value encompassing the entire envelope sent to Rekor +// +// swagger:model DSSEV001SchemaEnvelopeHash +type DSSEV001SchemaEnvelopeHash struct { + + // The hashing function used to compute the hash value + // Required: true + // Enum: [sha256] + Algorithm *string `json:"algorithm"` + + // The value of the computed digest over the entire envelope + // Required: true + Value *string `json:"value"` +} + +// Validate validates this DSSE v001 schema envelope hash +func (m *DSSEV001SchemaEnvelopeHash) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateAlgorithm(formats); err != nil { + res = append(res, err) + } + + if err := m.validateValue(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +var dsseV001SchemaEnvelopeHashTypeAlgorithmPropEnum []interface{} + +func init() { + var res []string + if err := json.Unmarshal([]byte(`["sha256"]`), &res); err != nil { + panic(err) + } + for _, v := range res { + dsseV001SchemaEnvelopeHashTypeAlgorithmPropEnum = append(dsseV001SchemaEnvelopeHashTypeAlgorithmPropEnum, v) + } +} + +const ( + + // DSSEV001SchemaEnvelopeHashAlgorithmSha256 captures enum value "sha256" + DSSEV001SchemaEnvelopeHashAlgorithmSha256 string = "sha256" +) + +// prop value enum +func (m *DSSEV001SchemaEnvelopeHash) validateAlgorithmEnum(path, location string, value string) error { + if err := validate.EnumCase(path, location, value, dsseV001SchemaEnvelopeHashTypeAlgorithmPropEnum, true); err != nil { + return err + } + return nil +} + +func (m *DSSEV001SchemaEnvelopeHash) validateAlgorithm(formats strfmt.Registry) error { + + if err := validate.Required("envelopeHash"+"."+"algorithm", "body", m.Algorithm); err != nil { + return err + } + + // value enum + if err := m.validateAlgorithmEnum("envelopeHash"+"."+"algorithm", "body", *m.Algorithm); err != nil { + return err + } + + return nil +} + +func (m *DSSEV001SchemaEnvelopeHash) validateValue(formats strfmt.Registry) error { + + if err := validate.Required("envelopeHash"+"."+"value", "body", m.Value); err != nil { + return err + } + + return nil +} + +// ContextValidate validate this DSSE v001 schema envelope hash based on the context it is used +func (m *DSSEV001SchemaEnvelopeHash) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +// MarshalBinary interface implementation +func (m *DSSEV001SchemaEnvelopeHash) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *DSSEV001SchemaEnvelopeHash) UnmarshalBinary(b []byte) error { + var res DSSEV001SchemaEnvelopeHash + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} + +// DSSEV001SchemaPayloadHash Specifies the hash algorithm and value covering the payload within the DSSE envelope +// +// swagger:model DSSEV001SchemaPayloadHash +type DSSEV001SchemaPayloadHash struct { + + // The hashing function used to compute the hash value + // Required: true + // Enum: [sha256] + Algorithm *string `json:"algorithm"` + + // The value of the computed digest over the payload within the envelope + // Required: true + Value *string `json:"value"` +} + +// Validate validates this DSSE v001 schema payload hash +func (m *DSSEV001SchemaPayloadHash) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateAlgorithm(formats); err != nil { + res = append(res, err) + } + + if err := m.validateValue(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +var dsseV001SchemaPayloadHashTypeAlgorithmPropEnum []interface{} + +func init() { + var res []string + if err := json.Unmarshal([]byte(`["sha256"]`), &res); err != nil { + panic(err) + } + for _, v := range res { + dsseV001SchemaPayloadHashTypeAlgorithmPropEnum = append(dsseV001SchemaPayloadHashTypeAlgorithmPropEnum, v) + } +} + +const ( + + // DSSEV001SchemaPayloadHashAlgorithmSha256 captures enum value "sha256" + DSSEV001SchemaPayloadHashAlgorithmSha256 string = "sha256" +) + +// prop value enum +func (m *DSSEV001SchemaPayloadHash) validateAlgorithmEnum(path, location string, value string) error { + if err := validate.EnumCase(path, location, value, dsseV001SchemaPayloadHashTypeAlgorithmPropEnum, true); err != nil { + return err + } + return nil +} + +func (m *DSSEV001SchemaPayloadHash) validateAlgorithm(formats strfmt.Registry) error { + + if err := validate.Required("payloadHash"+"."+"algorithm", "body", m.Algorithm); err != nil { + return err + } + + // value enum + if err := m.validateAlgorithmEnum("payloadHash"+"."+"algorithm", "body", *m.Algorithm); err != nil { + return err + } + + return nil +} + +func (m *DSSEV001SchemaPayloadHash) validateValue(formats strfmt.Registry) error { + + if err := validate.Required("payloadHash"+"."+"value", "body", m.Value); err != nil { + return err + } + + return nil +} + +// ContextValidate validate this DSSE v001 schema payload hash based on the context it is used +func (m *DSSEV001SchemaPayloadHash) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +// MarshalBinary interface implementation +func (m *DSSEV001SchemaPayloadHash) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *DSSEV001SchemaPayloadHash) UnmarshalBinary(b []byte) error { + var res DSSEV001SchemaPayloadHash + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} + +// DSSEV001SchemaProposedContent DSSE v001 schema proposed content +// +// swagger:model DSSEV001SchemaProposedContent +type DSSEV001SchemaProposedContent struct { + + // DSSE envelope specified as a stringified JSON object + // Required: true + Envelope *string `json:"envelope"` + + // collection of all verification material (e.g. public keys or certificates) used to verify signatures over envelope's payload, specified as base64-encoded strings + // Required: true + // Min Items: 1 + Verifiers []strfmt.Base64 `json:"verifiers"` +} + +// Validate validates this DSSE v001 schema proposed content +func (m *DSSEV001SchemaProposedContent) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateEnvelope(formats); err != nil { + res = append(res, err) + } + + if err := m.validateVerifiers(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *DSSEV001SchemaProposedContent) validateEnvelope(formats strfmt.Registry) error { + + if err := validate.Required("proposedContent"+"."+"envelope", "body", m.Envelope); err != nil { + return err + } + + return nil +} + +func (m *DSSEV001SchemaProposedContent) validateVerifiers(formats strfmt.Registry) error { + + if err := validate.Required("proposedContent"+"."+"verifiers", "body", m.Verifiers); err != nil { + return err + } + + iVerifiersSize := int64(len(m.Verifiers)) + + if err := validate.MinItems("proposedContent"+"."+"verifiers", "body", iVerifiersSize, 1); err != nil { + return err + } + + return nil +} + +// ContextValidate validates this DSSE v001 schema proposed content based on context it is used +func (m *DSSEV001SchemaProposedContent) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *DSSEV001SchemaProposedContent) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *DSSEV001SchemaProposedContent) UnmarshalBinary(b []byte) error { + var res DSSEV001SchemaProposedContent + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} + +// DSSEV001SchemaSignaturesItems0 a signature of the envelope's payload along with the verification material for the signature +// +// swagger:model DSSEV001SchemaSignaturesItems0 +type DSSEV001SchemaSignaturesItems0 struct { + + // base64 encoded signature of the payload + // Required: true + // Pattern: ^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$ + Signature *string `json:"signature"` + + // verification material that was used to verify the corresponding signature, specified as a base64 encoded string + // Required: true + // Format: byte + Verifier *strfmt.Base64 `json:"verifier"` +} + +// Validate validates this DSSE v001 schema signatures items0 +func (m *DSSEV001SchemaSignaturesItems0) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateSignature(formats); err != nil { + res = append(res, err) + } + + if err := m.validateVerifier(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *DSSEV001SchemaSignaturesItems0) validateSignature(formats strfmt.Registry) error { + + if err := validate.Required("signature", "body", m.Signature); err != nil { + return err + } + + if err := validate.Pattern("signature", "body", *m.Signature, `^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$`); err != nil { + return err + } + + return nil +} + +func (m *DSSEV001SchemaSignaturesItems0) validateVerifier(formats strfmt.Registry) error { + + if err := validate.Required("verifier", "body", m.Verifier); err != nil { + return err + } + + return nil +} + +// ContextValidate validates this DSSE v001 schema signatures items0 based on context it is used +func (m *DSSEV001SchemaSignaturesItems0) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *DSSEV001SchemaSignaturesItems0) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *DSSEV001SchemaSignaturesItems0) UnmarshalBinary(b []byte) error { + var res DSSEV001SchemaSignaturesItems0 + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go index 3297e5a91d..816435cb24 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go @@ -450,25 +450,25 @@ type IntotoV002SchemaContentEnvelopeSignaturesItems0 struct { Keyid string `json:"keyid,omitempty"` // public key that corresponds to this signature - // Read Only: true + // Required: true // Format: byte - PublicKey strfmt.Base64 `json:"publicKey,omitempty"` + PublicKey *strfmt.Base64 `json:"publicKey"` // signature of the payload + // Required: true // Format: byte - Sig strfmt.Base64 `json:"sig,omitempty"` + Sig *strfmt.Base64 `json:"sig"` } // Validate validates this intoto v002 schema content envelope signatures items0 func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) Validate(formats strfmt.Registry) error { - return nil -} - -// ContextValidate validate this intoto v002 schema content envelope signatures items0 based on the context it is used -func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error - if err := m.contextValidatePublicKey(ctx, formats); err != nil { + if err := m.validatePublicKey(formats); err != nil { + res = append(res, err) + } + + if err := m.validateSig(formats); err != nil { res = append(res, err) } @@ -478,15 +478,29 @@ func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) ContextValidate(ctx co return nil } -func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) contextValidatePublicKey(ctx context.Context, formats strfmt.Registry) error { +func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) validatePublicKey(formats strfmt.Registry) error { + + if err := validate.Required("publicKey", "body", m.PublicKey); err != nil { + return err + } + + return nil +} + +func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) validateSig(formats strfmt.Registry) error { - if err := validate.ReadOnly(ctx, "publicKey", "body", strfmt.Base64(m.PublicKey)); err != nil { + if err := validate.Required("sig", "body", m.Sig); err != nil { return err } return nil } +// ContextValidate validates this intoto v002 schema content envelope signatures items0 based on context it is used +func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + // MarshalBinary interface implementation func (m *IntotoV002SchemaContentEnvelopeSignaturesItems0) MarshalBinary() ([]byte, error) { if m == nil { diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go index 76b28019cb..5b734a5fff 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go @@ -126,6 +126,12 @@ func unmarshalProposedEntry(data []byte, consumer runtime.Consumer) (ProposedEnt return nil, err } return &result, nil + case "dsse": + var result DSSE + if err := consumer.Consume(buf2, &result); err != nil { + return nil, err + } + return &result, nil case "hashedrekord": var result Hashedrekord if err := consumer.Consume(buf2, &result); err != nil { diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go index f8bf4b020d..db5d8a3a92 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go @@ -195,11 +195,30 @@ func (m *TUFV001Schema) UnmarshalBinary(b []byte) error { type TUFV001SchemaMetadata struct { // Specifies the metadata inline within the document - Content interface{} `json:"content,omitempty"` + // Required: true + Content interface{} `json:"content"` } // Validate validates this TUF v001 schema metadata func (m *TUFV001SchemaMetadata) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateContent(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *TUFV001SchemaMetadata) validateContent(formats strfmt.Registry) error { + + if m.Content == nil { + return errors.Required("metadata"+"."+"content", "body", nil) + } + return nil } diff --git a/vendor/github.com/sigstore/rekor/pkg/log/log.go b/vendor/github.com/sigstore/rekor/pkg/log/log.go new file mode 100644 index 0000000000..413b604f78 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/log/log.go @@ -0,0 +1,115 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package log + +import ( + "context" + "log" + + "github.com/go-chi/chi/middleware" + "go.uber.org/zap" + "go.uber.org/zap/zapcore" +) + +// Logger set the default logger to development mode +var Logger *zap.SugaredLogger + +func init() { + ConfigureLogger("dev") +} + +func ConfigureLogger(logType string) { + var cfg zap.Config + if logType == "prod" { + cfg = zap.NewProductionConfig() + cfg.EncoderConfig.LevelKey = "severity" + cfg.EncoderConfig.MessageKey = "message" + cfg.EncoderConfig.TimeKey = "time" + cfg.EncoderConfig.EncodeLevel = encodeLevel() + cfg.EncoderConfig.EncodeTime = zapcore.RFC3339TimeEncoder + cfg.EncoderConfig.EncodeDuration = zapcore.SecondsDurationEncoder + cfg.EncoderConfig.EncodeCaller = zapcore.FullCallerEncoder + } else { + cfg = zap.NewDevelopmentConfig() + cfg.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder + } + logger, err := cfg.Build() + if err != nil { + log.Fatalln("createLogger", err) + } + Logger = logger.Sugar() +} + +func encodeLevel() zapcore.LevelEncoder { + return func(l zapcore.Level, enc zapcore.PrimitiveArrayEncoder) { + switch l { + case zapcore.DebugLevel: + enc.AppendString("DEBUG") + case zapcore.InfoLevel: + enc.AppendString("INFO") + case zapcore.WarnLevel: + enc.AppendString("WARNING") + case zapcore.ErrorLevel: + enc.AppendString("ERROR") + case zapcore.DPanicLevel: + enc.AppendString("CRITICAL") + case zapcore.PanicLevel: + enc.AppendString("ALERT") + case zapcore.FatalLevel: + enc.AppendString("EMERGENCY") + } + } +} + +var CliLogger = createCliLogger() + +func createCliLogger() *zap.SugaredLogger { + cfg := zap.NewDevelopmentConfig() + cfg.EncoderConfig.TimeKey = "" + cfg.EncoderConfig.LevelKey = "" + cfg.DisableCaller = true + cfg.DisableStacktrace = true + logger, err := cfg.Build() + if err != nil { + log.Fatalln("createLogger", err) + } + + return logger.Sugar() +} + +func WithRequestID(ctx context.Context, id string) context.Context { + return context.WithValue(ctx, middleware.RequestIDKey, id) +} + +type operation struct { + id string +} + +func (o operation) MarshalLogObject(enc zapcore.ObjectEncoder) error { + enc.AddString("id", o.id) + return nil +} + +func ContextLogger(ctx context.Context) *zap.SugaredLogger { + proposedLogger := Logger + if ctx != nil { + if ctxRequestID, ok := ctx.Value(middleware.RequestIDKey).(string); ok { + requestID := operation{ctxRequestID} + proposedLogger = proposedLogger.With(zap.Object("operation", requestID)) + } + } + return proposedLogger +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/factory.go b/vendor/github.com/sigstore/rekor/pkg/pki/factory.go new file mode 100644 index 0000000000..0e5b89a103 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/factory.go @@ -0,0 +1,126 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package pki + +import ( + "fmt" + "io" + + "github.com/sigstore/rekor/pkg/pki/minisign" + "github.com/sigstore/rekor/pkg/pki/pgp" + "github.com/sigstore/rekor/pkg/pki/pkcs7" + "github.com/sigstore/rekor/pkg/pki/ssh" + "github.com/sigstore/rekor/pkg/pki/tuf" + "github.com/sigstore/rekor/pkg/pki/x509" +) + +type Format string + +const ( + PGP Format = "pgp" + Minisign Format = "minisign" + SSH Format = "ssh" + X509 Format = "x509" + PKCS7 Format = "pkcs7" + Tuf Format = "tuf" +) + +type ArtifactFactory struct { + impl pkiImpl +} + +func NewArtifactFactory(format Format) (*ArtifactFactory, error) { + if impl, ok := artifactFactoryMap[format]; ok { + return &ArtifactFactory{impl: impl}, nil + } + return nil, fmt.Errorf("%v is not a supported PKI format", format) +} + +type pkiImpl struct { + newPubKey func(io.Reader) (PublicKey, error) + newSignature func(io.Reader) (Signature, error) +} + +var artifactFactoryMap map[Format]pkiImpl + +func init() { + artifactFactoryMap = map[Format]pkiImpl{ + PGP: { + newPubKey: func(r io.Reader) (PublicKey, error) { + return pgp.NewPublicKey(r) + }, + newSignature: func(r io.Reader) (Signature, error) { + return pgp.NewSignature(r) + }, + }, + Minisign: { + newPubKey: func(r io.Reader) (PublicKey, error) { + return minisign.NewPublicKey(r) + }, + newSignature: func(r io.Reader) (Signature, error) { + return minisign.NewSignature(r) + }, + }, + SSH: { + newPubKey: func(r io.Reader) (PublicKey, error) { + return ssh.NewPublicKey(r) + }, + newSignature: func(r io.Reader) (Signature, error) { + return ssh.NewSignature(r) + }, + }, + X509: { + newPubKey: func(r io.Reader) (PublicKey, error) { + return x509.NewPublicKey(r) + }, + newSignature: func(r io.Reader) (Signature, error) { + return x509.NewSignature(r) + }, + }, + PKCS7: { + newPubKey: func(r io.Reader) (PublicKey, error) { + return pkcs7.NewPublicKey(r) + }, + newSignature: func(r io.Reader) (Signature, error) { + return pkcs7.NewSignature(r) + }, + }, + Tuf: { + newPubKey: func(r io.Reader) (PublicKey, error) { + return tuf.NewPublicKey(r) + }, + newSignature: func(r io.Reader) (Signature, error) { + return tuf.NewSignature(r) + }, + }, + } +} + +func SupportedFormats() []string { + var formats []string + for f := range artifactFactoryMap { + formats = append(formats, string(f)) + } + return formats +} + +func (a ArtifactFactory) NewPublicKey(r io.Reader) (PublicKey, error) { + return a.impl.newPubKey(r) +} + +func (a ArtifactFactory) NewSignature(r io.Reader) (Signature, error) { + return a.impl.newSignature(r) +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go b/vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go new file mode 100644 index 0000000000..0bcb02fa89 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/minisign/minisign.go @@ -0,0 +1,194 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package minisign + +import ( + "bytes" + "encoding/base64" + "fmt" + "io" + "strings" + + minisign "github.com/jedisct1/go-minisign" + sigsig "github.com/sigstore/sigstore/pkg/signature" + "golang.org/x/crypto/blake2b" +) + +// Signature Signature that follows the minisign standard; supports both minisign and signify generated signatures +type Signature struct { + signature *minisign.Signature +} + +// NewSignature creates and validates a minisign signature object +func NewSignature(r io.Reader) (*Signature, error) { + var s Signature + var inputBuffer bytes.Buffer + + if _, err := io.Copy(&inputBuffer, r); err != nil { + return nil, fmt.Errorf("unable to read minisign signature: %w", err) + } + + inputString := inputBuffer.String() + signature, err := minisign.DecodeSignature(inputString) + if err != nil { + // try to parse as signify + lines := strings.Split(strings.TrimRight(inputString, "\n"), "\n") + if len(lines) != 2 { + return nil, fmt.Errorf("invalid signature provided: %v lines detected", len(lines)) + } + sigBytes, b64Err := base64.StdEncoding.DecodeString(lines[1]) + if b64Err != nil { + return nil, fmt.Errorf("invalid signature provided: base64 decoding failed") + } + if len(sigBytes) != len(signature.SignatureAlgorithm)+len(signature.KeyId)+len(signature.Signature) { + return nil, fmt.Errorf("invalid signature provided: incorrect size %v detected", len(sigBytes)) + } + copy(signature.SignatureAlgorithm[:], sigBytes[0:2]) + copy(signature.KeyId[:], sigBytes[2:10]) + copy(signature.Signature[:], sigBytes[10:]) + } + + s.signature = &signature + return &s, nil +} + +// CanonicalValue implements the pki.Signature interface +func (s Signature) CanonicalValue() ([]byte, error) { + if s.signature == nil { + return nil, fmt.Errorf("minisign signature has not been initialized") + } + + buf := bytes.NewBuffer([]byte("untrusted comment:\n")) + b64Buf := bytes.NewBuffer(s.signature.SignatureAlgorithm[:]) + if _, err := b64Buf.Write(s.signature.KeyId[:]); err != nil { + return nil, fmt.Errorf("error canonicalizing minisign signature: %w", err) + } + if _, err := b64Buf.Write(s.signature.Signature[:]); err != nil { + return nil, fmt.Errorf("error canonicalizing minisign signature: %w", err) + } + if _, err := buf.WriteString(base64.StdEncoding.EncodeToString(b64Buf.Bytes())); err != nil { + return nil, fmt.Errorf("error canonicalizing minisign signature: %w", err) + } + return buf.Bytes(), nil +} + +// Verify implements the pki.Signature interface +func (s Signature) Verify(r io.Reader, k interface{}, opts ...sigsig.VerifyOption) error { + if s.signature == nil { + return fmt.Errorf("minisign signature has not been initialized") + } + + key, ok := k.(*PublicKey) + if !ok { + return fmt.Errorf("cannot use Verify with a non-minisign key") + } + if key.key == nil { + return fmt.Errorf("minisign public key has not been initialized") + } + + verifier, err := sigsig.LoadED25519Verifier(key.key.PublicKey[:]) + if err != nil { + return err + } + + prehashed := s.signature.SignatureAlgorithm[1] == 0x44 + if prehashed { + h, _ := blake2b.New512(nil) + _, err := io.Copy(h, r) + if err != nil { + return fmt.Errorf("reading minisign data") + } + r = bytes.NewReader(h.Sum(nil)) + } + + return verifier.VerifySignature(bytes.NewReader(s.signature.Signature[:]), r, opts...) +} + +// PublicKey Public Key that follows the minisign standard; supports signify and minisign public keys +type PublicKey struct { + key *minisign.PublicKey +} + +// NewPublicKey implements the pki.PublicKey interface +func NewPublicKey(r io.Reader) (*PublicKey, error) { + var k PublicKey + var inputBuffer bytes.Buffer + + if _, err := io.Copy(&inputBuffer, r); err != nil { + return nil, fmt.Errorf("unable to read minisign public key: %w", err) + } + + inputString := inputBuffer.String() + + // There are three ways a minisign key can be stored. + // 1. The entire text key + // 2. A base64 encoded string + // 3. A legacy format we stored of just the key material (no key ID or Algorithm) due to bug fixed in https://github.com/sigstore/rekor/pull/562 + key, err := minisign.DecodePublicKey(inputString) + if err == nil { + k.key = &key + return &k, nil + } + key, err = minisign.NewPublicKey(inputString) + if err == nil { + k.key = &key + return &k, nil + } + + if len(inputString) == 32 { + k.key = &minisign.PublicKey{ + SignatureAlgorithm: [2]byte{'E', 'd'}, + KeyId: [8]byte{}, + } + copy(k.key.PublicKey[:], inputBuffer.Bytes()) + return &k, nil + } + return nil, fmt.Errorf("unable to read minisign public key: %w", err) +} + +// CanonicalValue implements the pki.PublicKey interface +func (k PublicKey) CanonicalValue() ([]byte, error) { + if k.key == nil { + return nil, fmt.Errorf("minisign public key has not been initialized") + } + + bin := []byte{} + bin = append(bin, k.key.SignatureAlgorithm[:]...) + bin = append(bin, k.key.KeyId[:]...) + bin = append(bin, k.key.PublicKey[:]...) + b64Key := base64.StdEncoding.EncodeToString(bin) + return []byte(b64Key), nil +} + +// EmailAddresses implements the pki.PublicKey interface +func (k PublicKey) EmailAddresses() []string { + return nil +} + +// Subjects implements the pki.PublicKey interface +func (k PublicKey) Subjects() []string { + return nil +} + +// Identities implements the pki.PublicKey interface +func (k PublicKey) Identities() ([]string, error) { + // returns base64-encoded key (sig alg, key ID, and public key) + key, err := k.CanonicalValue() + if err != nil { + return nil, err + } + return []string{string(key)}, nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go b/vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go new file mode 100644 index 0000000000..aee7fa14bc --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/pgp/pgp.go @@ -0,0 +1,318 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package pgp + +import ( + "bufio" + "bytes" + "context" + "errors" + "fmt" + "io" + "net/http" + + validator "github.com/go-playground/validator/v10" + + //TODO: https://github.com/sigstore/rekor/issues/286 + "golang.org/x/crypto/openpgp" //nolint:staticcheck + "golang.org/x/crypto/openpgp/armor" //nolint:staticcheck + "golang.org/x/crypto/openpgp/packet" //nolint:staticcheck + + sigsig "github.com/sigstore/sigstore/pkg/signature" +) + +// Signature that follows the PGP standard; supports both armored & binary detached signatures +type Signature struct { + isArmored bool + signature []byte +} + +// NewSignature creates and validates a PGP signature object +func NewSignature(r io.Reader) (*Signature, error) { + var s Signature + var inputBuffer bytes.Buffer + + if _, err := io.Copy(&inputBuffer, r); err != nil { + return nil, fmt.Errorf("unable to read PGP signature: %w", err) + } + + sigByteReader := bytes.NewReader(inputBuffer.Bytes()) + + var sigReader io.Reader + sigBlock, err := armor.Decode(sigByteReader) + if err == nil { + s.isArmored = true + if sigBlock.Type != openpgp.SignatureType { + return nil, fmt.Errorf("invalid PGP signature provided") + } + sigReader = sigBlock.Body + } else { + s.isArmored = false + if _, err := sigByteReader.Seek(0, io.SeekStart); err != nil { + return nil, fmt.Errorf("unable to read binary PGP signature: %w", err) + } + sigReader = sigByteReader + } + + sigPktReader := packet.NewReader(sigReader) + sigPkt, err := sigPktReader.Next() + if err != nil { + return nil, fmt.Errorf("invalid PGP signature: %w", err) + } + + if _, ok := sigPkt.(*packet.Signature); !ok { + if _, ok := sigPkt.(*packet.SignatureV3); !ok { + return nil, fmt.Errorf("valid PGP signature was not detected") + } + } + + s.signature = inputBuffer.Bytes() + return &s, nil +} + +// FetchSignature implements pki.Signature interface +func FetchSignature(ctx context.Context, url string) (*Signature, error) { + req, err := http.NewRequestWithContext(ctx, "GET", url, nil) + if err != nil { + return nil, fmt.Errorf("error initializing fetch for PGP signature: %w", err) + } + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("error fetching PGP signature: %w", err) + } + defer resp.Body.Close() + + sig, err := NewSignature(resp.Body) + if err != nil { + return nil, err + } + return sig, nil +} + +// CanonicalValue implements the pki.Signature interface +func (s Signature) CanonicalValue() ([]byte, error) { + if len(s.signature) == 0 { + return nil, fmt.Errorf("PGP signature has not been initialized") + } + + if s.isArmored { + return s.signature, nil + } + + var canonicalBuffer bytes.Buffer + // Use an inner function so we can defer the Close() + if err := func() error { + ew, err := armor.Encode(&canonicalBuffer, openpgp.SignatureType, nil) + if err != nil { + return fmt.Errorf("error encoding canonical value of PGP signature: %w", err) + } + defer ew.Close() + + if _, err := io.Copy(ew, bytes.NewReader(s.signature)); err != nil { + return fmt.Errorf("error generating canonical value of PGP signature: %w", err) + } + return nil + }(); err != nil { + return nil, err + } + + return canonicalBuffer.Bytes(), nil +} + +// Verify implements the pki.Signature interface +func (s Signature) Verify(r io.Reader, k interface{}, _ ...sigsig.VerifyOption) error { + if len(s.signature) == 0 { + return fmt.Errorf("PGP signature has not been initialized") + } + + key, ok := k.(*PublicKey) + if !ok { + return fmt.Errorf("cannot use Verify with a non-PGP signature") + } + if len(key.key) == 0 { + return fmt.Errorf("PGP public key has not been initialized") + } + + verifyFn := openpgp.CheckDetachedSignature + if s.isArmored { + verifyFn = openpgp.CheckArmoredDetachedSignature + } + + if _, err := verifyFn(key.key, r, bytes.NewReader(s.signature)); err != nil { + return err + } + + return nil +} + +// PublicKey Public Key that follows the PGP standard; supports both armored & binary detached signatures +type PublicKey struct { + key openpgp.EntityList +} + +// NewPublicKey implements the pki.PublicKey interface +func NewPublicKey(r io.Reader) (*PublicKey, error) { + var k PublicKey + var inputBuffer bytes.Buffer + + startToken := []byte(`-----BEGIN PGP`) + endToken := []byte(`-----END PGP`) + + bufferedReader := bufio.NewReader(r) + armorCheck, err := bufferedReader.Peek(len(startToken)) + if err != nil { + return nil, fmt.Errorf("unable to read PGP public key: %w", err) + } + if bytes.Equal(startToken, armorCheck) { + // looks like we have armored input + scan := bufio.NewScanner(bufferedReader) + scan.Split(bufio.ScanLines) + + for scan.Scan() { + line := scan.Bytes() + inputBuffer.Write(line) + fmt.Fprintf(&inputBuffer, "\n") + + if bytes.HasPrefix(line, endToken) { + // we have a complete armored message; process it + keyBlock, err := armor.Decode(&inputBuffer) + if err == nil { + if keyBlock.Type != openpgp.PublicKeyType && keyBlock.Type != openpgp.PrivateKeyType { + return nil, fmt.Errorf("invalid PGP type detected") + } + keys, err := openpgp.ReadKeyRing(keyBlock.Body) + if err != nil { + return nil, fmt.Errorf("error reading PGP public key: %w", err) + } + if k.key == nil { + k.key = keys + } else { + k.key = append(k.key, keys...) + } + inputBuffer.Reset() + } else { + return nil, fmt.Errorf("invalid PGP public key provided: %w", err) + } + } + } + } else { + // process as binary + k.key, err = openpgp.ReadKeyRing(bufferedReader) + if err != nil { + return nil, fmt.Errorf("error reading binary PGP public key: %w", err) + } + } + + if len(k.key) == len(k.key.DecryptionKeys()) { + return nil, fmt.Errorf("no PGP public keys could be read") + } + + return &k, nil +} + +// FetchPublicKey implements pki.PublicKey interface +func FetchPublicKey(ctx context.Context, url string) (*PublicKey, error) { + //TODO: detect if url is hkp and adjust accordingly + req, err := http.NewRequestWithContext(ctx, "GET", url, nil) + if err != nil { + return nil, fmt.Errorf("error fetching PGP public key: %w", err) + } + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("error fetching PGP public key: %w", err) + } + defer resp.Body.Close() + + key, err := NewPublicKey(resp.Body) + if err != nil { + return nil, err + } + + return key, nil +} + +// CanonicalValue implements the pki.PublicKey interface +func (k PublicKey) CanonicalValue() ([]byte, error) { + if k.key == nil { + return nil, fmt.Errorf("PGP public key has not been initialized") + } + + var canonicalBuffer bytes.Buffer + + // Use an inner function so we can defer the close() + if err := func() error { + armoredWriter, err := armor.Encode(&canonicalBuffer, openpgp.PublicKeyType, nil) + if err != nil { + return fmt.Errorf("error generating canonical value of PGP public key: %w", err) + } + defer armoredWriter.Close() + + for _, entity := range k.key { + if err := entity.Serialize(armoredWriter); err != nil { + return fmt.Errorf("error generating canonical value of PGP public key: %w", err) + } + } + return nil + }(); err != nil { + return nil, err + } + + return canonicalBuffer.Bytes(), nil +} + +func (k PublicKey) KeyRing() (openpgp.KeyRing, error) { + if k.key == nil { + return nil, errors.New("PGP public key has not been initialized") + } + + return k.key, nil +} + +// EmailAddresses implements the pki.PublicKey interface +func (k PublicKey) EmailAddresses() []string { + var names []string + // Extract from cert + for _, entity := range k.key { + for _, identity := range entity.Identities { + validate := validator.New() + errs := validate.Var(identity.UserId.Email, "required,email") + if errs == nil { + names = append(names, identity.UserId.Email) + } + } + } + return names +} + +// Subjects implements the pki.PublicKey interface +func (k PublicKey) Subjects() []string { + return k.EmailAddresses() +} + +// Identities implements the pki.PublicKey interface +func (k PublicKey) Identities() ([]string, error) { + // returns the email addresses and armored public key + var identities []string + identities = append(identities, k.Subjects()...) + key, err := k.CanonicalValue() + if err != nil { + return nil, err + } + identities = append(identities, string(key)) + return identities, nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go b/vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go new file mode 100644 index 0000000000..8694844daf --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/pkcs7/pkcs7.go @@ -0,0 +1,247 @@ +/* +Copyright © 2021 The Sigstore Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pkcs7 + +import ( + "bytes" + "crypto" + "crypto/x509" + "encoding/asn1" + "encoding/pem" + "errors" + "fmt" + "io" + "strings" + + "github.com/sassoftware/relic/lib/pkcs7" + "github.com/sigstore/sigstore/pkg/cryptoutils" + sigsig "github.com/sigstore/sigstore/pkg/signature" +) + +// EmailAddressOID defined by https://oidref.com/1.2.840.113549.1.9.1 +var EmailAddressOID asn1.ObjectIdentifier = []int{1, 2, 840, 113549, 1, 9, 1} + +type Signature struct { + signedData pkcs7.SignedData + detached bool + raw *[]byte +} + +// NewSignature creates and validates an PKCS7 signature object +func NewSignature(r io.Reader) (*Signature, error) { + b, err := io.ReadAll(r) + if err != nil { + return nil, err + } + // try PEM decoding first + var pkcsBytes *[]byte + block, _ := pem.Decode(b) + if block != nil { + if block.Type != "PKCS7" { + return nil, fmt.Errorf("unknown PEM block type %s found during PKCS7 parsing", block.Type) + } + pkcsBytes = &block.Bytes + } else { + // PEM decoding failed, it might just be raw ASN.1 data + pkcsBytes = &b + } + + psd, err := pkcs7.Unmarshal(*pkcsBytes) + if err != nil { + return nil, err + } + + // we store the detached signature as the raw, canonical format + if _, err := psd.Detach(); err != nil { + return nil, err + } + + detached, err := psd.Marshal() + if err != nil { + return nil, err + } + + cb, err := psd.Content.ContentInfo.Bytes() + if err != nil { + return nil, err + } + + return &Signature{ + signedData: psd.Content, + raw: &detached, + detached: cb == nil, + }, nil +} + +// CanonicalValue implements the pki.Signature interface +func (s Signature) CanonicalValue() ([]byte, error) { + if s.raw == nil { + return nil, fmt.Errorf("PKCS7 signature has not been initialized") + } + + p := pem.Block{ + Type: "PKCS7", + Bytes: *s.raw, + } + + var buf bytes.Buffer + if err := pem.Encode(&buf, &p); err != nil { + return nil, err + } + return buf.Bytes(), nil +} + +// Verify implements the pki.Signature interface +func (s Signature) Verify(r io.Reader, _ interface{}, _ ...sigsig.VerifyOption) error { + if len(*s.raw) == 0 { + return fmt.Errorf("PKCS7 signature has not been initialized") + } + + // if content was passed to this, verify signature as if it were detached + bb := bytes.Buffer{} + var extContent []byte + if r != nil { + n, err := io.Copy(&bb, r) + if err != nil { + return err + } + if n > 0 { + extContent = bb.Bytes() + } else if s.detached { + return errors.New("PKCS7 signature is detached and there is no external content to verify against") + } + } + + if _, err := s.signedData.Verify(extContent, false); err != nil { + return err + } + + return nil +} + +// PublicKey Public Key contained in cert inside PKCS7 bundle +type PublicKey struct { + key crypto.PublicKey + certs []*x509.Certificate + rawCert []byte +} + +// NewPublicKey implements the pki.PublicKey interface +func NewPublicKey(r io.Reader) (*PublicKey, error) { + rawPub, err := io.ReadAll(r) + if err != nil { + return nil, err + } + + // try PEM decoding first + var pkcsBytes *[]byte + block, _ := pem.Decode(rawPub) + if block != nil { + if block.Type != "PKCS7" { + return nil, fmt.Errorf("unknown PEM block type %s found during PKCS7 parsing", block.Type) + } + pkcsBytes = &block.Bytes + } else { + // PEM decoding failed, it might just be raw ASN.1 data + pkcsBytes = &rawPub + } + pkcs7, err := pkcs7.Unmarshal(*pkcsBytes) + if err != nil { + return nil, err + } + certs, err := pkcs7.Content.Certificates.Parse() + if err != nil { + return nil, err + } + for _, cert := range certs { + return &PublicKey{key: cert.PublicKey, certs: certs, rawCert: cert.Raw}, nil + } + return nil, errors.New("unable to extract public key from certificate inside PKCS7 bundle") +} + +// CanonicalValue implements the pki.PublicKey interface +func (k PublicKey) CanonicalValue() ([]byte, error) { + if k.rawCert == nil { + return nil, fmt.Errorf("PKCS7 public key has not been initialized") + } + //TODO: should we export the entire cert chain, not just the first one? + p := pem.Block{ + Type: "CERTIFICATE", + Bytes: k.rawCert, + } + + var buf bytes.Buffer + if err := pem.Encode(&buf, &p); err != nil { + return nil, err + } + return buf.Bytes(), nil +} + +// EmailAddresses implements the pki.PublicKey interface +func (k PublicKey) EmailAddresses() []string { + var names []string + // Get email address from Subject name in raw cert. + cert, err := x509.ParseCertificate(k.rawCert) + if err != nil { + // This should not happen from a valid PublicKey, but fail gracefully. + return names + } + + for _, name := range cert.Subject.Names { + if name.Type.Equal(EmailAddressOID) { + names = append(names, strings.ToLower(name.Value.(string))) + } + } + + return names +} + +// Subjects implements the pki.PublicKey interface +func (k PublicKey) Subjects() []string { + // combine identities in the subject and SANs + identities := k.EmailAddresses() + cert, err := x509.ParseCertificate(k.certs[0].Raw) + if err != nil { + // This should not happen from a valid PublicKey, but fail gracefully. + return identities + } + identities = append(identities, cryptoutils.GetSubjectAlternateNames(cert)...) + return identities +} + +// Identities implements the pki.PublicKey interface +func (k PublicKey) Identities() ([]string, error) { + var identities []string + + // pkcs7 structure may contain both a key and certificate chain + pemCert, err := cryptoutils.MarshalCertificateToPEM(k.certs[0]) + if err != nil { + return nil, err + } + identities = append(identities, string(pemCert)) + pemKey, err := cryptoutils.MarshalPublicKeyToPEM(k.key) + if err != nil { + return nil, err + } + identities = append(identities, string(pemKey)) + + // Subjects come from the certificate Subject and SANs + // SANs could include an email, IP address, DNS name, URI, or any other value in the SAN + identities = append(identities, k.Subjects()...) + + return identities, nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/pki.go b/vendor/github.com/sigstore/rekor/pkg/pki/pki.go new file mode 100644 index 0000000000..fc60ac691e --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/pki.go @@ -0,0 +1,39 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package pki + +import ( + "io" + + sigsig "github.com/sigstore/sigstore/pkg/signature" +) + +// PublicKey Generic object representing a public key (regardless of format & algorithm) +type PublicKey interface { + CanonicalValue() ([]byte, error) + // Deprecated: EmailAddresses() will be deprecated in favor of Subjects() which will + // also return Subject URIs present in public keys. + EmailAddresses() []string + Subjects() []string + // Identities returns PEM-encoded public keys and subjects from either certificate or PGP keys + Identities() ([]string, error) +} + +// Signature Generic object representing a signature (regardless of format & algorithm) +type Signature interface { + CanonicalValue() ([]byte, error) + Verify(r io.Reader, k interface{}, opts ...sigsig.VerifyOption) error +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/ssh/README.md b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/README.md new file mode 100644 index 0000000000..5438f6f2d2 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/README.md @@ -0,0 +1,118 @@ +# SSH File Signatures + +SSH keys can be used to sign files! +Unfortunately this is a pretty recent change to the openssh tooling, so it is not +supported by golang.org/x/crypto/ssh yet. + +This document explains how it works at a high level. + +## Keys + +SSH keys are usually split into public and private files, named `id_rsa.pub` and +`id_rsa`, respectively. +These files are encoded and formatted a little differently than other signing keys. + +### Public Keys + +These are typically in the "known hosts" format. +This looks something like: + +``` +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDw0ZWP4zZLELSJVenQTQsrFJVBnoP64KTg/UWRU6qOb8HEOdtHJDOyTmo9dvN/yJoTFtWAfQEjaTsMVJzTD0gOk6ncTsp0BUtgXawSCfEUiv7v+2VgSVbUfAv/NL+HEGSCdcORnansIyrZaHwAjR3ei3O+pRWvgjRj3pOH1rWGrxaC5IbsELYzS/HvwAG/uwcxgBv4POvaq6eCEHVbqRjIYjjoYsC+c24sgSQxOyXvDS7j2z9TPHPvepDhVr9y6xnnqhLqZEWmidRrbb35aYkVLJxmGTFy/JW1cewyU2Jb3+sKQOiOwL7DAB39tRyec2ed+EHh6QLW4pcMnoXsWuPyi+G595HiUYmIlqXJ5JPo0Cv/rOJrmWSFceWiDjC/SeODp/AcK0EsN/p3wOp6ac7EzAz9Npri0vwSQX4MUYlya/olKiKCx5GIhTZtXioREPd8v4osx2VrVyDxKX99PVVbxw1FXSe4u+PuOawJzUA4vW41mxUY9zoAsb/fvoNPtrrT9HfC+7Pg6ryBdz+445M8Atc8YjjLeYXkTXWD6KMielRzBFFoIwIgi0bMotq3iQ9IwjQSXPMDQLb+UPg8xqsgRsX3wvyZzdBhxO4Bdomv7JYmySysaGgliHktU8qRse1lpDIXMovPtowywcKL4U3seDKrq7saVO0qdsLavy1o0w== lorenc.d@gmail.com +``` + +These can be parsed with [ParseKnownHosts](https://pkg.go.dev/golang.org/x/crypto/ssh#ParseKnownHosts) +, NOT `ParsePublicKey`. + +In addition to the key material itself, this can contain the algorithm (`ssh-rsa` here) and a comment +(lorenc.d@gmail.com) here. + +### Private Keys + +These are stored in an "armored" PEM format, resembling PGP or x509 keys: + +``` +-----BEGIN SSH PRIVATE KEY----- + +-----END SSH PRIVATE KEY----- +``` + +These can be parsed correctly with [ParsePrivateKey](https://pkg.go.dev/golang.org/x/crypto/ssh#ParsePrivateKey). + +## Wire Format + +The wire format is relatively standard. + +* Bytes are laid out in order. +* Fixed-length fields are laid out at the proper offset with the specified length. +* Strings are stored with the size as a prefix. + +## Signature + +These can be generated and validated from the command line with the `ssh-keygen -Y` set of commands: +`sign`, `verify`, and `check-novalidate`. + +To work with them in Go is a little tricker. +The signature is stored using a struct packed using the `openssh` wire format. +The data that is used in the signing function is also packed in another struct before it is signed. + +### Signature Format + +Signatures are formatted on disk in a PEM-encoded format. +The header is `-----BEGIN SSH SIGNATURE-----`, and the end is `-----END SSH SIGNATURE-----`. +The signature contents are base64-encoded. + +The signature contents are wrapped with extra metadata, then encoded as a struct using the +`openssh` wire format. +That struct is defined [here](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L34). + +In Go: + +``` +type WrappedSig struct { + MagicHeader [6]byte + Version uint32 + PublicKey string + Namespace string + Reserved string + HashAlgorithm string + Signature string +} +``` + +The `PublicKey` and `Signature` fields are also stored as openssh-wire-formatted structs. +The `MagicHeader` is `SSHSIG`. +The `Version` is 1. +The `Namespace` is `file` (for this use-case). +`Reserved` must be empty. + +Go can already parse the `PublicKey` and `Signature` fields, +and the `Signature` struct contains a `Blob` with the signature data. + +### Signed Message + +In addition to these wrappers, the message to be signed is wrapped with some metadata before +it is passed to the signing function. + +That wrapper is defined [here](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L81). + +And in Go: + +``` +type MessageWrapper struct { + Namespace string + Reserved string + HashAlgorithm string + Hash string +} +```. + +So, the data must first be hashed, then packed in this struct and encoded in the +openssh wire format. +Then, this resulting data is signed using the desired signature function. + +The `Namespace` field must be `file` (for this usecase). +The `Reserved` field must be empty. + +The output of this signature function (and the hash) becomes the `Signature.Blob` +value, which gets wire-encoded, wrapped, wire-encoded and finally pem-encoded. diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/ssh/encode.go b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/encode.go new file mode 100644 index 0000000000..e862fadfbf --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/encode.go @@ -0,0 +1,95 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "encoding/pem" + "errors" + "fmt" + + "golang.org/x/crypto/ssh" +) + +const ( + namespace = "file" + pemType = "SSH SIGNATURE" +) + +func Armor(s *ssh.Signature, p ssh.PublicKey) []byte { + sig := WrappedSig{ + Version: 1, + PublicKey: string(p.Marshal()), + Namespace: namespace, + HashAlgorithm: defaultHashAlgorithm, + Signature: string(ssh.Marshal(s)), + } + + copy(sig.MagicHeader[:], magicHeader) + + enc := pem.EncodeToMemory(&pem.Block{ + Type: pemType, + Bytes: ssh.Marshal(sig), + }) + return enc +} + +func Decode(b []byte) (*Signature, error) { + pemBlock, _ := pem.Decode(b) + if pemBlock == nil { + return nil, errors.New("unable to decode pem file") + } + + if pemBlock.Type != pemType { + return nil, fmt.Errorf("wrong pem block type: %s. Expected SSH-SIGNATURE", pemBlock.Type) + } + + // Now we unmarshal it into the Signature block + sig := WrappedSig{} + if err := ssh.Unmarshal(pemBlock.Bytes, &sig); err != nil { + return nil, err + } + + if sig.Version != 1 { + return nil, fmt.Errorf("unsupported signature version: %d", sig.Version) + } + if string(sig.MagicHeader[:]) != magicHeader { + return nil, fmt.Errorf("invalid magic header: %s", sig.MagicHeader[:]) + } + if sig.Namespace != "file" { + return nil, fmt.Errorf("invalid signature namespace: %s", sig.Namespace) + } + if _, ok := supportedHashAlgorithms[sig.HashAlgorithm]; !ok { + return nil, fmt.Errorf("unsupported hash algorithm: %s", sig.HashAlgorithm) + } + + // Now we can unpack the Signature and PublicKey blocks + sshSig := ssh.Signature{} + if err := ssh.Unmarshal([]byte(sig.Signature), &sshSig); err != nil { + return nil, err + } + // TODO: check the format here (should be rsa-sha512) + + pk, err := ssh.ParsePublicKey([]byte(sig.PublicKey)) + if err != nil { + return nil, err + } + + return &Signature{ + signature: &sshSig, + pk: pk, + hashAlg: sig.HashAlgorithm, + }, nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/ssh/sign.go b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/sign.go new file mode 100644 index 0000000000..8d148f79fe --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/sign.go @@ -0,0 +1,105 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "crypto/rand" + "crypto/sha256" + "crypto/sha512" + "hash" + "io" + + "golang.org/x/crypto/ssh" +) + +// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L81 +type MessageWrapper struct { + Namespace string + Reserved string + HashAlgorithm string + Hash string +} + +// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L34 +type WrappedSig struct { + MagicHeader [6]byte + Version uint32 + PublicKey string + Namespace string + Reserved string + HashAlgorithm string + Signature string +} + +const ( + magicHeader = "SSHSIG" + defaultHashAlgorithm = "sha512" +) + +var supportedHashAlgorithms = map[string]func() hash.Hash{ + "sha256": sha256.New, + "sha512": sha512.New, +} + +func sign(s ssh.AlgorithmSigner, m io.Reader) (*ssh.Signature, error) { + hf := sha512.New() + if _, err := io.Copy(hf, m); err != nil { + return nil, err + } + mh := hf.Sum(nil) + + sp := MessageWrapper{ + Namespace: "file", + HashAlgorithm: defaultHashAlgorithm, + Hash: string(mh), + } + + dataMessageWrapper := ssh.Marshal(sp) + dataMessageWrapper = append([]byte(magicHeader), dataMessageWrapper...) + + // ssh-rsa is not supported for RSA keys: + // https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L71 + // We can use the default value of "" for other key types though. + algo := "" + if s.PublicKey().Type() == ssh.KeyAlgoRSA { + algo = ssh.KeyAlgoRSASHA512 + } + sig, err := s.SignWithAlgorithm(rand.Reader, dataMessageWrapper, algo) + if err != nil { + return nil, err + } + return sig, nil +} + +func Sign(sshPrivateKey string, data io.Reader) ([]byte, error) { + s, err := ssh.ParsePrivateKey([]byte(sshPrivateKey)) + if err != nil { + return nil, err + } + + as, ok := s.(ssh.AlgorithmSigner) + if !ok { + return nil, err + } + + sig, err := sign(as, data) + if err != nil { + return nil, err + } + + armored := Armor(sig, s.PublicKey()) + return armored, nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go new file mode 100644 index 0000000000..30f84ba23b --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/ssh.go @@ -0,0 +1,132 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "bytes" + "fmt" + "io" + "net/http" + + "github.com/asaskevich/govalidator" + sigsig "github.com/sigstore/sigstore/pkg/signature" + "golang.org/x/crypto/ssh" +) + +type Signature struct { + signature *ssh.Signature + pk ssh.PublicKey + hashAlg string +} + +// NewSignature creates and Validates an ssh signature object +func NewSignature(r io.Reader) (*Signature, error) { + b, err := io.ReadAll(r) + if err != nil { + return nil, err + } + sig, err := Decode(b) + if err != nil { + return nil, err + } + return sig, nil +} + +// CanonicalValue implements the pki.Signature interface +func (s Signature) CanonicalValue() ([]byte, error) { + return []byte(Armor(s.signature, s.pk)), nil +} + +// Verify implements the pki.Signature interface +func (s Signature) Verify(r io.Reader, k interface{}, _ ...sigsig.VerifyOption) error { + if s.signature == nil { + return fmt.Errorf("ssh signature has not been initialized") + } + + key, ok := k.(*PublicKey) + if !ok { + return fmt.Errorf("invalid public key type for: %v", k) + } + + ck, err := key.CanonicalValue() + if err != nil { + return err + } + cs, err := s.CanonicalValue() + if err != nil { + return err + } + return Verify(r, cs, ck) +} + +// PublicKey contains an ssh PublicKey +type PublicKey struct { + key ssh.PublicKey + comment string +} + +// NewPublicKey implements the pki.PublicKey interface +func NewPublicKey(r io.Reader) (*PublicKey, error) { + // 64K seems generous as a limit for valid SSH keys + // we use http.MaxBytesReader and pass nil for ResponseWriter to reuse stdlib + // and not reimplement this; There is a proposal for this to be fixed in 1.20 + // https://github.com/golang/go/issues/51115 + // TODO: switch this to stdlib once golang 1.20 comes out + rawPub, err := io.ReadAll(http.MaxBytesReader(nil, io.NopCloser(r), 65536)) + if err != nil { + return nil, err + } + + key, comment, _, _, err := ssh.ParseAuthorizedKey(rawPub) + if err != nil { + return nil, err + } + + return &PublicKey{key: key, comment: comment}, nil +} + +// CanonicalValue implements the pki.PublicKey interface +func (k PublicKey) CanonicalValue() ([]byte, error) { + if k.key == nil { + return nil, fmt.Errorf("ssh public key has not been initialized") + } + return ssh.MarshalAuthorizedKey(k.key), nil +} + +// EmailAddresses implements the pki.PublicKey interface +func (k PublicKey) EmailAddresses() []string { + return nil +} + +// Subjects implements the pki.PublicKey interface +func (k PublicKey) Subjects() []string { + return nil +} + +// Identities implements the pki.PublicKey interface +func (k PublicKey) Identities() ([]string, error) { + var identities []string + + // an authorized key format + authorizedKey := string(bytes.TrimSpace(ssh.MarshalAuthorizedKey(k.key))) + identities = append(identities, authorizedKey) + + if govalidator.IsEmail(k.comment) { + identities = append(identities, k.comment) + } + + return identities, nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/ssh/verify.go b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/verify.go new file mode 100644 index 0000000000..3bbc0efdd6 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/ssh/verify.go @@ -0,0 +1,50 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ssh + +import ( + "io" + + "golang.org/x/crypto/ssh" +) + +func Verify(message io.Reader, armoredSignature []byte, publicKey []byte) error { + decodedSignature, err := Decode(armoredSignature) + if err != nil { + return err + } + + desiredPk, _, _, _, err := ssh.ParseAuthorizedKey(publicKey) + if err != nil { + return err + } + + // Hash the message so we can verify it against the signature. + h := supportedHashAlgorithms[decodedSignature.hashAlg]() + if _, err := io.Copy(h, message); err != nil { + return err + } + hm := h.Sum(nil) + + toVerify := MessageWrapper{ + Namespace: "file", + HashAlgorithm: decodedSignature.hashAlg, + Hash: string(hm), + } + signedMessage := ssh.Marshal(toVerify) + signedMessage = append([]byte(magicHeader), signedMessage...) + return desiredPk.Verify(signedMessage, decodedSignature.signature) +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go b/vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go new file mode 100644 index 0000000000..7da68e2e47 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/tuf/tuf.go @@ -0,0 +1,181 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tuf + +import ( + "encoding/json" + "fmt" + "io" + "time" + + "github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer" + sigsig "github.com/sigstore/sigstore/pkg/signature" + "github.com/theupdateframework/go-tuf/data" + "github.com/theupdateframework/go-tuf/verify" +) + +type Signature struct { + signed *data.Signed + Role string + Version int +} + +type signedMeta struct { + Type string `json:"_type"` + Expires time.Time `json:"expires"` + Version int `json:"version"` + SpecVersion string `json:"spec_version"` +} + +// NewSignature creates and validates a TUF signed manifest +func NewSignature(r io.Reader) (*Signature, error) { + b, err := io.ReadAll(r) + if err != nil { + return nil, err + } + + s := &data.Signed{} + if err := json.Unmarshal(b, s); err != nil { + return nil, err + } + + // extract role + sm := &signedMeta{} + if err := json.Unmarshal(s.Signed, sm); err != nil { + return nil, err + } + + return &Signature{ + signed: s, + Role: sm.Type, + Version: sm.Version, + }, nil +} + +// CanonicalValue implements the pki.Signature interface +func (s Signature) CanonicalValue() ([]byte, error) { + if s.signed == nil { + return nil, fmt.Errorf("tuf manifest has not been initialized") + } + marshalledBytes, err := json.Marshal(s.signed) + if err != nil { + return nil, fmt.Errorf("marshalling signature: %w", err) + } + return jsoncanonicalizer.Transform(marshalledBytes) +} + +// Verify implements the pki.Signature interface +func (s Signature) Verify(_ io.Reader, k interface{}, _ ...sigsig.VerifyOption) error { + key, ok := k.(*PublicKey) + if !ok { + return fmt.Errorf("invalid public key type for: %v", k) + } + + if key.db == nil { + return fmt.Errorf("tuf root has not been initialized") + } + + return key.db.Verify(s.signed, s.Role, 0) +} + +// PublicKey Public Key database with verification keys +type PublicKey struct { + // we keep the signed root to retrieve the canonical value + root *data.Signed + db *verify.DB +} + +// NewPublicKey implements the pki.PublicKey interface +func NewPublicKey(r io.Reader) (*PublicKey, error) { + rawRoot, err := io.ReadAll(r) + if err != nil { + return nil, err + } + + // Unmarshal this to verify that this is a valid root.json + s := &data.Signed{} + if err := json.Unmarshal(rawRoot, s); err != nil { + return nil, err + } + root := &data.Root{} + if err := json.Unmarshal(s.Signed, root); err != nil { + return nil, err + } + + // Now create a verification db that trusts all the keys + db := verify.NewDB() + for id, k := range root.Keys { + if err := db.AddKey(id, k); err != nil { + return nil, err + } + } + for name, role := range root.Roles { + if err := db.AddRole(name, role); err != nil { + return nil, err + } + } + + // Verify that this root.json was signed. + if err := db.Verify(s, "root", 0); err != nil { + return nil, err + } + + return &PublicKey{root: s, db: db}, nil +} + +// CanonicalValue implements the pki.PublicKey interface +func (k PublicKey) CanonicalValue() (encoded []byte, err error) { + if k.root == nil { + return nil, fmt.Errorf("tuf root has not been initialized") + } + marshalledBytes, err := json.Marshal(k.root) + if err != nil { + return nil, fmt.Errorf("marshalling tuf root: %w", err) + } + return jsoncanonicalizer.Transform(marshalledBytes) +} + +func (k PublicKey) SpecVersion() (string, error) { + // extract role + sm := &signedMeta{} + if err := json.Unmarshal(k.root.Signed, sm); err != nil { + return "", err + } + return sm.SpecVersion, nil +} + +// EmailAddresses implements the pki.PublicKey interface +func (k PublicKey) EmailAddresses() []string { + return nil +} + +// Subjects implements the pki.PublicKey interface +func (k PublicKey) Subjects() []string { + return nil +} + +// Identities implements the pki.PublicKey interface +func (k PublicKey) Identities() ([]string, error) { + root := &data.Root{} + if err := json.Unmarshal(k.root.Signed, root); err != nil { + return nil, err + } + identity, err := json.Marshal(root.Keys) + if err != nil { + return nil, err + } + return []string{string(identity)}, nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/x509/e2e.go b/vendor/github.com/sigstore/rekor/pkg/pki/x509/e2e.go new file mode 100644 index 0000000000..62a4599089 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/x509/e2e.go @@ -0,0 +1,193 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build e2e +// +build e2e + +package x509 + +import ( + "bytes" + "context" + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "encoding/pem" + "errors" + "io/ioutil" + "testing" + + "github.com/sigstore/rekor/pkg/util" + "github.com/sigstore/sigstore/pkg/signature" + "github.com/sigstore/sigstore/pkg/signature/options" +) + +// Generated with: +// openssl ecparam -genkey -name prime256v1 > ec_private.pem +// openssl pkcs8 -topk8 -in ec_private.pem -nocrypt +const ECDSAPriv = `-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgmrLtCpBdXgXLUr7o +nSUPfo3oXMjmvuwTOjpTulIBKlKhRANCAATH6KSpTFe6uXFmW1qNEFXaO7fWPfZt +pPZrHZ1cFykidZoURKoYXfkohJ+U/USYy8Sd8b4DMd5xDRZCnlDM0h37 +-----END PRIVATE KEY-----` + +// Extracted from above with: +// openssl ec -in ec_private.pem -pubout +const ECDSAPub = `-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEx+ikqUxXurlxZltajRBV2ju31j32 +baT2ax2dXBcpInWaFESqGF35KISflP1EmMvEnfG+AzHecQ0WQp5QzNId+w== +-----END PUBLIC KEY-----` + +// Generated with: +// openssl req -newkey rsa:2048 -nodes -keyout test.key -x509 -out test.crt +const RSACert = `-----BEGIN CERTIFICATE----- +MIIDOjCCAiKgAwIBAgIUEP925shVBKERFCsymdSqESLZFyMwDQYJKoZIhvcNAQEL +BQAwHzEdMBsGCSqGSIb3DQEJARYOdGVzdEByZWtvci5kZXYwHhcNMjEwNDIxMjAy +ODAzWhcNMjEwNTIxMjAyODAzWjAfMR0wGwYJKoZIhvcNAQkBFg50ZXN0QHJla29y +LmRldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8KiP08rFIik4GN +W8/sHSXxDopeDBLEQEihsyXXWesfYW/q59lFaCZrsTetlyNEzKDJ+JrpIHwoGOo4 +EwefFfvy2nkgPFs9aeIDsYZNZnIGxeB8sUfsZUYGHx+Ikm18vhM//GYzNjjuvHyq ++CWRAOS12ZISa99iah/lIhcP8IEj1gPGldAH0QFx3XpCePAdQocSU6ziVkj054/x +NJXy1bKySrVw7gvE9LxZlVO9urSOnzg7BBOla0mob8NRDVB8yN+LG365q4IMDzuI +jAEL6sLtoJ9pcemo1rIfNOhSLYlzfg7oszJ8eCjASNCCcp6EKVjhW7LRoldC8oGZ +EOrKM78CAwEAAaNuMGwwHQYDVR0OBBYEFGjs8EHKT3x1itwwptJLuQQg/hQcMB8G +A1UdIwQYMBaAFGjs8EHKT3x1itwwptJLuQQg/hQcMA8GA1UdEwEB/wQFMAMBAf8w +GQYDVR0RBBIwEIEOdGVzdEByZWtvci5kZXYwDQYJKoZIhvcNAQELBQADggEBAAHE +bYuePN3XpM7pHoCz6g4uTHu0VrezqJyK1ohysgWJmSJzzazUeISXk0xWnHPk1Zxi +kzoEuysI8b0P7yodMA8e16zbIOL6QbGe3lNXYqRIg+bl+4OPFGVMX8xHNZmeh0kD +vX1JVS+y9uyo4/z/pm0JhaSCn85ft/Y5uXMQYn1wFR5DAcJH+iWjNX4fipGxGRE9 +Cy0DjFnYJ3SRY4HPQ0oUSQmyhrwe2DiYzeqtbL2KJBXPcFQKWhkf/fupdYFljvcH +d9NNfRb0p2oFGG/J0ROg9pEcP1/aZP5k8P2pRdt3y7h1MAtmg2bgEdugZgXwAUmM +BmU8k2FeTuqV15piPCE= +-----END CERTIFICATE-----` + +const RSAKey = `-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfCoj9PKxSIpOB +jVvP7B0l8Q6KXgwSxEBIobMl11nrH2Fv6ufZRWgma7E3rZcjRMygyfia6SB8KBjq +OBMHnxX78tp5IDxbPWniA7GGTWZyBsXgfLFH7GVGBh8fiJJtfL4TP/xmMzY47rx8 +qvglkQDktdmSEmvfYmof5SIXD/CBI9YDxpXQB9EBcd16QnjwHUKHElOs4lZI9OeP +8TSV8tWyskq1cO4LxPS8WZVTvbq0jp84OwQTpWtJqG/DUQ1QfMjfixt+uauCDA87 +iIwBC+rC7aCfaXHpqNayHzToUi2Jc34O6LMyfHgowEjQgnKehClY4Vuy0aJXQvKB +mRDqyjO/AgMBAAECggEBAIHOAs3Gis8+WjRSjXVjh882DG1QsJwXZQYgPT+vpiAl +YjKdNpOHRkbd9ARgXY5kEuccxDd7p7E6MM3XFpQf7M51ltpZfWboRgAIgD+WOiHw +eSbdytr95C6tj11twTJBH+naGk1sTokxv7aaVdKfIjL49oeBexBFmVe4pW9gkmrE +1z1y1a0RohqbZ0kprYPWjz5UhsNqbCzgkdDqS7IrcOwVg6zvKYFjHnqIHqaJXVif +FgIfoNt7tz+12FTHI+6OkKoN3YCJueaxneBhITXm6RLOpQWa9qhdUPbkJ9vQNfph +Qqke4faaxKY9UDma+GpEHR016AWufZp92pd9wQkDn0kCgYEA7w/ZizAkefHoZhZ8 +Isn/fYu4fdtUaVgrnGUVZobiGxWrHRU9ikbAwR7UwbgRSfppGiJdAMq1lyH2irmb +4OHU64rjuYSlIqUWHLQHWmqUbLUvlDojH/vdmH/Zn0AbrLZaimC5UCjK3Eb7sAMq +G0tGeDX2JraQvx7KrbC6peTaaaMCgYEA7tgZBiRCQJ7+mNu+gX9x6OXtjsDCh516 +vToRLkxWc7LAbC9LKsuEHl4e3vy1PY/nyuv12Ng2dBq4WDXozAmVgz0ok7rRlIFp +w8Yj8o/9KuGZkD/7tw/pLsVc9Q3Wf0ACrnAAh7+3dAvn3yg+WHwXzqWIbrseDPt9 +ILCfUoNDpzUCgYAKFCX8y0PObFd67lm/cbq2xUw66iNN6ay1BEH5t5gSwkAbksis +ar03pyAbJrJ75vXFZ0t6fBFZ1NG7GYYr3fmHEKz3JlN7+W/MN/7TXgjx6FWgLy9J +6ul1w3YeU6qXBn0ctmU5ru6WiNuVmRyOWAcZjFTbXvkNRbQPzJKh6dsXdwKBgA1D +FIihxMf/zBVCxl48bF/JPJqbm3GaTfFp4wBWHsrH1yVqrtrOeCSTh1VMZOfpMK60 +0W7b+pIR1cCYJbgGpDWoVLN3QSHk2bGUM/TJB/60jilTVC/DA2ikbtfwj8N7E2sK +Lw1amN4ptxNOEcAqC8xepqe3XiDMahNBm2cigMQtAoGBAKwrXvss2BKz+/6poJQU +A0c7jhMN8M9Y5S2Ockw07lrQeAgfu4q+/8ztm0NeHJbk01IJvJY5Nt7bSgwgNVlo +j7vR2BMAc9U73Ju9aeTl/L6GqmZyA+Ojhl5gA5DPZYqNiqi93ydgRaI6n4+o3dI7 +5wnr40AmbuKCDvMOvN7nMybL +-----END PRIVATE KEY-----` + +// Extracted from the certificate using: +// openssl x509 -pubkey -noout -in test.crt +const PubKey = `-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wqI/TysUiKTgY1bz+wd +JfEOil4MEsRASKGzJddZ6x9hb+rn2UVoJmuxN62XI0TMoMn4mukgfCgY6jgTB58V ++/LaeSA8Wz1p4gOxhk1mcgbF4HyxR+xlRgYfH4iSbXy+Ez/8ZjM2OO68fKr4JZEA +5LXZkhJr32JqH+UiFw/wgSPWA8aV0AfRAXHdekJ48B1ChxJTrOJWSPTnj/E0lfLV +srJKtXDuC8T0vFmVU726tI6fODsEE6VrSahvw1ENUHzI34sbfrmrggwPO4iMAQvq +wu2gn2lx6ajWsh806FItiXN+DuizMnx4KMBI0IJynoQpWOFbstGiV0LygZkQ6soz +vwIDAQAB +-----END PUBLIC KEY-----` + +var ( + CertPrivateKey *rsa.PrivateKey + Certificate *x509.Certificate +) + +func init() { + p, _ := pem.Decode([]byte(RSAKey)) + priv, err := x509.ParsePKCS8PrivateKey(p.Bytes) + if err != nil { + panic(err) + } + cpk, ok := priv.(*rsa.PrivateKey) + if !ok { + panic("unsuccessful conversion") + } + CertPrivateKey = cpk + + p, _ = pem.Decode([]byte(RSACert)) + Certificate, err = x509.ParseCertificate(p.Bytes) + if err != nil { + panic(err) + } +} + +func SignX509Cert(b []byte) ([]byte, error) { + dgst := sha256.Sum256(b) + signature, err := CertPrivateKey.Sign(rand.Reader, dgst[:], crypto.SHA256) + return signature, err +} + +// CreatedX509SignedArtifact gets the test dir setup correctly with some random artifacts and keys. +func CreatedX509SignedArtifact(t *testing.T, artifactPath, sigPath string) { + t.Helper() + artifact := util.CreateArtifact(t, artifactPath) + + // Sign it with our key and write that to a file + signature, err := SignX509Cert([]byte(artifact)) + if err != nil { + t.Fatal(err) + } + if err := ioutil.WriteFile(sigPath, []byte(signature), 0644); err != nil { + t.Fatal(err) + } +} + +type Verifier struct { + S signature.Signer + v signature.Verifier +} + +func (v *Verifier) KeyID() (string, error) { + return "", nil +} + +func (v *Verifier) Public() crypto.PublicKey { + return v.v.PublicKey +} + +func (v *Verifier) Sign(_ context.Context, data []byte) (sig []byte, err error) { + if v.S == nil { + return nil, errors.New("nil signer") + } + sig, err = v.S.SignMessage(bytes.NewReader(data), options.WithCryptoSignerOpts(crypto.SHA256)) + if err != nil { + return nil, err + } + return sig, nil +} + +func (v *Verifier) Verify(_ context.Context, data, sig []byte) error { + if v.v == nil { + return errors.New("nil Verifier") + } + return v.v.VerifySignature(bytes.NewReader(sig), bytes.NewReader(data)) +} diff --git a/vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go b/vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go new file mode 100644 index 0000000000..9624981a14 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/pki/x509/x509.go @@ -0,0 +1,285 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package x509 + +import ( + "bytes" + "crypto" + "crypto/x509" + "encoding/asn1" + "encoding/pem" + "errors" + "fmt" + "io" + "strings" + + validator "github.com/go-playground/validator/v10" + "github.com/sigstore/sigstore/pkg/cryptoutils" + sigsig "github.com/sigstore/sigstore/pkg/signature" +) + +// EmailAddressOID defined by https://oidref.com/1.2.840.113549.1.9.1 +var EmailAddressOID asn1.ObjectIdentifier = []int{1, 2, 840, 113549, 1, 9, 1} + +type Signature struct { + signature []byte +} + +// NewSignature creates and validates an x509 signature object +func NewSignature(r io.Reader) (*Signature, error) { + b, err := io.ReadAll(r) + if err != nil { + return nil, err + } + return &Signature{ + signature: b, + }, nil +} + +// CanonicalValue implements the pki.Signature interface +func (s Signature) CanonicalValue() ([]byte, error) { + return s.signature, nil +} + +// Verify implements the pki.Signature interface +func (s Signature) Verify(r io.Reader, k interface{}, opts ...sigsig.VerifyOption) error { + if len(s.signature) == 0 { + //lint:ignore ST1005 X509 is proper use of term + return fmt.Errorf("X509 signature has not been initialized") + } + + key, ok := k.(*PublicKey) + if !ok { + return fmt.Errorf("invalid public key type for: %v", k) + } + + p := key.key + if p == nil { + switch { + case key.cert != nil: + p = key.cert.c.PublicKey + case len(key.certs) > 0: + if err := verifyCertChain(key.certs); err != nil { + return err + } + p = key.certs[0].PublicKey + default: + return errors.New("no public key found") + } + } + + verifier, err := sigsig.LoadVerifier(p, crypto.SHA256) + if err != nil { + return err + } + return verifier.VerifySignature(bytes.NewReader(s.signature), r, opts...) +} + +// PublicKey Public Key that follows the x509 standard +type PublicKey struct { + key interface{} + cert *cert + certs []*x509.Certificate +} + +type cert struct { + c *x509.Certificate + b []byte +} + +// NewPublicKey implements the pki.PublicKey interface +func NewPublicKey(r io.Reader) (*PublicKey, error) { + rawPub, err := io.ReadAll(r) + if err != nil { + return nil, err + } + trimmedRawPub := bytes.TrimSpace(rawPub) + + block, rest := pem.Decode(trimmedRawPub) + if block == nil { + return nil, errors.New("invalid public key: failure decoding PEM") + } + + // Handle certificate chain, concatenated PEM-encoded certificates + if len(rest) > 0 { + // Support up to 10 certificates in a chain, to avoid parsing extremely long chains + certs, err := cryptoutils.UnmarshalCertificatesFromPEMLimited(trimmedRawPub, 10) + if err != nil { + return nil, err + } + return &PublicKey{certs: certs}, nil + } + + switch block.Type { + case string(cryptoutils.PublicKeyPEMType): + key, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + return nil, err + } + return &PublicKey{key: key}, nil + case string(cryptoutils.CertificatePEMType): + c, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, err + } + return &PublicKey{ + cert: &cert{ + c: c, + b: block.Bytes, + }}, nil + } + return nil, fmt.Errorf("invalid public key: cannot handle type %v", block.Type) +} + +// CanonicalValue implements the pki.PublicKey interface +func (k PublicKey) CanonicalValue() (encoded []byte, err error) { + + switch { + case k.key != nil: + encoded, err = cryptoutils.MarshalPublicKeyToPEM(k.key) + case k.cert != nil: + encoded, err = cryptoutils.MarshalCertificateToPEM(k.cert.c) + case k.certs != nil: + encoded, err = cryptoutils.MarshalCertificatesToPEM(k.certs) + default: + err = fmt.Errorf("x509 public key has not been initialized") + } + + return +} + +func (k PublicKey) CryptoPubKey() crypto.PublicKey { + if k.cert != nil { + return k.cert.c.PublicKey + } + if len(k.certs) > 0 { + return k.certs[0].PublicKey + } + return k.key +} + +// EmailAddresses implements the pki.PublicKey interface +func (k PublicKey) EmailAddresses() []string { + var names []string + var cert *x509.Certificate + if k.cert != nil { + cert = k.cert.c + } else if len(k.certs) > 0 { + cert = k.certs[0] + } + if cert != nil { + validate := validator.New() + for _, name := range cert.EmailAddresses { + errs := validate.Var(name, "required,email") + if errs == nil { + names = append(names, strings.ToLower(name)) + } + } + } + return names +} + +// Subjects implements the pki.PublicKey interface +func (k PublicKey) Subjects() []string { + var names []string + var cert *x509.Certificate + if k.cert != nil { + cert = k.cert.c + } else if len(k.certs) > 0 { + cert = k.certs[0] + } + if cert != nil { + validate := validator.New() + for _, name := range cert.EmailAddresses { + if errs := validate.Var(name, "required,email"); errs == nil { + names = append(names, strings.ToLower(name)) + } + } + for _, name := range cert.URIs { + if errs := validate.Var(name.String(), "required,uri"); errs == nil { + names = append(names, strings.ToLower(name.String())) + } + } + otherName, _ := cryptoutils.UnmarshalOtherNameSAN(cert.Extensions) + if len(otherName) > 0 { + names = append(names, otherName) + } + } + return names +} + +// Identities implements the pki.PublicKey interface +func (k PublicKey) Identities() ([]string, error) { + // k contains either a key, a cert, or a list of certs + if k.key != nil { + pem, err := cryptoutils.MarshalPublicKeyToPEM(k.key) + if err != nil { + return nil, err + } + return []string{string(pem)}, nil + } + + var cert *x509.Certificate + switch { + case k.cert != nil: + cert = k.cert.c + case len(k.certs) > 0: + cert = k.certs[0] + default: + return nil, errors.New("no key, certificate or certificate chain provided") + } + + var identities []string + pemCert, err := cryptoutils.MarshalCertificateToPEM(cert) + if err != nil { + return nil, err + } + identities = append(identities, string(pemCert)) + pemKey, err := cryptoutils.MarshalPublicKeyToPEM(cert.PublicKey) + if err != nil { + return nil, err + } + identities = append(identities, string(pemKey)) + identities = append(identities, cryptoutils.GetSubjectAlternateNames(cert)...) + return identities, nil +} + +func verifyCertChain(certChain []*x509.Certificate) error { + if len(certChain) == 0 { + return errors.New("no certificate chain provided") + } + // No certificate chain to verify + if len(certChain) == 1 { + return nil + } + rootPool := x509.NewCertPool() + rootPool.AddCert(certChain[len(certChain)-1]) + subPool := x509.NewCertPool() + for _, c := range certChain[1 : len(certChain)-1] { + subPool.AddCert(c) + } + if _, err := certChain[0].Verify(x509.VerifyOptions{ + Roots: rootPool, + Intermediates: subPool, + // Allow any key usage + KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, + // Expired certificates can be uploaded and should be verifiable + CurrentTime: certChain[0].NotBefore, + }); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/types/README.md b/vendor/github.com/sigstore/rekor/pkg/types/README.md new file mode 100644 index 0000000000..76cb36e61a --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/types/README.md @@ -0,0 +1,32 @@ +# Pluggable Types + +## Description + +Rekor supports pluggable types (aka different schemas) for entries stored in the transparency log. + +### Currently supported types + +- Alpine Packages [schema](alpine/alpine_schema.json) + - Versions: 0.0.1 +- COSE Envelopes [schema](cose/cose_schema.json) + - Versions: 0.0.1 +- DSSE Envelopes [schema](dsse/dsse_schema.json) + - Versions: 0.0.1 +- HashedRekord [schema](hashedrekord/hashedrekord_schema.json) + - Versions: 0.0.1 +- Helm Provenance Files [schema](helm/helm_schema.json) + - Versions: 0.0.1 +- In-Toto Attestations [schema](intoto/intoto_schema.json) + - Versions: 0.0.1, 0.0.2 +- Java Archives (JAR Files) [schema](jar/jar_schema.json) + - Versions: 0.0.1 +- Rekord *(default type)* [schema](rekord/rekord_schema.json) + - Versions: 0.0.1 +- RFC3161 Timestamps [schema](rfc3161/rfc3161_schema.json) + - Versions: 0.0.1 +- RPM Packages [schema](rpm/rpm_schema.json) + - Versions: 0.0.1 +- TUF Metadata [schema](tuf/tuf_schema.json) + - Versions: 0.0.1 + +Refer to [Rekor docs](https://docs.sigstore.dev/rekor/pluggable-types) for adding support for new types. diff --git a/vendor/github.com/sigstore/rekor/pkg/types/entries.go b/vendor/github.com/sigstore/rekor/pkg/types/entries.go new file mode 100644 index 0000000000..9309b4c334 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/types/entries.go @@ -0,0 +1,175 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import ( + "context" + "encoding/base64" + "errors" + "fmt" + "net/url" + "reflect" + + "github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer" + "github.com/go-openapi/strfmt" + "github.com/mitchellh/mapstructure" + "github.com/sigstore/rekor/pkg/generated/models" + "github.com/sigstore/rekor/pkg/pki" +) + +// EntryImpl specifies the behavior of a versioned type +type EntryImpl interface { + APIVersion() string // the supported versions for this implementation + IndexKeys() ([]string, error) // the keys that should be added to the external index for this entry + Canonicalize(ctx context.Context) ([]byte, error) // marshal the canonical entry to be put into the tlog + Unmarshal(e models.ProposedEntry) error // unmarshal the abstract entry into the specific struct for this versioned type + CreateFromArtifactProperties(context.Context, ArtifactProperties) (models.ProposedEntry, error) + Verifier() (pki.PublicKey, error) + Insertable() (bool, error) // denotes whether the entry that was unmarshalled has the writeOnly fields required to validate and insert into the log +} + +// EntryWithAttestationImpl specifies the behavior of a versioned type that also stores attestations +type EntryWithAttestationImpl interface { + EntryImpl + AttestationKey() string // returns the key used to look up the attestation from storage (should be sha256:digest) + AttestationKeyValue() (string, []byte) // returns the key to be used when storing the attestation as well as the attestation itself +} + +// ProposedEntryIterator is an iterator over a list of proposed entries +type ProposedEntryIterator interface { + models.ProposedEntry + HasNext() bool + Get() models.ProposedEntry + GetNext() models.ProposedEntry +} + +// EntryFactory describes a factory function that can generate structs for a specific versioned type +type EntryFactory func() EntryImpl + +func NewProposedEntry(ctx context.Context, kind, version string, props ArtifactProperties) (models.ProposedEntry, error) { + if tf, found := TypeMap.Load(kind); found { + t := tf.(func() TypeImpl)() + if t == nil { + return nil, fmt.Errorf("error generating object for kind '%v'", kind) + } + return t.CreateProposedEntry(ctx, version, props) + } + return nil, fmt.Errorf("could not create entry for kind '%v'", kind) +} + +// CreateVersionedEntry returns the specific instance for the type and version specified in the doc +// This method should be used on the insertion flow, which validates that the specific version proposed +// is permitted to be entered into the log. +func CreateVersionedEntry(pe models.ProposedEntry) (EntryImpl, error) { + ei, err := UnmarshalEntry(pe) + if err != nil { + return nil, err + } + kind := pe.Kind() + if tf, found := TypeMap.Load(kind); found { + if !tf.(func() TypeImpl)().IsSupportedVersion(ei.APIVersion()) { + return nil, fmt.Errorf("entry kind '%v' does not support inserting entries of version '%v'", kind, ei.APIVersion()) + } + } else { + return nil, fmt.Errorf("unknown kind '%v' specified", kind) + } + + if ok, err := ei.Insertable(); !ok { + return nil, fmt.Errorf("entry not insertable into log: %w", err) + } + + return ei, nil +} + +// UnmarshalEntry returns the specific instance for the type and version specified in the doc +// This method does not check for whether the version of the entry could be currently inserted into the log, +// and is useful when dealing with entries that have been persisted to the log. +func UnmarshalEntry(pe models.ProposedEntry) (EntryImpl, error) { + if pe == nil { + return nil, errors.New("proposed entry cannot be nil") + } + + kind := pe.Kind() + if tf, found := TypeMap.Load(kind); found { + t := tf.(func() TypeImpl)() + if t == nil { + return nil, fmt.Errorf("error generating object for kind '%v'", kind) + } + return t.UnmarshalEntry(pe) + } + return nil, fmt.Errorf("could not unmarshal entry for kind '%v'", kind) +} + +// DecodeEntry maps the (abstract) input structure into the specific entry implementation class; +// while doing so, it detects the case where we need to convert from string to []byte and does +// the base64 decoding required to make that happen. +// This also detects converting from string to strfmt.DateTime +func DecodeEntry(input, output interface{}) error { + cfg := mapstructure.DecoderConfig{ + DecodeHook: func(f reflect.Type, t reflect.Type, data interface{}) (interface{}, error) { + if f.Kind() != reflect.String || t.Kind() != reflect.Slice && t != reflect.TypeOf(strfmt.DateTime{}) { + return data, nil + } + + if data == nil { + return nil, errors.New("attempted to decode nil data") + } + + if t == reflect.TypeOf(strfmt.DateTime{}) { + return strfmt.ParseDateTime(data.(string)) + } + + bytes, err := base64.StdEncoding.DecodeString(data.(string)) + if err != nil { + return []byte{}, fmt.Errorf("failed parsing base64 data: %v", err) + } + return bytes, nil + }, + Result: output, + } + + dec, err := mapstructure.NewDecoder(&cfg) + if err != nil { + return fmt.Errorf("error initializing decoder: %w", err) + } + + return dec.Decode(input) +} + +// CanonicalizeEntry returns the entry marshalled in JSON according to the +// canonicalization rules of RFC8785 to protect against any changes in golang's JSON +// marshalling logic that may reorder elements +func CanonicalizeEntry(ctx context.Context, entry EntryImpl) ([]byte, error) { + canonicalEntry, err := entry.Canonicalize(ctx) + if err != nil { + return nil, err + } + return jsoncanonicalizer.Transform(canonicalEntry) +} + +// ArtifactProperties provide a consistent struct for passing values from +// CLI flags to the type+version specific CreateProposeEntry() methods +type ArtifactProperties struct { + AdditionalAuthenticatedData []byte + ArtifactPath *url.URL + ArtifactHash string + ArtifactBytes []byte + SignaturePath *url.URL + SignatureBytes []byte + PublicKeyPaths []*url.URL + PublicKeyBytes [][]byte + PKIFormat string +} diff --git a/vendor/github.com/sigstore/rekor/pkg/types/error.go b/vendor/github.com/sigstore/rekor/pkg/types/error.go new file mode 100644 index 0000000000..01b8c14dbc --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/types/error.go @@ -0,0 +1,20 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +// ValidationError indicates that there is an issue with the content in the HTTP Request that +// should result in an HTTP 400 Bad Request error being returned to the client +type ValidationError error diff --git a/vendor/github.com/sigstore/rekor/pkg/types/test_util.go b/vendor/github.com/sigstore/rekor/pkg/types/test_util.go new file mode 100644 index 0000000000..03b5b9c0b0 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/types/test_util.go @@ -0,0 +1,90 @@ +/* +Copyright © 2021 The Sigstore Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package types + +import ( + "context" + + "github.com/go-openapi/strfmt" + + "github.com/sigstore/rekor/pkg/generated/models" + "github.com/sigstore/rekor/pkg/pki" +) + +type BaseUnmarshalTester struct{} + +func (u BaseUnmarshalTester) NewEntry() EntryImpl { + return &BaseUnmarshalTester{} +} + +func (u BaseUnmarshalTester) Verifier() (pki.PublicKey, error) { + return nil, nil +} + +func (u BaseUnmarshalTester) APIVersion() string { + return "2.0.1" +} + +func (u BaseUnmarshalTester) IndexKeys() ([]string, error) { + return []string{}, nil +} + +func (u BaseUnmarshalTester) Canonicalize(_ context.Context) ([]byte, error) { + return nil, nil +} + +func (u BaseUnmarshalTester) Unmarshal(_ models.ProposedEntry) error { + return nil +} + +func (u BaseUnmarshalTester) Validate() error { + return nil +} + +func (u BaseUnmarshalTester) AttestationKey() string { + return "" +} + +func (u BaseUnmarshalTester) AttestationKeyValue() (string, []byte) { + return "", nil +} + +func (u BaseUnmarshalTester) CreateFromArtifactProperties(_ context.Context, _ ArtifactProperties) (models.ProposedEntry, error) { + return nil, nil +} + +func (u BaseUnmarshalTester) Insertable() (bool, error) { + return false, nil +} + +type BaseProposedEntryTester struct{} + +func (b BaseProposedEntryTester) Kind() string { + return "nil" +} + +func (b BaseProposedEntryTester) SetKind(_ string) { + +} + +func (b BaseProposedEntryTester) Validate(_ strfmt.Registry) error { + return nil +} + +func (b BaseProposedEntryTester) ContextValidate(_ context.Context, _ strfmt.Registry) error { + return nil +} diff --git a/vendor/github.com/sigstore/rekor/pkg/types/types.go b/vendor/github.com/sigstore/rekor/pkg/types/types.go new file mode 100644 index 0000000000..256bacd3af --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/types/types.go @@ -0,0 +1,104 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import ( + "context" + "errors" + "fmt" + "sync" + + "github.com/sigstore/rekor/pkg/generated/models" + "github.com/sigstore/rekor/pkg/log" + "golang.org/x/exp/slices" +) + +// TypeMap stores mapping between type strings and entry constructors +// entries are written once at process initialization and read for each transaction, so we use +// sync.Map which is optimized for this case +var TypeMap sync.Map + +// RekorType is the base struct that is embedded in all type implementations +type RekorType struct { + Kind string // this is the unique string that identifies the type + VersionMap VersionEntryFactoryMap // this maps the supported versions to implementation +} + +// TypeImpl is implemented by all types to support the polymorphic conversion of abstract +// proposed entry to a working implementation for the versioned type requested, if supported +type TypeImpl interface { + CreateProposedEntry(context.Context, string, ArtifactProperties) (models.ProposedEntry, error) + DefaultVersion() string + SupportedVersions() []string + IsSupportedVersion(string) bool + UnmarshalEntry(pe models.ProposedEntry) (EntryImpl, error) +} + +// VersionedUnmarshal extracts the correct implementing factory function from the type's version map, +// creates an entry of that versioned type and then calls that versioned type's unmarshal method +func (rt *RekorType) VersionedUnmarshal(pe models.ProposedEntry, version string) (EntryImpl, error) { + ef, err := rt.VersionMap.GetEntryFactory(version) + if err != nil { + return nil, fmt.Errorf("%s implementation for version '%v' not found: %w", rt.Kind, version, err) + } + entry := ef() + if entry == nil { + return nil, errors.New("failure generating object") + } + if pe == nil { + return entry, nil + } + return entry, entry.Unmarshal(pe) +} + +// SupportedVersions returns a list of versions of this type that can be currently entered into the log +func (rt *RekorType) SupportedVersions() []string { + return rt.VersionMap.SupportedVersions() +} + +// IsSupportedVersion returns true if the version can be inserted into the log, and false if not +func (rt *RekorType) IsSupportedVersion(proposedVersion string) bool { + return slices.Contains(rt.SupportedVersions(), proposedVersion) +} + +// ListImplementedTypes returns a list of all type strings currently known to +// be implemented +func ListImplementedTypes() []string { + retVal := []string{} + TypeMap.Range(func(k interface{}, v interface{}) bool { + tf := v.(func() TypeImpl) + for _, verStr := range tf().SupportedVersions() { + retVal = append(retVal, fmt.Sprintf("%v:%v", k.(string), verStr)) + } + return true + }) + return retVal +} + +type errCloser interface { + CloseWithError(error) error +} + +func PipeCloser(errClosers ...errCloser) func(err error) error { + return func(err error) error { + for _, p := range errClosers { + if err := p.CloseWithError(err); err != nil { + log.Logger.Error(fmt.Errorf("error closing pipe: %w", err)) + } + } + return err + } +} diff --git a/vendor/github.com/sigstore/rekor/pkg/types/versionmap.go b/vendor/github.com/sigstore/rekor/pkg/types/versionmap.go new file mode 100644 index 0000000000..5d8c140552 --- /dev/null +++ b/vendor/github.com/sigstore/rekor/pkg/types/versionmap.go @@ -0,0 +1,97 @@ +// +// Copyright 2021 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import ( + "fmt" + "sync" + + "github.com/blang/semver" + "github.com/sigstore/rekor/pkg/log" +) + +// VersionEntryFactoryMap defines a map-like interface to find the correct implementation for a version string +// This could be a simple map[string][EntryFactory], or something more elegant (e.g. semver) +type VersionEntryFactoryMap interface { + GetEntryFactory(string) (EntryFactory, error) // return the entry factory for the specified version + SetEntryFactory(string, EntryFactory) error // set the entry factory for the specified version + Count() int // return the count of entry factories currently in the map + SupportedVersions() []string // return a list of versions currently stored in the map +} + +// SemVerEntryFactoryMap implements a map that allows implementations to specify their supported versions using +// semver-compliant strings +type SemVerEntryFactoryMap struct { + factoryMap map[string]EntryFactory + + sync.RWMutex +} + +func NewSemVerEntryFactoryMap() VersionEntryFactoryMap { + s := SemVerEntryFactoryMap{} + s.factoryMap = make(map[string]EntryFactory) + return &s +} + +func (s *SemVerEntryFactoryMap) Count() int { + return len(s.factoryMap) +} + +func (s *SemVerEntryFactoryMap) GetEntryFactory(version string) (EntryFactory, error) { + s.RLock() + defer s.RUnlock() + + semverToMatch, err := semver.Parse(version) + if err != nil { + log.Logger.Error(err) + return nil, err + } + + // will return first function that matches + for k, v := range s.factoryMap { + semverRange, err := semver.ParseRange(k) + if err != nil { + log.Logger.Error(err) + return nil, err + } + + if semverRange(semverToMatch) { + return v, nil + } + } + return nil, fmt.Errorf("unable to locate entry for version %s", version) +} + +func (s *SemVerEntryFactoryMap) SetEntryFactory(constraint string, ef EntryFactory) error { + s.Lock() + defer s.Unlock() + + if _, err := semver.ParseRange(constraint); err != nil { + log.Logger.Error(err) + return err + } + + s.factoryMap[constraint] = ef + return nil +} + +func (s *SemVerEntryFactoryMap) SupportedVersions() []string { + var versions []string + for k := range s.factoryMap { + versions = append(versions, k) + } + return versions +} diff --git a/vendor/github.com/theupdateframework/go-tuf/data/hex_bytes.go b/vendor/github.com/theupdateframework/go-tuf/data/hex_bytes.go new file mode 100644 index 0000000000..ec200412ef --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/data/hex_bytes.go @@ -0,0 +1,42 @@ +package data + +import ( + "crypto/sha256" + "encoding/hex" + "errors" +) + +type HexBytes []byte + +func (b *HexBytes) UnmarshalJSON(data []byte) error { + if len(data) < 2 || len(data)%2 != 0 || data[0] != '"' || data[len(data)-1] != '"' { + return errors.New("tuf: invalid JSON hex bytes") + } + res := make([]byte, hex.DecodedLen(len(data)-2)) + _, err := hex.Decode(res, data[1:len(data)-1]) + if err != nil { + return err + } + *b = res + return nil +} + +func (b HexBytes) MarshalJSON() ([]byte, error) { + res := make([]byte, hex.EncodedLen(len(b))+2) + res[0] = '"' + res[len(res)-1] = '"' + hex.Encode(res[1:], b) + return res, nil +} + +func (b HexBytes) String() string { + return hex.EncodeToString(b) +} + +// 4.5. File formats: targets.json and delegated target roles: +// ...each target path, when hashed with the SHA-256 hash function to produce +// a 64-byte hexadecimal digest (HEX_DIGEST)... +func PathHexDigest(s string) string { + b := sha256.Sum256([]byte(s)) + return hex.EncodeToString(b[:]) +} diff --git a/vendor/github.com/theupdateframework/go-tuf/data/types.go b/vendor/github.com/theupdateframework/go-tuf/data/types.go new file mode 100644 index 0000000000..3e1806bde5 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/data/types.go @@ -0,0 +1,345 @@ +package data + +import ( + "bytes" + "crypto/sha256" + "encoding/hex" + "encoding/json" + "errors" + "fmt" + "path" + "strings" + "sync" + "time" + + "github.com/secure-systems-lab/go-securesystemslib/cjson" +) + +type KeyType string + +type KeyScheme string + +type HashAlgorithm string + +const ( + KeyIDLength = sha256.Size * 2 + + KeyTypeEd25519 KeyType = "ed25519" + KeyTypeECDSA_SHA2_P256 KeyType = "ecdsa-sha2-nistp256" + KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa" + + KeySchemeEd25519 KeyScheme = "ed25519" + KeySchemeECDSA_SHA2_P256 KeyScheme = "ecdsa-sha2-nistp256" + KeySchemeRSASSA_PSS_SHA256 KeyScheme = "rsassa-pss-sha256" + + HashAlgorithmSHA256 HashAlgorithm = "sha256" + HashAlgorithmSHA512 HashAlgorithm = "sha512" +) + +var ( + HashAlgorithms = []HashAlgorithm{HashAlgorithmSHA256, HashAlgorithmSHA512} + ErrPathsAndPathHashesSet = errors.New("tuf: failed validation of delegated target: paths and path_hash_prefixes are both set") +) + +type Signed struct { + Signed json.RawMessage `json:"signed"` + Signatures []Signature `json:"signatures"` +} + +type Signature struct { + KeyID string `json:"keyid"` + Signature HexBytes `json:"sig"` +} + +type PublicKey struct { + Type KeyType `json:"keytype"` + Scheme KeyScheme `json:"scheme"` + Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"` + Value json.RawMessage `json:"keyval"` + + ids []string + idOnce sync.Once +} + +type PrivateKey struct { + Type KeyType `json:"keytype"` + Scheme KeyScheme `json:"scheme,omitempty"` + Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"` + Value json.RawMessage `json:"keyval"` +} + +func (k *PublicKey) IDs() []string { + k.idOnce.Do(func() { + data, err := cjson.EncodeCanonical(k) + if err != nil { + panic(fmt.Errorf("tuf: error creating key ID: %w", err)) + } + digest := sha256.Sum256(data) + k.ids = []string{hex.EncodeToString(digest[:])} + }) + return k.ids +} + +func (k *PublicKey) ContainsID(id string) bool { + for _, keyid := range k.IDs() { + if id == keyid { + return true + } + } + return false +} + +func DefaultExpires(role string) time.Time { + var t time.Time + switch role { + case "root": + t = time.Now().AddDate(1, 0, 0) + case "snapshot": + t = time.Now().AddDate(0, 0, 7) + case "timestamp": + t = time.Now().AddDate(0, 0, 1) + default: + // targets and delegated targets + t = time.Now().AddDate(0, 3, 0) + } + return t.UTC().Round(time.Second) +} + +type Root struct { + Type string `json:"_type"` + SpecVersion string `json:"spec_version"` + Version int64 `json:"version"` + Expires time.Time `json:"expires"` + Keys map[string]*PublicKey `json:"keys"` + Roles map[string]*Role `json:"roles"` + Custom *json.RawMessage `json:"custom,omitempty"` + + ConsistentSnapshot bool `json:"consistent_snapshot"` +} + +func NewRoot() *Root { + return &Root{ + Type: "root", + SpecVersion: "1.0", + Expires: DefaultExpires("root"), + Keys: make(map[string]*PublicKey), + Roles: make(map[string]*Role), + ConsistentSnapshot: true, + } +} + +func (r *Root) AddKey(key *PublicKey) bool { + changed := false + for _, id := range key.IDs() { + if _, ok := r.Keys[id]; !ok { + changed = true + r.Keys[id] = key + } + } + return changed +} + +type Role struct { + KeyIDs []string `json:"keyids"` + Threshold int `json:"threshold"` +} + +func (r *Role) AddKeyIDs(ids []string) bool { + roleIDs := make(map[string]struct{}) + for _, id := range r.KeyIDs { + roleIDs[id] = struct{}{} + } + changed := false + for _, id := range ids { + if _, ok := roleIDs[id]; !ok { + changed = true + r.KeyIDs = append(r.KeyIDs, id) + } + } + return changed +} + +type Files map[string]TargetFileMeta + +type Hashes map[string]HexBytes + +func (f Hashes) HashAlgorithms() []string { + funcs := make([]string, 0, len(f)) + for name := range f { + funcs = append(funcs, name) + } + return funcs +} + +type metapathFileMeta struct { + Length int64 `json:"length,omitempty"` + Hashes Hashes `json:"hashes,omitempty"` + Version int64 `json:"version"` + Custom *json.RawMessage `json:"custom,omitempty"` +} + +// SnapshotFileMeta is the meta field of a snapshot +// Note: Contains a `custom` field +type SnapshotFileMeta metapathFileMeta + +type SnapshotFiles map[string]SnapshotFileMeta + +type Snapshot struct { + Type string `json:"_type"` + SpecVersion string `json:"spec_version"` + Version int64 `json:"version"` + Expires time.Time `json:"expires"` + Meta SnapshotFiles `json:"meta"` + Custom *json.RawMessage `json:"custom,omitempty"` +} + +func NewSnapshot() *Snapshot { + return &Snapshot{ + Type: "snapshot", + SpecVersion: "1.0", + Expires: DefaultExpires("snapshot"), + Meta: make(SnapshotFiles), + } +} + +type FileMeta struct { + Length int64 `json:"length"` + Hashes Hashes `json:"hashes"` +} + +type TargetFiles map[string]TargetFileMeta + +type TargetFileMeta struct { + FileMeta + Custom *json.RawMessage `json:"custom,omitempty"` +} + +func (f TargetFileMeta) HashAlgorithms() []string { + return f.FileMeta.Hashes.HashAlgorithms() +} + +type Targets struct { + Type string `json:"_type"` + SpecVersion string `json:"spec_version"` + Version int64 `json:"version"` + Expires time.Time `json:"expires"` + Targets TargetFiles `json:"targets"` + Delegations *Delegations `json:"delegations,omitempty"` + Custom *json.RawMessage `json:"custom,omitempty"` +} + +// Delegations represents the edges from a parent Targets role to one or more +// delegated target roles. See spec v1.0.19 section 4.5. +type Delegations struct { + Keys map[string]*PublicKey `json:"keys"` + Roles []DelegatedRole `json:"roles"` +} + +// DelegatedRole describes a delegated role, including what paths it is +// reponsible for. See spec v1.0.19 section 4.5. +type DelegatedRole struct { + Name string `json:"name"` + KeyIDs []string `json:"keyids"` + Threshold int `json:"threshold"` + Terminating bool `json:"terminating"` + PathHashPrefixes []string `json:"path_hash_prefixes,omitempty"` + Paths []string `json:"paths"` +} + +// MatchesPath evaluates whether the path patterns or path hash prefixes match +// a given file. This determines whether a delegated role is responsible for +// signing and verifying the file. +func (d *DelegatedRole) MatchesPath(file string) (bool, error) { + if err := d.validatePaths(); err != nil { + return false, err + } + + for _, pattern := range d.Paths { + if matched, _ := path.Match(pattern, file); matched { + return true, nil + } + } + + pathHash := PathHexDigest(file) + for _, hashPrefix := range d.PathHashPrefixes { + if strings.HasPrefix(pathHash, hashPrefix) { + return true, nil + } + } + + return false, nil +} + +// validatePaths enforces the spec +// https://theupdateframework.github.io/specification/v1.0.19/index.html#file-formats-targets +// 'role MUST specify only one of the "path_hash_prefixes" or "paths"' +// Marshalling and unmarshalling JSON will fail and return +// ErrPathsAndPathHashesSet if both fields are set and not empty. +func (d *DelegatedRole) validatePaths() error { + if len(d.PathHashPrefixes) > 0 && len(d.Paths) > 0 { + return ErrPathsAndPathHashesSet + } + + return nil +} + +// MarshalJSON is called when writing the struct to JSON. We validate prior to +// marshalling to ensure that an invalid delegated role can not be serialized +// to JSON. +func (d *DelegatedRole) MarshalJSON() ([]byte, error) { + type delegatedRoleAlias DelegatedRole + + if err := d.validatePaths(); err != nil { + return nil, err + } + + return json.Marshal((*delegatedRoleAlias)(d)) +} + +// UnmarshalJSON is called when reading the struct from JSON. We validate once +// unmarshalled to ensure that an error is thrown if an invalid delegated role +// is read. +func (d *DelegatedRole) UnmarshalJSON(b []byte) error { + type delegatedRoleAlias DelegatedRole + + // Prepare decoder + dec := json.NewDecoder(bytes.NewReader(b)) + + // Unmarshal delegated role + if err := dec.Decode((*delegatedRoleAlias)(d)); err != nil { + return err + } + + return d.validatePaths() +} + +func NewTargets() *Targets { + return &Targets{ + Type: "targets", + SpecVersion: "1.0", + Expires: DefaultExpires("targets"), + Targets: make(TargetFiles), + } +} + +type TimestampFileMeta metapathFileMeta + +type TimestampFiles map[string]TimestampFileMeta + +type Timestamp struct { + Type string `json:"_type"` + SpecVersion string `json:"spec_version"` + Version int64 `json:"version"` + Expires time.Time `json:"expires"` + Meta TimestampFiles `json:"meta"` + Custom *json.RawMessage `json:"custom,omitempty"` +} + +func NewTimestamp() *Timestamp { + return &Timestamp{ + Type: "timestamp", + SpecVersion: "1.0", + Expires: DefaultExpires("timestamp"), + Meta: make(TimestampFiles), + } +} diff --git a/vendor/github.com/theupdateframework/go-tuf/internal/roles/roles.go b/vendor/github.com/theupdateframework/go-tuf/internal/roles/roles.go new file mode 100644 index 0000000000..0b134b2a00 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/internal/roles/roles.go @@ -0,0 +1,48 @@ +package roles + +import ( + "strconv" + "strings" +) + +var TopLevelRoles = map[string]struct{}{ + "root": {}, + "targets": {}, + "snapshot": {}, + "timestamp": {}, +} + +func IsTopLevelRole(name string) bool { + _, ok := TopLevelRoles[name] + return ok +} + +func IsDelegatedTargetsRole(name string) bool { + return !IsTopLevelRole(name) +} + +func IsTopLevelManifest(name string) bool { + if IsVersionedManifest(name) { + var found bool + _, name, found = strings.Cut(name, ".") + if !found { + panic("expected a versioned manifest of the form x.role.json") + } + } + return IsTopLevelRole(strings.TrimSuffix(name, ".json")) +} + +func IsDelegatedTargetsManifest(name string) bool { + return !IsTopLevelManifest(name) +} + +func IsVersionedManifest(name string) bool { + parts := strings.Split(name, ".") + // Versioned manifests have the form "x.role.json" + if len(parts) < 3 { + return false + } + + _, err := strconv.Atoi(parts[0]) + return err == nil +} diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/deprecated_ecdsa.go b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/deprecated_ecdsa.go new file mode 100644 index 0000000000..6d48c9d6e0 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/deprecated_ecdsa.go @@ -0,0 +1,101 @@ +package keys + +import ( + "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/sha256" + "encoding/json" + "errors" + "fmt" + "io" + + "github.com/theupdateframework/go-tuf/data" +) + +func NewDeprecatedEcdsaVerifier() Verifier { + return &ecdsaVerifierWithDeprecatedSupport{} +} + +type ecdsaVerifierWithDeprecatedSupport struct { + key *data.PublicKey + // This will switch based on whether this is a PEM-encoded key + // or a deprecated hex-encoded key. + Verifier +} + +func (p *ecdsaVerifierWithDeprecatedSupport) UnmarshalPublicKey(key *data.PublicKey) error { + p.key = key + pemVerifier := &EcdsaVerifier{} + if err := pemVerifier.UnmarshalPublicKey(key); err != nil { + // Try the deprecated hex-encoded verifier + hexVerifier := &deprecatedP256Verifier{} + if err := hexVerifier.UnmarshalPublicKey(key); err != nil { + return err + } + p.Verifier = hexVerifier + return nil + } + p.Verifier = pemVerifier + return nil +} + +/* + Deprecated ecdsaVerifier that used hex-encoded public keys. + This MAY be used to verify existing metadata that used this + old format. This will be deprecated soon, ensure that repositories + are re-signed and clients receieve a fully compliant root. +*/ + +type deprecatedP256Verifier struct { + PublicKey data.HexBytes `json:"public"` + key *data.PublicKey +} + +func (p *deprecatedP256Verifier) Public() string { + return p.PublicKey.String() +} + +func (p *deprecatedP256Verifier) Verify(msg, sigBytes []byte) error { + x, y := elliptic.Unmarshal(elliptic.P256(), p.PublicKey) + k := &ecdsa.PublicKey{ + Curve: elliptic.P256(), + X: x, + Y: y, + } + + hash := sha256.Sum256(msg) + + if !ecdsa.VerifyASN1(k, hash[:], sigBytes) { + return errors.New("tuf: deprecated ecdsa signature verification failed") + } + return nil +} + +func (p *deprecatedP256Verifier) MarshalPublicKey() *data.PublicKey { + return p.key +} + +func (p *deprecatedP256Verifier) UnmarshalPublicKey(key *data.PublicKey) error { + // Prepare decoder limited to 512Kb + dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize)) + + // Unmarshal key value + if err := dec.Decode(p); err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { + return fmt.Errorf("tuf: the public key is truncated or too large: %w", err) + } + return err + } + + curve := elliptic.P256() + + // Parse as uncompressed marshalled point. + x, _ := elliptic.Unmarshal(curve, p.PublicKey) + if x == nil { + return errors.New("tuf: invalid ecdsa public key point") + } + + p.key = key + return nil +} diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go new file mode 100644 index 0000000000..ee93e33007 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ecdsa.go @@ -0,0 +1,171 @@ +package keys + +import ( + "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "crypto/x509" + "encoding/json" + "encoding/pem" + "errors" + "fmt" + "io" + + "github.com/theupdateframework/go-tuf/data" +) + +func init() { + // Note: we use LoadOrStore here to prevent accidentally overriding the + // an explicit deprecated ECDSA verifier. + // TODO: When deprecated ECDSA is removed, this can switch back to Store. + VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier) + SignerMap.Store(data.KeyTypeECDSA_SHA2_P256, newEcdsaSigner) +} + +func NewEcdsaVerifier() Verifier { + return &EcdsaVerifier{} +} + +func newEcdsaSigner() Signer { + return &ecdsaSigner{} +} + +type EcdsaVerifier struct { + PublicKey *PKIXPublicKey `json:"public"` + ecdsaKey *ecdsa.PublicKey + key *data.PublicKey +} + +func (p *EcdsaVerifier) Public() string { + // This is already verified to succeed when unmarshalling a public key. + r, err := x509.MarshalPKIXPublicKey(p.ecdsaKey) + if err != nil { + // TODO: Gracefully handle these errors. + // See https://github.com/theupdateframework/go-tuf/issues/363 + panic(err) + } + return string(r) +} + +func (p *EcdsaVerifier) Verify(msg, sigBytes []byte) error { + hash := sha256.Sum256(msg) + + if !ecdsa.VerifyASN1(p.ecdsaKey, hash[:], sigBytes) { + return errors.New("tuf: ecdsa signature verification failed") + } + return nil +} + +func (p *EcdsaVerifier) MarshalPublicKey() *data.PublicKey { + return p.key +} + +func (p *EcdsaVerifier) UnmarshalPublicKey(key *data.PublicKey) error { + // Prepare decoder limited to 512Kb + dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize)) + + // Unmarshal key value + if err := dec.Decode(p); err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { + return fmt.Errorf("tuf: the public key is truncated or too large: %w", err) + } + return err + } + + ecdsaKey, ok := p.PublicKey.PublicKey.(*ecdsa.PublicKey) + if !ok { + return fmt.Errorf("invalid public key") + } + + if _, err := x509.MarshalPKIXPublicKey(ecdsaKey); err != nil { + return fmt.Errorf("marshalling to PKIX key: invalid public key") + } + + p.ecdsaKey = ecdsaKey + p.key = key + return nil +} + +type ecdsaSigner struct { + *ecdsa.PrivateKey +} + +type ecdsaPrivateKeyValue struct { + Private string `json:"private"` + Public *PKIXPublicKey `json:"public"` +} + +func (s *ecdsaSigner) PublicData() *data.PublicKey { + // This uses a trusted public key JSON format with a trusted Public value. + keyValBytes, _ := json.Marshal(EcdsaVerifier{PublicKey: &PKIXPublicKey{PublicKey: s.Public()}}) + return &data.PublicKey{ + Type: data.KeyTypeECDSA_SHA2_P256, + Scheme: data.KeySchemeECDSA_SHA2_P256, + Algorithms: data.HashAlgorithms, + Value: keyValBytes, + } +} + +func (s *ecdsaSigner) SignMessage(message []byte) ([]byte, error) { + hash := sha256.Sum256(message) + return ecdsa.SignASN1(rand.Reader, s.PrivateKey, hash[:]) +} + +func (s *ecdsaSigner) MarshalPrivateKey() (*data.PrivateKey, error) { + priv, err := x509.MarshalECPrivateKey(s.PrivateKey) + if err != nil { + return nil, err + } + pemKey := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: priv}) + val, err := json.Marshal(ecdsaPrivateKeyValue{ + Private: string(pemKey), + Public: &PKIXPublicKey{PublicKey: s.Public()}, + }) + if err != nil { + return nil, err + } + return &data.PrivateKey{ + Type: data.KeyTypeECDSA_SHA2_P256, + Scheme: data.KeySchemeECDSA_SHA2_P256, + Algorithms: data.HashAlgorithms, + Value: val, + }, nil +} + +func (s *ecdsaSigner) UnmarshalPrivateKey(key *data.PrivateKey) error { + val := ecdsaPrivateKeyValue{} + if err := json.Unmarshal(key.Value, &val); err != nil { + return err + } + block, _ := pem.Decode([]byte(val.Private)) + if block == nil { + return errors.New("invalid PEM value") + } + if block.Type != "EC PRIVATE KEY" { + return fmt.Errorf("invalid block type: %s", block.Type) + } + k, err := x509.ParseECPrivateKey(block.Bytes) + if err != nil { + return err + } + if k.Curve != elliptic.P256() { + return errors.New("unsupported ecdsa curve") + } + if _, err := json.Marshal(EcdsaVerifier{ + PublicKey: &PKIXPublicKey{PublicKey: k.Public()}}); err != nil { + return fmt.Errorf("invalid public key: %s", err) + } + + s.PrivateKey = k + return nil +} + +func GenerateEcdsaKey() (*ecdsaSigner, error) { + privkey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil, err + } + return &ecdsaSigner{privkey}, nil +} diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ed25519.go b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ed25519.go new file mode 100644 index 0000000000..1e4c66ccc7 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/ed25519.go @@ -0,0 +1,161 @@ +package keys + +import ( + "bytes" + "crypto" + "crypto/ed25519" + "crypto/rand" + "crypto/subtle" + "encoding/json" + "errors" + "fmt" + "io" + + "github.com/theupdateframework/go-tuf/data" +) + +func init() { + SignerMap.Store(data.KeyTypeEd25519, NewEd25519Signer) + VerifierMap.Store(data.KeyTypeEd25519, NewEd25519Verifier) +} + +func NewEd25519Signer() Signer { + return &ed25519Signer{} +} + +func NewEd25519Verifier() Verifier { + return &ed25519Verifier{} +} + +type ed25519Verifier struct { + PublicKey data.HexBytes `json:"public"` + key *data.PublicKey +} + +func (e *ed25519Verifier) Public() string { + return string(e.PublicKey) +} + +func (e *ed25519Verifier) Verify(msg, sig []byte) error { + if !ed25519.Verify([]byte(e.PublicKey), msg, sig) { + return errors.New("tuf: ed25519 signature verification failed") + } + return nil +} + +func (e *ed25519Verifier) MarshalPublicKey() *data.PublicKey { + return e.key +} + +func (e *ed25519Verifier) UnmarshalPublicKey(key *data.PublicKey) error { + e.key = key + + // Prepare decoder limited to 512Kb + dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize)) + + // Unmarshal key value + if err := dec.Decode(e); err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { + return fmt.Errorf("tuf: the public key is truncated or too large: %w", err) + } + return err + } + if n := len(e.PublicKey); n != ed25519.PublicKeySize { + return fmt.Errorf("tuf: unexpected public key length for ed25519 key, expected %d, got %d", ed25519.PublicKeySize, n) + } + return nil +} + +type Ed25519PrivateKeyValue struct { + Public data.HexBytes `json:"public"` + Private data.HexBytes `json:"private"` +} + +type ed25519Signer struct { + ed25519.PrivateKey +} + +func GenerateEd25519Key() (*ed25519Signer, error) { + _, private, err := ed25519.GenerateKey(rand.Reader) + if err != nil { + return nil, err + } + if err != nil { + return nil, err + } + return &ed25519Signer{ + PrivateKey: ed25519.PrivateKey(data.HexBytes(private)), + }, nil +} + +func NewEd25519SignerFromKey(keyValue Ed25519PrivateKeyValue) *ed25519Signer { + return &ed25519Signer{ + PrivateKey: ed25519.PrivateKey(data.HexBytes(keyValue.Private)), + } +} + +func (e *ed25519Signer) SignMessage(message []byte) ([]byte, error) { + return e.Sign(rand.Reader, message, crypto.Hash(0)) +} + +func (e *ed25519Signer) MarshalPrivateKey() (*data.PrivateKey, error) { + valueBytes, err := json.Marshal(Ed25519PrivateKeyValue{ + Public: data.HexBytes([]byte(e.PrivateKey.Public().(ed25519.PublicKey))), + Private: data.HexBytes(e.PrivateKey), + }) + if err != nil { + return nil, err + } + return &data.PrivateKey{ + Type: data.KeyTypeEd25519, + Scheme: data.KeySchemeEd25519, + Algorithms: data.HashAlgorithms, + Value: valueBytes, + }, nil +} + +func (e *ed25519Signer) UnmarshalPrivateKey(key *data.PrivateKey) error { + keyValue := &Ed25519PrivateKeyValue{} + + // Prepare decoder limited to 512Kb + dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize)) + + // Unmarshal key value + if err := dec.Decode(keyValue); err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { + return fmt.Errorf("tuf: the private key is truncated or too large: %w", err) + } + } + + // Check private key length + if n := len(keyValue.Private); n != ed25519.PrivateKeySize { + return fmt.Errorf("tuf: invalid ed25519 private key length, expected %d, got %d", ed25519.PrivateKeySize, n) + } + + // Generate public key from private key + pub, _, err := ed25519.GenerateKey(bytes.NewReader(keyValue.Private)) + if err != nil { + return fmt.Errorf("tuf: unable to derive public key from private key: %w", err) + } + + // Compare keys + if subtle.ConstantTimeCompare(keyValue.Public, pub) != 1 { + return errors.New("tuf: public and private keys don't match") + } + + // Prepare signer + *e = ed25519Signer{ + PrivateKey: ed25519.PrivateKey(data.HexBytes(keyValue.Private)), + } + return nil +} + +func (e *ed25519Signer) PublicData() *data.PublicKey { + keyValBytes, _ := json.Marshal(ed25519Verifier{PublicKey: []byte(e.PrivateKey.Public().(ed25519.PublicKey))}) + return &data.PublicKey{ + Type: data.KeyTypeEd25519, + Scheme: data.KeySchemeEd25519, + Algorithms: data.HashAlgorithms, + Value: keyValBytes, + } +} diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/keys.go b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/keys.go new file mode 100644 index 0000000000..dc5f3ea2c3 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/keys.go @@ -0,0 +1,82 @@ +package keys + +import ( + "errors" + "fmt" + "sync" + + "github.com/theupdateframework/go-tuf/data" +) + +// MaxJSONKeySize defines the maximum length of a JSON payload. +const MaxJSONKeySize = 512 * 1024 // 512Kb + +// SignerMap stores mapping between key type strings and signer constructors. +var SignerMap sync.Map + +// Verifier stores mapping between key type strings and verifier constructors. +var VerifierMap sync.Map + +var ( + ErrInvalid = errors.New("tuf: signature verification failed") + ErrInvalidKey = errors.New("invalid key") +) + +// A Verifier verifies public key signatures. +type Verifier interface { + // UnmarshalPublicKey takes key data to a working verifier implementation for the key type. + // This performs any validation over the data.PublicKey to ensure that the verifier is usable + // to verify signatures. + UnmarshalPublicKey(key *data.PublicKey) error + + // MarshalPublicKey returns the data.PublicKey object associated with the verifier. + MarshalPublicKey() *data.PublicKey + + // This is the public string used as a unique identifier for the verifier instance. + Public() string + + // Verify takes a message and signature, all as byte slices, + // and determines whether the signature is valid for the given + // key and message. + Verify(msg, sig []byte) error +} + +type Signer interface { + // MarshalPrivateKey returns the private key data. + MarshalPrivateKey() (*data.PrivateKey, error) + + // UnmarshalPrivateKey takes private key data to a working Signer implementation for the key type. + UnmarshalPrivateKey(key *data.PrivateKey) error + + // Returns the public data.PublicKey from the private key + PublicData() *data.PublicKey + + // Sign returns the signature of the message. + // The signer is expected to do its own hashing, so the full message will be + // provided as the message to Sign with a zero opts.HashFunc(). + SignMessage(message []byte) ([]byte, error) +} + +func GetVerifier(key *data.PublicKey) (Verifier, error) { + st, ok := VerifierMap.Load(key.Type) + if !ok { + return nil, ErrInvalidKey + } + s := st.(func() Verifier)() + if err := s.UnmarshalPublicKey(key); err != nil { + return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err) + } + return s, nil +} + +func GetSigner(key *data.PrivateKey) (Signer, error) { + st, ok := SignerMap.Load(key.Type) + if !ok { + return nil, ErrInvalidKey + } + s := st.(func() Signer)() + if err := s.UnmarshalPrivateKey(key); err != nil { + return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err) + } + return s, nil +} diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/pkix.go b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/pkix.go new file mode 100644 index 0000000000..e58d4c9f83 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/pkix.go @@ -0,0 +1,56 @@ +package keys + +import ( + "bytes" + "crypto" + "crypto/x509" + "encoding/json" + "encoding/pem" + "errors" + "fmt" + "io" +) + +type PKIXPublicKey struct { + crypto.PublicKey +} + +func (p *PKIXPublicKey) MarshalJSON() ([]byte, error) { + bytes, err := x509.MarshalPKIXPublicKey(p.PublicKey) + if err != nil { + return nil, err + } + pemBytes := pem.EncodeToMemory(&pem.Block{ + Type: "PUBLIC KEY", + Bytes: bytes, + }) + return json.Marshal(string(pemBytes)) +} + +func (p *PKIXPublicKey) UnmarshalJSON(b []byte) error { + var pemValue string + // Prepare decoder limited to 512Kb + dec := json.NewDecoder(io.LimitReader(bytes.NewReader(b), MaxJSONKeySize)) + + // Unmarshal key value + if err := dec.Decode(&pemValue); err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { + return fmt.Errorf("tuf: the public key is truncated or too large: %w", err) + } + return err + } + + block, _ := pem.Decode([]byte(pemValue)) + if block == nil { + return errors.New("invalid PEM value") + } + if block.Type != "PUBLIC KEY" { + return fmt.Errorf("invalid block type: %s", block.Type) + } + pub, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + return err + } + p.PublicKey = pub + return nil +} diff --git a/vendor/github.com/theupdateframework/go-tuf/pkg/keys/rsa.go b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/rsa.go new file mode 100644 index 0000000000..618f104ee4 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/pkg/keys/rsa.go @@ -0,0 +1,162 @@ +package keys + +import ( + "bytes" + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "encoding/json" + "encoding/pem" + "errors" + "fmt" + "io" + + "github.com/theupdateframework/go-tuf/data" +) + +func init() { + VerifierMap.Store(data.KeyTypeRSASSA_PSS_SHA256, newRsaVerifier) + SignerMap.Store(data.KeyTypeRSASSA_PSS_SHA256, newRsaSigner) +} + +func newRsaVerifier() Verifier { + return &rsaVerifier{} +} + +func newRsaSigner() Signer { + return &rsaSigner{} +} + +type rsaVerifier struct { + PublicKey *PKIXPublicKey `json:"public"` + rsaKey *rsa.PublicKey + key *data.PublicKey +} + +func (p *rsaVerifier) Public() string { + // This is already verified to succeed when unmarshalling a public key. + r, err := x509.MarshalPKIXPublicKey(p.rsaKey) + if err != nil { + // TODO: Gracefully handle these errors. + // See https://github.com/theupdateframework/go-tuf/issues/363 + panic(err) + } + return string(r) +} + +func (p *rsaVerifier) Verify(msg, sigBytes []byte) error { + hash := sha256.Sum256(msg) + + return rsa.VerifyPSS(p.rsaKey, crypto.SHA256, hash[:], sigBytes, &rsa.PSSOptions{}) +} + +func (p *rsaVerifier) MarshalPublicKey() *data.PublicKey { + return p.key +} + +func (p *rsaVerifier) UnmarshalPublicKey(key *data.PublicKey) error { + // Prepare decoder limited to 512Kb + dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize)) + + // Unmarshal key value + if err := dec.Decode(p); err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { + return fmt.Errorf("tuf: the public key is truncated or too large: %w", err) + } + return err + } + + rsaKey, ok := p.PublicKey.PublicKey.(*rsa.PublicKey) + if !ok { + return fmt.Errorf("invalid public key") + } + + if _, err := x509.MarshalPKIXPublicKey(rsaKey); err != nil { + return fmt.Errorf("marshalling to PKIX key: invalid public key") + } + + p.rsaKey = rsaKey + p.key = key + return nil +} + +type rsaSigner struct { + *rsa.PrivateKey +} + +type rsaPrivateKeyValue struct { + Private string `json:"private"` + Public *PKIXPublicKey `json:"public"` +} + +func (s *rsaSigner) PublicData() *data.PublicKey { + keyValBytes, _ := json.Marshal(rsaVerifier{PublicKey: &PKIXPublicKey{PublicKey: s.Public()}}) + return &data.PublicKey{ + Type: data.KeyTypeRSASSA_PSS_SHA256, + Scheme: data.KeySchemeRSASSA_PSS_SHA256, + Algorithms: data.HashAlgorithms, + Value: keyValBytes, + } +} + +func (s *rsaSigner) SignMessage(message []byte) ([]byte, error) { + hash := sha256.Sum256(message) + return rsa.SignPSS(rand.Reader, s.PrivateKey, crypto.SHA256, hash[:], &rsa.PSSOptions{}) +} + +func (s *rsaSigner) ContainsID(id string) bool { + return s.PublicData().ContainsID(id) +} + +func (s *rsaSigner) MarshalPrivateKey() (*data.PrivateKey, error) { + priv := x509.MarshalPKCS1PrivateKey(s.PrivateKey) + pemKey := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: priv}) + val, err := json.Marshal(rsaPrivateKeyValue{ + Private: string(pemKey), + Public: &PKIXPublicKey{PublicKey: s.Public()}, + }) + if err != nil { + return nil, err + } + return &data.PrivateKey{ + Type: data.KeyTypeRSASSA_PSS_SHA256, + Scheme: data.KeySchemeRSASSA_PSS_SHA256, + Algorithms: data.HashAlgorithms, + Value: val, + }, nil +} + +func (s *rsaSigner) UnmarshalPrivateKey(key *data.PrivateKey) error { + val := rsaPrivateKeyValue{} + if err := json.Unmarshal(key.Value, &val); err != nil { + return err + } + block, _ := pem.Decode([]byte(val.Private)) + if block == nil { + return errors.New("invalid PEM value") + } + if block.Type != "RSA PRIVATE KEY" { + return fmt.Errorf("invalid block type: %s", block.Type) + } + k, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return err + } + if _, err := json.Marshal(rsaVerifier{ + PublicKey: &PKIXPublicKey{PublicKey: k.Public()}}); err != nil { + return fmt.Errorf("invalid public key: %s", err) + } + + s.PrivateKey = k + return nil +} + +func GenerateRsaKey() (*rsaSigner, error) { + privkey, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return nil, err + } + return &rsaSigner{privkey}, nil +} diff --git a/vendor/github.com/theupdateframework/go-tuf/verify/db.go b/vendor/github.com/theupdateframework/go-tuf/verify/db.go new file mode 100644 index 0000000000..04f5bf1c44 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/verify/db.go @@ -0,0 +1,104 @@ +package verify + +import ( + "github.com/theupdateframework/go-tuf/data" + "github.com/theupdateframework/go-tuf/internal/roles" + "github.com/theupdateframework/go-tuf/pkg/keys" +) + +type Role struct { + KeyIDs map[string]struct{} + Threshold int +} + +func (r *Role) ValidKey(id string) bool { + _, ok := r.KeyIDs[id] + return ok +} + +type DB struct { + roles map[string]*Role + verifiers map[string]keys.Verifier +} + +func NewDB() *DB { + return &DB{ + roles: make(map[string]*Role), + verifiers: make(map[string]keys.Verifier), + } +} + +// NewDBFromDelegations returns a DB that verifies delegations +// of a given Targets. +func NewDBFromDelegations(d *data.Delegations) (*DB, error) { + db := &DB{ + roles: make(map[string]*Role, len(d.Roles)), + verifiers: make(map[string]keys.Verifier, len(d.Keys)), + } + for _, r := range d.Roles { + if _, ok := roles.TopLevelRoles[r.Name]; ok { + return nil, ErrInvalidDelegatedRole + } + role := &data.Role{Threshold: r.Threshold, KeyIDs: r.KeyIDs} + if err := db.AddRole(r.Name, role); err != nil { + return nil, err + } + } + for id, k := range d.Keys { + if err := db.AddKey(id, k); err != nil { + return nil, err + } + } + return db, nil +} + +func (db *DB) AddKey(id string, k *data.PublicKey) error { + verifier, err := keys.GetVerifier(k) + if err != nil { + return err // ErrInvalidKey + } + + // TUF is considering in TAP-12 removing the + // requirement that the keyid hash algorithm be derived + // from the public key. So to be forwards compatible, + // we allow any key ID, rather than checking k.ContainsID(id) + // + // AddKey should be idempotent, so we allow re-adding the same PublicKey. + // + // TAP-12: https://github.com/theupdateframework/taps/blob/master/tap12.md + if oldVerifier, exists := db.verifiers[id]; exists && oldVerifier.Public() != verifier.Public() { + return ErrRepeatID{id} + } + + db.verifiers[id] = verifier + return nil +} + +func (db *DB) AddRole(name string, r *data.Role) error { + if r.Threshold < 1 { + return ErrInvalidThreshold + } + + role := &Role{ + KeyIDs: make(map[string]struct{}), + Threshold: r.Threshold, + } + for _, id := range r.KeyIDs { + role.KeyIDs[id] = struct{}{} + } + + db.roles[name] = role + return nil +} + +func (db *DB) GetVerifier(id string) (keys.Verifier, error) { + k, ok := db.verifiers[id] + if !ok { + return nil, ErrMissingKey + } + return k, nil +} + +func (db *DB) GetRole(name string) *Role { + return db.roles[name] +} diff --git a/vendor/github.com/theupdateframework/go-tuf/verify/errors.go b/vendor/github.com/theupdateframework/go-tuf/verify/errors.go new file mode 100644 index 0000000000..f71d4bda94 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/verify/errors.go @@ -0,0 +1,73 @@ +package verify + +import ( + "errors" + "fmt" + "time" +) + +var ( + ErrMissingKey = errors.New("tuf: missing key") + ErrNoSignatures = errors.New("tuf: data has no signatures") + ErrInvalid = errors.New("tuf: signature verification failed") + ErrWrongMethod = errors.New("tuf: invalid signature type") + ErrWrongMetaType = errors.New("tuf: meta file has wrong type") + ErrExists = errors.New("tuf: key already in db") + ErrInvalidKey = errors.New("tuf: invalid key") + ErrInvalidRole = errors.New("tuf: invalid role") + ErrInvalidDelegatedRole = errors.New("tuf: invalid delegated role") + ErrInvalidKeyID = errors.New("tuf: invalid key id") + ErrInvalidThreshold = errors.New("tuf: invalid role threshold") + ErrMissingTargetFile = errors.New("tuf: missing previously listed targets metadata file") +) + +type ErrRepeatID struct { + KeyID string +} + +func (e ErrRepeatID) Error() string { + return fmt.Sprintf("tuf: duplicate key id (%s)", e.KeyID) +} + +type ErrUnknownRole struct { + Role string +} + +func (e ErrUnknownRole) Error() string { + return fmt.Sprintf("tuf: unknown role %q", e.Role) +} + +type ErrExpired struct { + Expired time.Time +} + +func (e ErrExpired) Error() string { + return fmt.Sprintf("expired at %s", e.Expired) +} + +type ErrLowVersion struct { + Actual int64 + Current int64 +} + +func (e ErrLowVersion) Error() string { + return fmt.Sprintf("version %d is lower than current version %d", e.Actual, e.Current) +} + +type ErrWrongVersion struct { + Given int64 + Expected int64 +} + +func (e ErrWrongVersion) Error() string { + return fmt.Sprintf("version %d does not match the expected version %d", e.Given, e.Expected) +} + +type ErrRoleThreshold struct { + Expected int + Actual int +} + +func (e ErrRoleThreshold) Error() string { + return "tuf: valid signatures did not meet threshold" +} diff --git a/vendor/github.com/theupdateframework/go-tuf/verify/verify.go b/vendor/github.com/theupdateframework/go-tuf/verify/verify.go new file mode 100644 index 0000000000..e62042ee16 --- /dev/null +++ b/vendor/github.com/theupdateframework/go-tuf/verify/verify.go @@ -0,0 +1,187 @@ +package verify + +import ( + "encoding/json" + "strings" + "time" + + "github.com/secure-systems-lab/go-securesystemslib/cjson" + "github.com/theupdateframework/go-tuf/data" + "github.com/theupdateframework/go-tuf/internal/roles" + "github.com/theupdateframework/go-tuf/pkg/keys" +) + +type signedMeta struct { + Type string `json:"_type"` + Expires time.Time `json:"expires"` + Version int64 `json:"version"` +} + +// VerifySignature takes a signed JSON message, a signature, and a +// verifier and verifies the given signature on the JSON message +// using the verifier. It returns an error if verification fails. +func VerifySignature(signed json.RawMessage, sig data.HexBytes, + verifier keys.Verifier) error { + var decoded map[string]interface{} + if err := json.Unmarshal(signed, &decoded); err != nil { + return err + } + msg, err := cjson.EncodeCanonical(decoded) + if err != nil { + return err + } + return verifier.Verify(msg, sig) +} + +func (db *DB) VerifyIgnoreExpiredCheck(s *data.Signed, role string, minVersion int64) error { + if err := db.VerifySignatures(s, role); err != nil { + return err + } + + sm := &signedMeta{} + if err := json.Unmarshal(s.Signed, sm); err != nil { + return err + } + + if roles.IsTopLevelRole(role) { + // Top-level roles can only sign metadata of the same type (e.g. snapshot + // metadata must be signed by the snapshot role). + if !strings.EqualFold(sm.Type, role) { + return ErrWrongMetaType + } + } else { + // Delegated (non-top-level) roles may only sign targets metadata. + if strings.ToLower(sm.Type) != "targets" { + return ErrWrongMetaType + } + } + + if sm.Version < minVersion { + return ErrLowVersion{sm.Version, minVersion} + } + + return nil +} + +func (db *DB) Verify(s *data.Signed, role string, minVersion int64) error { + // Verify signatures and versions + err := db.VerifyIgnoreExpiredCheck(s, role, minVersion) + + if err != nil { + return err + } + + sm := &signedMeta{} + if err := json.Unmarshal(s.Signed, sm); err != nil { + return err + } + // Verify expiration + if IsExpired(sm.Expires) { + return ErrExpired{sm.Expires} + } + + return nil +} + +var IsExpired = func(t time.Time) bool { + return time.Until(t) <= 0 +} + +func (db *DB) VerifySignatures(s *data.Signed, role string) error { + if len(s.Signatures) == 0 { + return ErrNoSignatures + } + + roleData := db.GetRole(role) + if roleData == nil { + return ErrUnknownRole{role} + } + + // Verify that a threshold of keys signed the data. Since keys can have + // multiple key ids, we need to protect against multiple attached + // signatures that just differ on the key id. + verifiedKeyIDs := make(map[string]struct{}) + numVerifiedKeys := 0 + for _, sig := range s.Signatures { + if !roleData.ValidKey(sig.KeyID) { + continue + } + verifier, err := db.GetVerifier(sig.KeyID) + if err != nil { + continue + } + + if err := VerifySignature(s.Signed, sig.Signature, verifier); err != nil { + // If a signature fails verification, don't count it towards the + // threshold but also return early and error out immediately. + // Note: Because of this, it is impossible to distinguish between + // an error of an invalid signature and a threshold not achieved. + // Invalid signatures lead to not achieving the threshold. + continue + } + + // Only consider this key valid if we haven't seen any of it's + // key ids before. + // Careful: we must not rely on the key IDs _declared in the file_, + // instead we get to decide what key IDs this key correspond to. + // XXX dangerous; better stop supporting multiple key IDs altogether. + keyIDs := verifier.MarshalPublicKey().IDs() + wasKeySeen := false + for _, keyID := range keyIDs { + if _, present := verifiedKeyIDs[keyID]; present { + wasKeySeen = true + } + } + if !wasKeySeen { + for _, id := range keyIDs { + verifiedKeyIDs[id] = struct{}{} + } + + numVerifiedKeys++ + } + } + if numVerifiedKeys < roleData.Threshold { + return ErrRoleThreshold{roleData.Threshold, numVerifiedKeys} + } + + return nil +} + +func (db *DB) Unmarshal(b []byte, v interface{}, role string, minVersion int64) error { + s := &data.Signed{} + if err := json.Unmarshal(b, s); err != nil { + return err + } + if err := db.Verify(s, role, minVersion); err != nil { + return err + } + return json.Unmarshal(s.Signed, v) +} + +// UnmarshalExpired is exactly like Unmarshal except ignores expired timestamp error. +func (db *DB) UnmarshalIgnoreExpired(b []byte, v interface{}, role string, minVersion int64) error { + s := &data.Signed{} + if err := json.Unmarshal(b, s); err != nil { + return err + } + // Note: If verification fails, then we wont attempt to unmarshal + // unless when verification error is errExpired. + verifyErr := db.Verify(s, role, minVersion) + if verifyErr != nil { + if _, ok := verifyErr.(ErrExpired); !ok { + return verifyErr + } + } + return json.Unmarshal(s.Signed, v) +} + +func (db *DB) UnmarshalTrusted(b []byte, v interface{}, role string) error { + s := &data.Signed{} + if err := json.Unmarshal(b, s); err != nil { + return err + } + if err := db.VerifySignatures(s, role); err != nil { + return err + } + return json.Unmarshal(s.Signed, v) +} diff --git a/vendor/go.uber.org/atomic/.codecov.yml b/vendor/go.uber.org/atomic/.codecov.yml new file mode 100644 index 0000000000..571116cc39 --- /dev/null +++ b/vendor/go.uber.org/atomic/.codecov.yml @@ -0,0 +1,19 @@ +coverage: + range: 80..100 + round: down + precision: 2 + + status: + project: # measuring the overall project coverage + default: # context, you can create multiple ones with custom titles + enabled: yes # must be yes|true to enable this status + target: 100 # specify the target coverage for each commit status + # option: "auto" (must increase from parent commit or pull request base) + # option: "X%" a static target percentage to hit + if_not_found: success # if parent is not found report status as success, error, or failure + if_ci_failed: error # if ci fails report status as success, error, or failure + +# Also update COVER_IGNORE_PKGS in the Makefile. +ignore: + - /internal/gen-atomicint/ + - /internal/gen-valuewrapper/ diff --git a/vendor/go.uber.org/atomic/.gitignore b/vendor/go.uber.org/atomic/.gitignore new file mode 100644 index 0000000000..2e337a0ed5 --- /dev/null +++ b/vendor/go.uber.org/atomic/.gitignore @@ -0,0 +1,15 @@ +/bin +.DS_Store +/vendor +cover.html +cover.out +lint.log + +# Binaries +*.test + +# Profiling output +*.prof + +# Output of fossa analyzer +/fossa diff --git a/vendor/go.uber.org/atomic/CHANGELOG.md b/vendor/go.uber.org/atomic/CHANGELOG.md new file mode 100644 index 0000000000..5fe03f21bd --- /dev/null +++ b/vendor/go.uber.org/atomic/CHANGELOG.md @@ -0,0 +1,117 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [1.10.0] - 2022-08-11 +### Added +- Add `atomic.Float32` type for atomic operations on `float32`. +- Add `CompareAndSwap` and `Swap` methods to `atomic.String`, `atomic.Error`, + and `atomic.Value`. +- Add generic `atomic.Pointer[T]` type for atomic operations on pointers of any + type. This is present only for Go 1.18 or higher, and is a drop-in for + replacement for the standard library's `sync/atomic.Pointer` type. + +### Changed +- Deprecate `CAS` methods on all types in favor of corresponding + `CompareAndSwap` methods. + +Thanks to @eNV25 and @icpd for their contributions to this release. + +[1.10.0]: https://github.com/uber-go/atomic/compare/v1.9.0...v1.10.0 + +## [1.9.0] - 2021-07-15 +### Added +- Add `Float64.Swap` to match int atomic operations. +- Add `atomic.Time` type for atomic operations on `time.Time` values. + +[1.9.0]: https://github.com/uber-go/atomic/compare/v1.8.0...v1.9.0 + +## [1.8.0] - 2021-06-09 +### Added +- Add `atomic.Uintptr` type for atomic operations on `uintptr` values. +- Add `atomic.UnsafePointer` type for atomic operations on `unsafe.Pointer` values. + +[1.8.0]: https://github.com/uber-go/atomic/compare/v1.7.0...v1.8.0 + +## [1.7.0] - 2020-09-14 +### Added +- Support JSON serialization and deserialization of primitive atomic types. +- Support Text marshalling and unmarshalling for string atomics. + +### Changed +- Disallow incorrect comparison of atomic values in a non-atomic way. + +### Removed +- Remove dependency on `golang.org/x/{lint, tools}`. + +[1.7.0]: https://github.com/uber-go/atomic/compare/v1.6.0...v1.7.0 + +## [1.6.0] - 2020-02-24 +### Changed +- Drop library dependency on `golang.org/x/{lint, tools}`. + +[1.6.0]: https://github.com/uber-go/atomic/compare/v1.5.1...v1.6.0 + +## [1.5.1] - 2019-11-19 +- Fix bug where `Bool.CAS` and `Bool.Toggle` do work correctly together + causing `CAS` to fail even though the old value matches. + +[1.5.1]: https://github.com/uber-go/atomic/compare/v1.5.0...v1.5.1 + +## [1.5.0] - 2019-10-29 +### Changed +- With Go modules, only the `go.uber.org/atomic` import path is supported now. + If you need to use the old import path, please add a `replace` directive to + your `go.mod`. + +[1.5.0]: https://github.com/uber-go/atomic/compare/v1.4.0...v1.5.0 + +## [1.4.0] - 2019-05-01 +### Added + - Add `atomic.Error` type for atomic operations on `error` values. + +[1.4.0]: https://github.com/uber-go/atomic/compare/v1.3.2...v1.4.0 + +## [1.3.2] - 2018-05-02 +### Added +- Add `atomic.Duration` type for atomic operations on `time.Duration` values. + +[1.3.2]: https://github.com/uber-go/atomic/compare/v1.3.1...v1.3.2 + +## [1.3.1] - 2017-11-14 +### Fixed +- Revert optimization for `atomic.String.Store("")` which caused data races. + +[1.3.1]: https://github.com/uber-go/atomic/compare/v1.3.0...v1.3.1 + +## [1.3.0] - 2017-11-13 +### Added +- Add `atomic.Bool.CAS` for compare-and-swap semantics on bools. + +### Changed +- Optimize `atomic.String.Store("")` by avoiding an allocation. + +[1.3.0]: https://github.com/uber-go/atomic/compare/v1.2.0...v1.3.0 + +## [1.2.0] - 2017-04-12 +### Added +- Shadow `atomic.Value` from `sync/atomic`. + +[1.2.0]: https://github.com/uber-go/atomic/compare/v1.1.0...v1.2.0 + +## [1.1.0] - 2017-03-10 +### Added +- Add atomic `Float64` type. + +### Changed +- Support new `go.uber.org/atomic` import path. + +[1.1.0]: https://github.com/uber-go/atomic/compare/v1.0.0...v1.1.0 + +## [1.0.0] - 2016-07-18 + +- Initial release. + +[1.0.0]: https://github.com/uber-go/atomic/releases/tag/v1.0.0 diff --git a/vendor/go.uber.org/atomic/LICENSE.txt b/vendor/go.uber.org/atomic/LICENSE.txt new file mode 100644 index 0000000000..8765c9fbc6 --- /dev/null +++ b/vendor/go.uber.org/atomic/LICENSE.txt @@ -0,0 +1,19 @@ +Copyright (c) 2016 Uber Technologies, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/vendor/go.uber.org/atomic/Makefile b/vendor/go.uber.org/atomic/Makefile new file mode 100644 index 0000000000..46c945b32b --- /dev/null +++ b/vendor/go.uber.org/atomic/Makefile @@ -0,0 +1,79 @@ +# Directory to place `go install`ed binaries into. +export GOBIN ?= $(shell pwd)/bin + +GOLINT = $(GOBIN)/golint +GEN_ATOMICINT = $(GOBIN)/gen-atomicint +GEN_ATOMICWRAPPER = $(GOBIN)/gen-atomicwrapper +STATICCHECK = $(GOBIN)/staticcheck + +GO_FILES ?= $(shell find . '(' -path .git -o -path vendor ')' -prune -o -name '*.go' -print) + +# Also update ignore section in .codecov.yml. +COVER_IGNORE_PKGS = \ + go.uber.org/atomic/internal/gen-atomicint \ + go.uber.org/atomic/internal/gen-atomicwrapper + +.PHONY: build +build: + go build ./... + +.PHONY: test +test: + go test -race ./... + +.PHONY: gofmt +gofmt: + $(eval FMT_LOG := $(shell mktemp -t gofmt.XXXXX)) + gofmt -e -s -l $(GO_FILES) > $(FMT_LOG) || true + @[ ! -s "$(FMT_LOG)" ] || (echo "gofmt failed:" && cat $(FMT_LOG) && false) + +$(GOLINT): + cd tools && go install golang.org/x/lint/golint + +$(STATICCHECK): + cd tools && go install honnef.co/go/tools/cmd/staticcheck + +$(GEN_ATOMICWRAPPER): $(wildcard ./internal/gen-atomicwrapper/*) + go build -o $@ ./internal/gen-atomicwrapper + +$(GEN_ATOMICINT): $(wildcard ./internal/gen-atomicint/*) + go build -o $@ ./internal/gen-atomicint + +.PHONY: golint +golint: $(GOLINT) + $(GOLINT) ./... + +.PHONY: staticcheck +staticcheck: $(STATICCHECK) + $(STATICCHECK) ./... + +.PHONY: lint +lint: gofmt golint staticcheck generatenodirty + +# comma separated list of packages to consider for code coverage. +COVER_PKG = $(shell \ + go list -find ./... | \ + grep -v $(foreach pkg,$(COVER_IGNORE_PKGS),-e "^$(pkg)$$") | \ + paste -sd, -) + +.PHONY: cover +cover: + go test -coverprofile=cover.out -coverpkg $(COVER_PKG) -v ./... + go tool cover -html=cover.out -o cover.html + +.PHONY: generate +generate: $(GEN_ATOMICINT) $(GEN_ATOMICWRAPPER) + go generate ./... + +.PHONY: generatenodirty +generatenodirty: + @[ -z "$$(git status --porcelain)" ] || ( \ + echo "Working tree is dirty. Commit your changes first."; \ + git status; \ + exit 1 ) + @make generate + @status=$$(git status --porcelain); \ + [ -z "$$status" ] || ( \ + echo "Working tree is dirty after `make generate`:"; \ + echo "$$status"; \ + echo "Please ensure that the generated code is up-to-date." ) diff --git a/vendor/go.uber.org/atomic/README.md b/vendor/go.uber.org/atomic/README.md new file mode 100644 index 0000000000..96b47a1f12 --- /dev/null +++ b/vendor/go.uber.org/atomic/README.md @@ -0,0 +1,63 @@ +# atomic [![GoDoc][doc-img]][doc] [![Build Status][ci-img]][ci] [![Coverage Status][cov-img]][cov] [![Go Report Card][reportcard-img]][reportcard] + +Simple wrappers for primitive types to enforce atomic access. + +## Installation + +```shell +$ go get -u go.uber.org/atomic@v1 +``` + +### Legacy Import Path + +As of v1.5.0, the import path `go.uber.org/atomic` is the only supported way +of using this package. If you are using Go modules, this package will fail to +compile with the legacy import path path `github.com/uber-go/atomic`. + +We recommend migrating your code to the new import path but if you're unable +to do so, or if your dependencies are still using the old import path, you +will have to add a `replace` directive to your `go.mod` file downgrading the +legacy import path to an older version. + +``` +replace github.com/uber-go/atomic => github.com/uber-go/atomic v1.4.0 +``` + +You can do so automatically by running the following command. + +```shell +$ go mod edit -replace github.com/uber-go/atomic=github.com/uber-go/atomic@v1.4.0 +``` + +## Usage + +The standard library's `sync/atomic` is powerful, but it's easy to forget which +variables must be accessed atomically. `go.uber.org/atomic` preserves all the +functionality of the standard library, but wraps the primitive types to +provide a safer, more convenient API. + +```go +var atom atomic.Uint32 +atom.Store(42) +atom.Sub(2) +atom.CAS(40, 11) +``` + +See the [documentation][doc] for a complete API specification. + +## Development Status + +Stable. + +--- + +Released under the [MIT License](LICENSE.txt). + +[doc-img]: https://godoc.org/github.com/uber-go/atomic?status.svg +[doc]: https://godoc.org/go.uber.org/atomic +[ci-img]: https://github.com/uber-go/atomic/actions/workflows/go.yml/badge.svg +[ci]: https://github.com/uber-go/atomic/actions/workflows/go.yml +[cov-img]: https://codecov.io/gh/uber-go/atomic/branch/master/graph/badge.svg +[cov]: https://codecov.io/gh/uber-go/atomic +[reportcard-img]: https://goreportcard.com/badge/go.uber.org/atomic +[reportcard]: https://goreportcard.com/report/go.uber.org/atomic diff --git a/vendor/go.uber.org/atomic/bool.go b/vendor/go.uber.org/atomic/bool.go new file mode 100644 index 0000000000..dfa2085f49 --- /dev/null +++ b/vendor/go.uber.org/atomic/bool.go @@ -0,0 +1,88 @@ +// @generated Code generated by gen-atomicwrapper. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" +) + +// Bool is an atomic type-safe wrapper for bool values. +type Bool struct { + _ nocmp // disallow non-atomic comparison + + v Uint32 +} + +var _zeroBool bool + +// NewBool creates a new Bool. +func NewBool(val bool) *Bool { + x := &Bool{} + if val != _zeroBool { + x.Store(val) + } + return x +} + +// Load atomically loads the wrapped bool. +func (x *Bool) Load() bool { + return truthy(x.v.Load()) +} + +// Store atomically stores the passed bool. +func (x *Bool) Store(val bool) { + x.v.Store(boolToInt(val)) +} + +// CAS is an atomic compare-and-swap for bool values. +// +// Deprecated: Use CompareAndSwap. +func (x *Bool) CAS(old, new bool) (swapped bool) { + return x.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap for bool values. +func (x *Bool) CompareAndSwap(old, new bool) (swapped bool) { + return x.v.CompareAndSwap(boolToInt(old), boolToInt(new)) +} + +// Swap atomically stores the given bool and returns the old +// value. +func (x *Bool) Swap(val bool) (old bool) { + return truthy(x.v.Swap(boolToInt(val))) +} + +// MarshalJSON encodes the wrapped bool into JSON. +func (x *Bool) MarshalJSON() ([]byte, error) { + return json.Marshal(x.Load()) +} + +// UnmarshalJSON decodes a bool from JSON. +func (x *Bool) UnmarshalJSON(b []byte) error { + var v bool + if err := json.Unmarshal(b, &v); err != nil { + return err + } + x.Store(v) + return nil +} diff --git a/vendor/go.uber.org/atomic/bool_ext.go b/vendor/go.uber.org/atomic/bool_ext.go new file mode 100644 index 0000000000..a2e60e9873 --- /dev/null +++ b/vendor/go.uber.org/atomic/bool_ext.go @@ -0,0 +1,53 @@ +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "strconv" +) + +//go:generate bin/gen-atomicwrapper -name=Bool -type=bool -wrapped=Uint32 -pack=boolToInt -unpack=truthy -cas -swap -json -file=bool.go + +func truthy(n uint32) bool { + return n == 1 +} + +func boolToInt(b bool) uint32 { + if b { + return 1 + } + return 0 +} + +// Toggle atomically negates the Boolean and returns the previous value. +func (b *Bool) Toggle() (old bool) { + for { + old := b.Load() + if b.CAS(old, !old) { + return old + } + } +} + +// String encodes the wrapped value as a string. +func (b *Bool) String() string { + return strconv.FormatBool(b.Load()) +} diff --git a/vendor/go.uber.org/atomic/doc.go b/vendor/go.uber.org/atomic/doc.go new file mode 100644 index 0000000000..ae7390ee68 --- /dev/null +++ b/vendor/go.uber.org/atomic/doc.go @@ -0,0 +1,23 @@ +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package atomic provides simple wrappers around numerics to enforce atomic +// access. +package atomic diff --git a/vendor/go.uber.org/atomic/duration.go b/vendor/go.uber.org/atomic/duration.go new file mode 100644 index 0000000000..6f4157445c --- /dev/null +++ b/vendor/go.uber.org/atomic/duration.go @@ -0,0 +1,89 @@ +// @generated Code generated by gen-atomicwrapper. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "time" +) + +// Duration is an atomic type-safe wrapper for time.Duration values. +type Duration struct { + _ nocmp // disallow non-atomic comparison + + v Int64 +} + +var _zeroDuration time.Duration + +// NewDuration creates a new Duration. +func NewDuration(val time.Duration) *Duration { + x := &Duration{} + if val != _zeroDuration { + x.Store(val) + } + return x +} + +// Load atomically loads the wrapped time.Duration. +func (x *Duration) Load() time.Duration { + return time.Duration(x.v.Load()) +} + +// Store atomically stores the passed time.Duration. +func (x *Duration) Store(val time.Duration) { + x.v.Store(int64(val)) +} + +// CAS is an atomic compare-and-swap for time.Duration values. +// +// Deprecated: Use CompareAndSwap. +func (x *Duration) CAS(old, new time.Duration) (swapped bool) { + return x.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap for time.Duration values. +func (x *Duration) CompareAndSwap(old, new time.Duration) (swapped bool) { + return x.v.CompareAndSwap(int64(old), int64(new)) +} + +// Swap atomically stores the given time.Duration and returns the old +// value. +func (x *Duration) Swap(val time.Duration) (old time.Duration) { + return time.Duration(x.v.Swap(int64(val))) +} + +// MarshalJSON encodes the wrapped time.Duration into JSON. +func (x *Duration) MarshalJSON() ([]byte, error) { + return json.Marshal(x.Load()) +} + +// UnmarshalJSON decodes a time.Duration from JSON. +func (x *Duration) UnmarshalJSON(b []byte) error { + var v time.Duration + if err := json.Unmarshal(b, &v); err != nil { + return err + } + x.Store(v) + return nil +} diff --git a/vendor/go.uber.org/atomic/duration_ext.go b/vendor/go.uber.org/atomic/duration_ext.go new file mode 100644 index 0000000000..4c18b0a9ed --- /dev/null +++ b/vendor/go.uber.org/atomic/duration_ext.go @@ -0,0 +1,40 @@ +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import "time" + +//go:generate bin/gen-atomicwrapper -name=Duration -type=time.Duration -wrapped=Int64 -pack=int64 -unpack=time.Duration -cas -swap -json -imports time -file=duration.go + +// Add atomically adds to the wrapped time.Duration and returns the new value. +func (d *Duration) Add(delta time.Duration) time.Duration { + return time.Duration(d.v.Add(int64(delta))) +} + +// Sub atomically subtracts from the wrapped time.Duration and returns the new value. +func (d *Duration) Sub(delta time.Duration) time.Duration { + return time.Duration(d.v.Sub(int64(delta))) +} + +// String encodes the wrapped value as a string. +func (d *Duration) String() string { + return d.Load().String() +} diff --git a/vendor/go.uber.org/atomic/error.go b/vendor/go.uber.org/atomic/error.go new file mode 100644 index 0000000000..27b23ea162 --- /dev/null +++ b/vendor/go.uber.org/atomic/error.go @@ -0,0 +1,62 @@ +// @generated Code generated by gen-atomicwrapper. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +// Error is an atomic type-safe wrapper for error values. +type Error struct { + _ nocmp // disallow non-atomic comparison + + v Value +} + +var _zeroError error + +// NewError creates a new Error. +func NewError(val error) *Error { + x := &Error{} + if val != _zeroError { + x.Store(val) + } + return x +} + +// Load atomically loads the wrapped error. +func (x *Error) Load() error { + return unpackError(x.v.Load()) +} + +// Store atomically stores the passed error. +func (x *Error) Store(val error) { + x.v.Store(packError(val)) +} + +// CompareAndSwap is an atomic compare-and-swap for error values. +func (x *Error) CompareAndSwap(old, new error) (swapped bool) { + return x.v.CompareAndSwap(packError(old), packError(new)) +} + +// Swap atomically stores the given error and returns the old +// value. +func (x *Error) Swap(val error) (old error) { + return unpackError(x.v.Swap(packError(val))) +} diff --git a/vendor/go.uber.org/atomic/error_ext.go b/vendor/go.uber.org/atomic/error_ext.go new file mode 100644 index 0000000000..d31fb633bb --- /dev/null +++ b/vendor/go.uber.org/atomic/error_ext.go @@ -0,0 +1,39 @@ +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +// atomic.Value panics on nil inputs, or if the underlying type changes. +// Stabilize by always storing a custom struct that we control. + +//go:generate bin/gen-atomicwrapper -name=Error -type=error -wrapped=Value -pack=packError -unpack=unpackError -compareandswap -swap -file=error.go + +type packedError struct{ Value error } + +func packError(v error) interface{} { + return packedError{v} +} + +func unpackError(v interface{}) error { + if err, ok := v.(packedError); ok { + return err.Value + } + return nil +} diff --git a/vendor/go.uber.org/atomic/float32.go b/vendor/go.uber.org/atomic/float32.go new file mode 100644 index 0000000000..5d535a6d2a --- /dev/null +++ b/vendor/go.uber.org/atomic/float32.go @@ -0,0 +1,77 @@ +// @generated Code generated by gen-atomicwrapper. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "math" +) + +// Float32 is an atomic type-safe wrapper for float32 values. +type Float32 struct { + _ nocmp // disallow non-atomic comparison + + v Uint32 +} + +var _zeroFloat32 float32 + +// NewFloat32 creates a new Float32. +func NewFloat32(val float32) *Float32 { + x := &Float32{} + if val != _zeroFloat32 { + x.Store(val) + } + return x +} + +// Load atomically loads the wrapped float32. +func (x *Float32) Load() float32 { + return math.Float32frombits(x.v.Load()) +} + +// Store atomically stores the passed float32. +func (x *Float32) Store(val float32) { + x.v.Store(math.Float32bits(val)) +} + +// Swap atomically stores the given float32 and returns the old +// value. +func (x *Float32) Swap(val float32) (old float32) { + return math.Float32frombits(x.v.Swap(math.Float32bits(val))) +} + +// MarshalJSON encodes the wrapped float32 into JSON. +func (x *Float32) MarshalJSON() ([]byte, error) { + return json.Marshal(x.Load()) +} + +// UnmarshalJSON decodes a float32 from JSON. +func (x *Float32) UnmarshalJSON(b []byte) error { + var v float32 + if err := json.Unmarshal(b, &v); err != nil { + return err + } + x.Store(v) + return nil +} diff --git a/vendor/go.uber.org/atomic/float32_ext.go b/vendor/go.uber.org/atomic/float32_ext.go new file mode 100644 index 0000000000..b0cd8d9c82 --- /dev/null +++ b/vendor/go.uber.org/atomic/float32_ext.go @@ -0,0 +1,76 @@ +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "math" + "strconv" +) + +//go:generate bin/gen-atomicwrapper -name=Float32 -type=float32 -wrapped=Uint32 -pack=math.Float32bits -unpack=math.Float32frombits -swap -json -imports math -file=float32.go + +// Add atomically adds to the wrapped float32 and returns the new value. +func (f *Float32) Add(delta float32) float32 { + for { + old := f.Load() + new := old + delta + if f.CAS(old, new) { + return new + } + } +} + +// Sub atomically subtracts from the wrapped float32 and returns the new value. +func (f *Float32) Sub(delta float32) float32 { + return f.Add(-delta) +} + +// CAS is an atomic compare-and-swap for float32 values. +// +// Deprecated: Use CompareAndSwap +func (f *Float32) CAS(old, new float32) (swapped bool) { + return f.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap for float32 values. +// +// Note: CompareAndSwap handles NaN incorrectly. NaN != NaN using Go's inbuilt operators +// but CompareAndSwap allows a stored NaN to compare equal to a passed in NaN. +// This avoids typical CompareAndSwap loops from blocking forever, e.g., +// +// for { +// old := atom.Load() +// new = f(old) +// if atom.CompareAndSwap(old, new) { +// break +// } +// } +// +// If CompareAndSwap did not match NaN to match, then the above would loop forever. +func (f *Float32) CompareAndSwap(old, new float32) (swapped bool) { + return f.v.CompareAndSwap(math.Float32bits(old), math.Float32bits(new)) +} + +// String encodes the wrapped value as a string. +func (f *Float32) String() string { + // 'g' is the behavior for floats with %v. + return strconv.FormatFloat(float64(f.Load()), 'g', -1, 32) +} diff --git a/vendor/go.uber.org/atomic/float64.go b/vendor/go.uber.org/atomic/float64.go new file mode 100644 index 0000000000..11d5189a5f --- /dev/null +++ b/vendor/go.uber.org/atomic/float64.go @@ -0,0 +1,77 @@ +// @generated Code generated by gen-atomicwrapper. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "math" +) + +// Float64 is an atomic type-safe wrapper for float64 values. +type Float64 struct { + _ nocmp // disallow non-atomic comparison + + v Uint64 +} + +var _zeroFloat64 float64 + +// NewFloat64 creates a new Float64. +func NewFloat64(val float64) *Float64 { + x := &Float64{} + if val != _zeroFloat64 { + x.Store(val) + } + return x +} + +// Load atomically loads the wrapped float64. +func (x *Float64) Load() float64 { + return math.Float64frombits(x.v.Load()) +} + +// Store atomically stores the passed float64. +func (x *Float64) Store(val float64) { + x.v.Store(math.Float64bits(val)) +} + +// Swap atomically stores the given float64 and returns the old +// value. +func (x *Float64) Swap(val float64) (old float64) { + return math.Float64frombits(x.v.Swap(math.Float64bits(val))) +} + +// MarshalJSON encodes the wrapped float64 into JSON. +func (x *Float64) MarshalJSON() ([]byte, error) { + return json.Marshal(x.Load()) +} + +// UnmarshalJSON decodes a float64 from JSON. +func (x *Float64) UnmarshalJSON(b []byte) error { + var v float64 + if err := json.Unmarshal(b, &v); err != nil { + return err + } + x.Store(v) + return nil +} diff --git a/vendor/go.uber.org/atomic/float64_ext.go b/vendor/go.uber.org/atomic/float64_ext.go new file mode 100644 index 0000000000..48c52b0abf --- /dev/null +++ b/vendor/go.uber.org/atomic/float64_ext.go @@ -0,0 +1,76 @@ +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "math" + "strconv" +) + +//go:generate bin/gen-atomicwrapper -name=Float64 -type=float64 -wrapped=Uint64 -pack=math.Float64bits -unpack=math.Float64frombits -swap -json -imports math -file=float64.go + +// Add atomically adds to the wrapped float64 and returns the new value. +func (f *Float64) Add(delta float64) float64 { + for { + old := f.Load() + new := old + delta + if f.CAS(old, new) { + return new + } + } +} + +// Sub atomically subtracts from the wrapped float64 and returns the new value. +func (f *Float64) Sub(delta float64) float64 { + return f.Add(-delta) +} + +// CAS is an atomic compare-and-swap for float64 values. +// +// Deprecated: Use CompareAndSwap +func (f *Float64) CAS(old, new float64) (swapped bool) { + return f.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap for float64 values. +// +// Note: CompareAndSwap handles NaN incorrectly. NaN != NaN using Go's inbuilt operators +// but CompareAndSwap allows a stored NaN to compare equal to a passed in NaN. +// This avoids typical CompareAndSwap loops from blocking forever, e.g., +// +// for { +// old := atom.Load() +// new = f(old) +// if atom.CompareAndSwap(old, new) { +// break +// } +// } +// +// If CompareAndSwap did not match NaN to match, then the above would loop forever. +func (f *Float64) CompareAndSwap(old, new float64) (swapped bool) { + return f.v.CompareAndSwap(math.Float64bits(old), math.Float64bits(new)) +} + +// String encodes the wrapped value as a string. +func (f *Float64) String() string { + // 'g' is the behavior for floats with %v. + return strconv.FormatFloat(f.Load(), 'g', -1, 64) +} diff --git a/vendor/go.uber.org/atomic/gen.go b/vendor/go.uber.org/atomic/gen.go new file mode 100644 index 0000000000..1e9ef4f879 --- /dev/null +++ b/vendor/go.uber.org/atomic/gen.go @@ -0,0 +1,27 @@ +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +//go:generate bin/gen-atomicint -name=Int32 -wrapped=int32 -file=int32.go +//go:generate bin/gen-atomicint -name=Int64 -wrapped=int64 -file=int64.go +//go:generate bin/gen-atomicint -name=Uint32 -wrapped=uint32 -unsigned -file=uint32.go +//go:generate bin/gen-atomicint -name=Uint64 -wrapped=uint64 -unsigned -file=uint64.go +//go:generate bin/gen-atomicint -name=Uintptr -wrapped=uintptr -unsigned -file=uintptr.go diff --git a/vendor/go.uber.org/atomic/int32.go b/vendor/go.uber.org/atomic/int32.go new file mode 100644 index 0000000000..b9a68f42ca --- /dev/null +++ b/vendor/go.uber.org/atomic/int32.go @@ -0,0 +1,109 @@ +// @generated Code generated by gen-atomicint. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "strconv" + "sync/atomic" +) + +// Int32 is an atomic wrapper around int32. +type Int32 struct { + _ nocmp // disallow non-atomic comparison + + v int32 +} + +// NewInt32 creates a new Int32. +func NewInt32(val int32) *Int32 { + return &Int32{v: val} +} + +// Load atomically loads the wrapped value. +func (i *Int32) Load() int32 { + return atomic.LoadInt32(&i.v) +} + +// Add atomically adds to the wrapped int32 and returns the new value. +func (i *Int32) Add(delta int32) int32 { + return atomic.AddInt32(&i.v, delta) +} + +// Sub atomically subtracts from the wrapped int32 and returns the new value. +func (i *Int32) Sub(delta int32) int32 { + return atomic.AddInt32(&i.v, -delta) +} + +// Inc atomically increments the wrapped int32 and returns the new value. +func (i *Int32) Inc() int32 { + return i.Add(1) +} + +// Dec atomically decrements the wrapped int32 and returns the new value. +func (i *Int32) Dec() int32 { + return i.Sub(1) +} + +// CAS is an atomic compare-and-swap. +// +// Deprecated: Use CompareAndSwap. +func (i *Int32) CAS(old, new int32) (swapped bool) { + return i.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (i *Int32) CompareAndSwap(old, new int32) (swapped bool) { + return atomic.CompareAndSwapInt32(&i.v, old, new) +} + +// Store atomically stores the passed value. +func (i *Int32) Store(val int32) { + atomic.StoreInt32(&i.v, val) +} + +// Swap atomically swaps the wrapped int32 and returns the old value. +func (i *Int32) Swap(val int32) (old int32) { + return atomic.SwapInt32(&i.v, val) +} + +// MarshalJSON encodes the wrapped int32 into JSON. +func (i *Int32) MarshalJSON() ([]byte, error) { + return json.Marshal(i.Load()) +} + +// UnmarshalJSON decodes JSON into the wrapped int32. +func (i *Int32) UnmarshalJSON(b []byte) error { + var v int32 + if err := json.Unmarshal(b, &v); err != nil { + return err + } + i.Store(v) + return nil +} + +// String encodes the wrapped value as a string. +func (i *Int32) String() string { + v := i.Load() + return strconv.FormatInt(int64(v), 10) +} diff --git a/vendor/go.uber.org/atomic/int64.go b/vendor/go.uber.org/atomic/int64.go new file mode 100644 index 0000000000..78d260976f --- /dev/null +++ b/vendor/go.uber.org/atomic/int64.go @@ -0,0 +1,109 @@ +// @generated Code generated by gen-atomicint. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "strconv" + "sync/atomic" +) + +// Int64 is an atomic wrapper around int64. +type Int64 struct { + _ nocmp // disallow non-atomic comparison + + v int64 +} + +// NewInt64 creates a new Int64. +func NewInt64(val int64) *Int64 { + return &Int64{v: val} +} + +// Load atomically loads the wrapped value. +func (i *Int64) Load() int64 { + return atomic.LoadInt64(&i.v) +} + +// Add atomically adds to the wrapped int64 and returns the new value. +func (i *Int64) Add(delta int64) int64 { + return atomic.AddInt64(&i.v, delta) +} + +// Sub atomically subtracts from the wrapped int64 and returns the new value. +func (i *Int64) Sub(delta int64) int64 { + return atomic.AddInt64(&i.v, -delta) +} + +// Inc atomically increments the wrapped int64 and returns the new value. +func (i *Int64) Inc() int64 { + return i.Add(1) +} + +// Dec atomically decrements the wrapped int64 and returns the new value. +func (i *Int64) Dec() int64 { + return i.Sub(1) +} + +// CAS is an atomic compare-and-swap. +// +// Deprecated: Use CompareAndSwap. +func (i *Int64) CAS(old, new int64) (swapped bool) { + return i.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (i *Int64) CompareAndSwap(old, new int64) (swapped bool) { + return atomic.CompareAndSwapInt64(&i.v, old, new) +} + +// Store atomically stores the passed value. +func (i *Int64) Store(val int64) { + atomic.StoreInt64(&i.v, val) +} + +// Swap atomically swaps the wrapped int64 and returns the old value. +func (i *Int64) Swap(val int64) (old int64) { + return atomic.SwapInt64(&i.v, val) +} + +// MarshalJSON encodes the wrapped int64 into JSON. +func (i *Int64) MarshalJSON() ([]byte, error) { + return json.Marshal(i.Load()) +} + +// UnmarshalJSON decodes JSON into the wrapped int64. +func (i *Int64) UnmarshalJSON(b []byte) error { + var v int64 + if err := json.Unmarshal(b, &v); err != nil { + return err + } + i.Store(v) + return nil +} + +// String encodes the wrapped value as a string. +func (i *Int64) String() string { + v := i.Load() + return strconv.FormatInt(int64(v), 10) +} diff --git a/vendor/go.uber.org/atomic/nocmp.go b/vendor/go.uber.org/atomic/nocmp.go new file mode 100644 index 0000000000..54b74174ab --- /dev/null +++ b/vendor/go.uber.org/atomic/nocmp.go @@ -0,0 +1,35 @@ +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +// nocmp is an uncomparable struct. Embed this inside another struct to make +// it uncomparable. +// +// type Foo struct { +// nocmp +// // ... +// } +// +// This DOES NOT: +// +// - Disallow shallow copies of structs +// - Disallow comparison of pointers to uncomparable structs +type nocmp [0]func() diff --git a/vendor/go.uber.org/atomic/pointer_go118.go b/vendor/go.uber.org/atomic/pointer_go118.go new file mode 100644 index 0000000000..e0f47dba46 --- /dev/null +++ b/vendor/go.uber.org/atomic/pointer_go118.go @@ -0,0 +1,60 @@ +// Copyright (c) 2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +//go:build go1.18 && !go1.19 +// +build go1.18,!go1.19 + +package atomic + +import "unsafe" + +type Pointer[T any] struct { + _ nocmp // disallow non-atomic comparison + p UnsafePointer +} + +// NewPointer creates a new Pointer. +func NewPointer[T any](v *T) *Pointer[T] { + var p Pointer[T] + if v != nil { + p.p.Store(unsafe.Pointer(v)) + } + return &p +} + +// Load atomically loads the wrapped value. +func (p *Pointer[T]) Load() *T { + return (*T)(p.p.Load()) +} + +// Store atomically stores the passed value. +func (p *Pointer[T]) Store(val *T) { + p.p.Store(unsafe.Pointer(val)) +} + +// Swap atomically swaps the wrapped pointer and returns the old value. +func (p *Pointer[T]) Swap(val *T) (old *T) { + return (*T)(p.p.Swap(unsafe.Pointer(val))) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) { + return p.p.CompareAndSwap(unsafe.Pointer(old), unsafe.Pointer(new)) +} diff --git a/vendor/go.uber.org/atomic/pointer_go119.go b/vendor/go.uber.org/atomic/pointer_go119.go new file mode 100644 index 0000000000..6726f17ad6 --- /dev/null +++ b/vendor/go.uber.org/atomic/pointer_go119.go @@ -0,0 +1,61 @@ +// Copyright (c) 2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +//go:build go1.19 +// +build go1.19 + +package atomic + +import "sync/atomic" + +// Pointer is an atomic pointer of type *T. +type Pointer[T any] struct { + _ nocmp // disallow non-atomic comparison + p atomic.Pointer[T] +} + +// NewPointer creates a new Pointer. +func NewPointer[T any](v *T) *Pointer[T] { + var p Pointer[T] + if v != nil { + p.p.Store(v) + } + return &p +} + +// Load atomically loads the wrapped value. +func (p *Pointer[T]) Load() *T { + return p.p.Load() +} + +// Store atomically stores the passed value. +func (p *Pointer[T]) Store(val *T) { + p.p.Store(val) +} + +// Swap atomically swaps the wrapped pointer and returns the old value. +func (p *Pointer[T]) Swap(val *T) (old *T) { + return p.p.Swap(val) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) { + return p.p.CompareAndSwap(old, new) +} diff --git a/vendor/go.uber.org/atomic/string.go b/vendor/go.uber.org/atomic/string.go new file mode 100644 index 0000000000..c4bea70f4d --- /dev/null +++ b/vendor/go.uber.org/atomic/string.go @@ -0,0 +1,65 @@ +// @generated Code generated by gen-atomicwrapper. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +// String is an atomic type-safe wrapper for string values. +type String struct { + _ nocmp // disallow non-atomic comparison + + v Value +} + +var _zeroString string + +// NewString creates a new String. +func NewString(val string) *String { + x := &String{} + if val != _zeroString { + x.Store(val) + } + return x +} + +// Load atomically loads the wrapped string. +func (x *String) Load() string { + if v := x.v.Load(); v != nil { + return v.(string) + } + return _zeroString +} + +// Store atomically stores the passed string. +func (x *String) Store(val string) { + x.v.Store(val) +} + +// CompareAndSwap is an atomic compare-and-swap for string values. +func (x *String) CompareAndSwap(old, new string) (swapped bool) { + return x.v.CompareAndSwap(old, new) +} + +// Swap atomically stores the given string and returns the old +// value. +func (x *String) Swap(val string) (old string) { + return x.v.Swap(val).(string) +} diff --git a/vendor/go.uber.org/atomic/string_ext.go b/vendor/go.uber.org/atomic/string_ext.go new file mode 100644 index 0000000000..1f63dfd5b9 --- /dev/null +++ b/vendor/go.uber.org/atomic/string_ext.go @@ -0,0 +1,43 @@ +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +//go:generate bin/gen-atomicwrapper -name=String -type=string -wrapped=Value -compareandswap -swap -file=string.go + +// String returns the wrapped value. +func (s *String) String() string { + return s.Load() +} + +// MarshalText encodes the wrapped string into a textual form. +// +// This makes it encodable as JSON, YAML, XML, and more. +func (s *String) MarshalText() ([]byte, error) { + return []byte(s.Load()), nil +} + +// UnmarshalText decodes text and replaces the wrapped string with it. +// +// This makes it decodable from JSON, YAML, XML, and more. +func (s *String) UnmarshalText(b []byte) error { + s.Store(string(b)) + return nil +} diff --git a/vendor/go.uber.org/atomic/time.go b/vendor/go.uber.org/atomic/time.go new file mode 100644 index 0000000000..1660feb142 --- /dev/null +++ b/vendor/go.uber.org/atomic/time.go @@ -0,0 +1,55 @@ +// @generated Code generated by gen-atomicwrapper. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "time" +) + +// Time is an atomic type-safe wrapper for time.Time values. +type Time struct { + _ nocmp // disallow non-atomic comparison + + v Value +} + +var _zeroTime time.Time + +// NewTime creates a new Time. +func NewTime(val time.Time) *Time { + x := &Time{} + if val != _zeroTime { + x.Store(val) + } + return x +} + +// Load atomically loads the wrapped time.Time. +func (x *Time) Load() time.Time { + return unpackTime(x.v.Load()) +} + +// Store atomically stores the passed time.Time. +func (x *Time) Store(val time.Time) { + x.v.Store(packTime(val)) +} diff --git a/vendor/go.uber.org/atomic/time_ext.go b/vendor/go.uber.org/atomic/time_ext.go new file mode 100644 index 0000000000..1e3dc978aa --- /dev/null +++ b/vendor/go.uber.org/atomic/time_ext.go @@ -0,0 +1,36 @@ +// Copyright (c) 2021 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import "time" + +//go:generate bin/gen-atomicwrapper -name=Time -type=time.Time -wrapped=Value -pack=packTime -unpack=unpackTime -imports time -file=time.go + +func packTime(t time.Time) interface{} { + return t +} + +func unpackTime(v interface{}) time.Time { + if t, ok := v.(time.Time); ok { + return t + } + return time.Time{} +} diff --git a/vendor/go.uber.org/atomic/uint32.go b/vendor/go.uber.org/atomic/uint32.go new file mode 100644 index 0000000000..d6f04a96dc --- /dev/null +++ b/vendor/go.uber.org/atomic/uint32.go @@ -0,0 +1,109 @@ +// @generated Code generated by gen-atomicint. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "strconv" + "sync/atomic" +) + +// Uint32 is an atomic wrapper around uint32. +type Uint32 struct { + _ nocmp // disallow non-atomic comparison + + v uint32 +} + +// NewUint32 creates a new Uint32. +func NewUint32(val uint32) *Uint32 { + return &Uint32{v: val} +} + +// Load atomically loads the wrapped value. +func (i *Uint32) Load() uint32 { + return atomic.LoadUint32(&i.v) +} + +// Add atomically adds to the wrapped uint32 and returns the new value. +func (i *Uint32) Add(delta uint32) uint32 { + return atomic.AddUint32(&i.v, delta) +} + +// Sub atomically subtracts from the wrapped uint32 and returns the new value. +func (i *Uint32) Sub(delta uint32) uint32 { + return atomic.AddUint32(&i.v, ^(delta - 1)) +} + +// Inc atomically increments the wrapped uint32 and returns the new value. +func (i *Uint32) Inc() uint32 { + return i.Add(1) +} + +// Dec atomically decrements the wrapped uint32 and returns the new value. +func (i *Uint32) Dec() uint32 { + return i.Sub(1) +} + +// CAS is an atomic compare-and-swap. +// +// Deprecated: Use CompareAndSwap. +func (i *Uint32) CAS(old, new uint32) (swapped bool) { + return i.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (i *Uint32) CompareAndSwap(old, new uint32) (swapped bool) { + return atomic.CompareAndSwapUint32(&i.v, old, new) +} + +// Store atomically stores the passed value. +func (i *Uint32) Store(val uint32) { + atomic.StoreUint32(&i.v, val) +} + +// Swap atomically swaps the wrapped uint32 and returns the old value. +func (i *Uint32) Swap(val uint32) (old uint32) { + return atomic.SwapUint32(&i.v, val) +} + +// MarshalJSON encodes the wrapped uint32 into JSON. +func (i *Uint32) MarshalJSON() ([]byte, error) { + return json.Marshal(i.Load()) +} + +// UnmarshalJSON decodes JSON into the wrapped uint32. +func (i *Uint32) UnmarshalJSON(b []byte) error { + var v uint32 + if err := json.Unmarshal(b, &v); err != nil { + return err + } + i.Store(v) + return nil +} + +// String encodes the wrapped value as a string. +func (i *Uint32) String() string { + v := i.Load() + return strconv.FormatUint(uint64(v), 10) +} diff --git a/vendor/go.uber.org/atomic/uint64.go b/vendor/go.uber.org/atomic/uint64.go new file mode 100644 index 0000000000..2574bdd5ec --- /dev/null +++ b/vendor/go.uber.org/atomic/uint64.go @@ -0,0 +1,109 @@ +// @generated Code generated by gen-atomicint. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "strconv" + "sync/atomic" +) + +// Uint64 is an atomic wrapper around uint64. +type Uint64 struct { + _ nocmp // disallow non-atomic comparison + + v uint64 +} + +// NewUint64 creates a new Uint64. +func NewUint64(val uint64) *Uint64 { + return &Uint64{v: val} +} + +// Load atomically loads the wrapped value. +func (i *Uint64) Load() uint64 { + return atomic.LoadUint64(&i.v) +} + +// Add atomically adds to the wrapped uint64 and returns the new value. +func (i *Uint64) Add(delta uint64) uint64 { + return atomic.AddUint64(&i.v, delta) +} + +// Sub atomically subtracts from the wrapped uint64 and returns the new value. +func (i *Uint64) Sub(delta uint64) uint64 { + return atomic.AddUint64(&i.v, ^(delta - 1)) +} + +// Inc atomically increments the wrapped uint64 and returns the new value. +func (i *Uint64) Inc() uint64 { + return i.Add(1) +} + +// Dec atomically decrements the wrapped uint64 and returns the new value. +func (i *Uint64) Dec() uint64 { + return i.Sub(1) +} + +// CAS is an atomic compare-and-swap. +// +// Deprecated: Use CompareAndSwap. +func (i *Uint64) CAS(old, new uint64) (swapped bool) { + return i.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (i *Uint64) CompareAndSwap(old, new uint64) (swapped bool) { + return atomic.CompareAndSwapUint64(&i.v, old, new) +} + +// Store atomically stores the passed value. +func (i *Uint64) Store(val uint64) { + atomic.StoreUint64(&i.v, val) +} + +// Swap atomically swaps the wrapped uint64 and returns the old value. +func (i *Uint64) Swap(val uint64) (old uint64) { + return atomic.SwapUint64(&i.v, val) +} + +// MarshalJSON encodes the wrapped uint64 into JSON. +func (i *Uint64) MarshalJSON() ([]byte, error) { + return json.Marshal(i.Load()) +} + +// UnmarshalJSON decodes JSON into the wrapped uint64. +func (i *Uint64) UnmarshalJSON(b []byte) error { + var v uint64 + if err := json.Unmarshal(b, &v); err != nil { + return err + } + i.Store(v) + return nil +} + +// String encodes the wrapped value as a string. +func (i *Uint64) String() string { + v := i.Load() + return strconv.FormatUint(uint64(v), 10) +} diff --git a/vendor/go.uber.org/atomic/uintptr.go b/vendor/go.uber.org/atomic/uintptr.go new file mode 100644 index 0000000000..81b275a7ad --- /dev/null +++ b/vendor/go.uber.org/atomic/uintptr.go @@ -0,0 +1,109 @@ +// @generated Code generated by gen-atomicint. + +// Copyright (c) 2020-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "encoding/json" + "strconv" + "sync/atomic" +) + +// Uintptr is an atomic wrapper around uintptr. +type Uintptr struct { + _ nocmp // disallow non-atomic comparison + + v uintptr +} + +// NewUintptr creates a new Uintptr. +func NewUintptr(val uintptr) *Uintptr { + return &Uintptr{v: val} +} + +// Load atomically loads the wrapped value. +func (i *Uintptr) Load() uintptr { + return atomic.LoadUintptr(&i.v) +} + +// Add atomically adds to the wrapped uintptr and returns the new value. +func (i *Uintptr) Add(delta uintptr) uintptr { + return atomic.AddUintptr(&i.v, delta) +} + +// Sub atomically subtracts from the wrapped uintptr and returns the new value. +func (i *Uintptr) Sub(delta uintptr) uintptr { + return atomic.AddUintptr(&i.v, ^(delta - 1)) +} + +// Inc atomically increments the wrapped uintptr and returns the new value. +func (i *Uintptr) Inc() uintptr { + return i.Add(1) +} + +// Dec atomically decrements the wrapped uintptr and returns the new value. +func (i *Uintptr) Dec() uintptr { + return i.Sub(1) +} + +// CAS is an atomic compare-and-swap. +// +// Deprecated: Use CompareAndSwap. +func (i *Uintptr) CAS(old, new uintptr) (swapped bool) { + return i.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (i *Uintptr) CompareAndSwap(old, new uintptr) (swapped bool) { + return atomic.CompareAndSwapUintptr(&i.v, old, new) +} + +// Store atomically stores the passed value. +func (i *Uintptr) Store(val uintptr) { + atomic.StoreUintptr(&i.v, val) +} + +// Swap atomically swaps the wrapped uintptr and returns the old value. +func (i *Uintptr) Swap(val uintptr) (old uintptr) { + return atomic.SwapUintptr(&i.v, val) +} + +// MarshalJSON encodes the wrapped uintptr into JSON. +func (i *Uintptr) MarshalJSON() ([]byte, error) { + return json.Marshal(i.Load()) +} + +// UnmarshalJSON decodes JSON into the wrapped uintptr. +func (i *Uintptr) UnmarshalJSON(b []byte) error { + var v uintptr + if err := json.Unmarshal(b, &v); err != nil { + return err + } + i.Store(v) + return nil +} + +// String encodes the wrapped value as a string. +func (i *Uintptr) String() string { + v := i.Load() + return strconv.FormatUint(uint64(v), 10) +} diff --git a/vendor/go.uber.org/atomic/unsafe_pointer.go b/vendor/go.uber.org/atomic/unsafe_pointer.go new file mode 100644 index 0000000000..34868baf6a --- /dev/null +++ b/vendor/go.uber.org/atomic/unsafe_pointer.go @@ -0,0 +1,65 @@ +// Copyright (c) 2021-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import ( + "sync/atomic" + "unsafe" +) + +// UnsafePointer is an atomic wrapper around unsafe.Pointer. +type UnsafePointer struct { + _ nocmp // disallow non-atomic comparison + + v unsafe.Pointer +} + +// NewUnsafePointer creates a new UnsafePointer. +func NewUnsafePointer(val unsafe.Pointer) *UnsafePointer { + return &UnsafePointer{v: val} +} + +// Load atomically loads the wrapped value. +func (p *UnsafePointer) Load() unsafe.Pointer { + return atomic.LoadPointer(&p.v) +} + +// Store atomically stores the passed value. +func (p *UnsafePointer) Store(val unsafe.Pointer) { + atomic.StorePointer(&p.v, val) +} + +// Swap atomically swaps the wrapped unsafe.Pointer and returns the old value. +func (p *UnsafePointer) Swap(val unsafe.Pointer) (old unsafe.Pointer) { + return atomic.SwapPointer(&p.v, val) +} + +// CAS is an atomic compare-and-swap. +// +// Deprecated: Use CompareAndSwap +func (p *UnsafePointer) CAS(old, new unsafe.Pointer) (swapped bool) { + return p.CompareAndSwap(old, new) +} + +// CompareAndSwap is an atomic compare-and-swap. +func (p *UnsafePointer) CompareAndSwap(old, new unsafe.Pointer) (swapped bool) { + return atomic.CompareAndSwapPointer(&p.v, old, new) +} diff --git a/vendor/go.uber.org/atomic/value.go b/vendor/go.uber.org/atomic/value.go new file mode 100644 index 0000000000..52caedb9a5 --- /dev/null +++ b/vendor/go.uber.org/atomic/value.go @@ -0,0 +1,31 @@ +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package atomic + +import "sync/atomic" + +// Value shadows the type of the same name from sync/atomic +// https://godoc.org/sync/atomic#Value +type Value struct { + _ nocmp // disallow non-atomic comparison + + atomic.Value +} diff --git a/vendor/go.uber.org/multierr/.codecov.yml b/vendor/go.uber.org/multierr/.codecov.yml new file mode 100644 index 0000000000..6d4d1be7b5 --- /dev/null +++ b/vendor/go.uber.org/multierr/.codecov.yml @@ -0,0 +1,15 @@ +coverage: + range: 80..100 + round: down + precision: 2 + + status: + project: # measuring the overall project coverage + default: # context, you can create multiple ones with custom titles + enabled: yes # must be yes|true to enable this status + target: 100 # specify the target coverage for each commit status + # option: "auto" (must increase from parent commit or pull request base) + # option: "X%" a static target percentage to hit + if_not_found: success # if parent is not found report status as success, error, or failure + if_ci_failed: error # if ci fails report status as success, error, or failure + diff --git a/vendor/go.uber.org/multierr/.gitignore b/vendor/go.uber.org/multierr/.gitignore new file mode 100644 index 0000000000..b9a05e3da0 --- /dev/null +++ b/vendor/go.uber.org/multierr/.gitignore @@ -0,0 +1,4 @@ +/vendor +cover.html +cover.out +/bin diff --git a/vendor/go.uber.org/multierr/CHANGELOG.md b/vendor/go.uber.org/multierr/CHANGELOG.md new file mode 100644 index 0000000000..f8177b978c --- /dev/null +++ b/vendor/go.uber.org/multierr/CHANGELOG.md @@ -0,0 +1,95 @@ +Releases +======== + +v1.11.0 (2023-03-28) +==================== +- `Errors` now supports any error that implements multiple-error + interface. +- Add `Every` function to allow checking if all errors in the chain + satisfies `errors.Is` against the target error. + +v1.10.0 (2023-03-08) +==================== + +- Comply with Go 1.20's multiple-error interface. +- Drop Go 1.18 support. + Per the support policy, only Go 1.19 and 1.20 are supported now. +- Drop all non-test external dependencies. + +v1.9.0 (2022-12-12) +=================== + +- Add `AppendFunc` that allow passsing functions to similar to + `AppendInvoke`. + +- Bump up yaml.v3 dependency to 3.0.1. + +v1.8.0 (2022-02-28) +=================== + +- `Combine`: perform zero allocations when there are no errors. + + +v1.7.0 (2021-05-06) +=================== + +- Add `AppendInvoke` to append into errors from `defer` blocks. + + +v1.6.0 (2020-09-14) +=================== + +- Actually drop library dependency on development-time tooling. + + +v1.5.0 (2020-02-24) +=================== + +- Drop library dependency on development-time tooling. + + +v1.4.0 (2019-11-04) +=================== + +- Add `AppendInto` function to more ergonomically build errors inside a + loop. + + +v1.3.0 (2019-10-29) +=================== + +- Switch to Go modules. + + +v1.2.0 (2019-09-26) +=================== + +- Support extracting and matching against wrapped errors with `errors.As` + and `errors.Is`. + + +v1.1.0 (2017-06-30) +=================== + +- Added an `Errors(error) []error` function to extract the underlying list of + errors for a multierr error. + + +v1.0.0 (2017-05-31) +=================== + +No changes since v0.2.0. This release is committing to making no breaking +changes to the current API in the 1.X series. + + +v0.2.0 (2017-04-11) +=================== + +- Repeatedly appending to the same error is now faster due to fewer + allocations. + + +v0.1.0 (2017-31-03) +=================== + +- Initial release diff --git a/vendor/go.uber.org/multierr/LICENSE.txt b/vendor/go.uber.org/multierr/LICENSE.txt new file mode 100644 index 0000000000..413e30f7ce --- /dev/null +++ b/vendor/go.uber.org/multierr/LICENSE.txt @@ -0,0 +1,19 @@ +Copyright (c) 2017-2021 Uber Technologies, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/vendor/go.uber.org/multierr/Makefile b/vendor/go.uber.org/multierr/Makefile new file mode 100644 index 0000000000..dcb6fe723c --- /dev/null +++ b/vendor/go.uber.org/multierr/Makefile @@ -0,0 +1,38 @@ +# Directory to put `go install`ed binaries in. +export GOBIN ?= $(shell pwd)/bin + +GO_FILES := $(shell \ + find . '(' -path '*/.*' -o -path './vendor' ')' -prune \ + -o -name '*.go' -print | cut -b3-) + +.PHONY: build +build: + go build ./... + +.PHONY: test +test: + go test -race ./... + +.PHONY: gofmt +gofmt: + $(eval FMT_LOG := $(shell mktemp -t gofmt.XXXXX)) + @gofmt -e -s -l $(GO_FILES) > $(FMT_LOG) || true + @[ ! -s "$(FMT_LOG)" ] || (echo "gofmt failed:" | cat - $(FMT_LOG) && false) + +.PHONY: golint +golint: + @cd tools && go install golang.org/x/lint/golint + @$(GOBIN)/golint ./... + +.PHONY: staticcheck +staticcheck: + @cd tools && go install honnef.co/go/tools/cmd/staticcheck + @$(GOBIN)/staticcheck ./... + +.PHONY: lint +lint: gofmt golint staticcheck + +.PHONY: cover +cover: + go test -race -coverprofile=cover.out -coverpkg=./... -v ./... + go tool cover -html=cover.out -o cover.html diff --git a/vendor/go.uber.org/multierr/README.md b/vendor/go.uber.org/multierr/README.md new file mode 100644 index 0000000000..5ab6ac40f4 --- /dev/null +++ b/vendor/go.uber.org/multierr/README.md @@ -0,0 +1,43 @@ +# multierr [![GoDoc][doc-img]][doc] [![Build Status][ci-img]][ci] [![Coverage Status][cov-img]][cov] + +`multierr` allows combining one or more Go `error`s together. + +## Features + +- **Idiomatic**: + multierr follows best practices in Go, and keeps your code idiomatic. + - It keeps the underlying error type hidden, + allowing you to deal in `error` values exclusively. + - It provides APIs to safely append into an error from a `defer` statement. +- **Performant**: + multierr is optimized for performance: + - It avoids allocations where possible. + - It utilizes slice resizing semantics to optimize common cases + like appending into the same error object from a loop. +- **Interoperable**: + multierr interoperates with the Go standard library's error APIs seamlessly: + - The `errors.Is` and `errors.As` functions *just work*. +- **Lightweight**: + multierr comes with virtually no dependencies. + +## Installation + +```bash +go get -u go.uber.org/multierr@latest +``` + +## Status + +Stable: No breaking changes will be made before 2.0. + +------------------------------------------------------------------------------- + +Released under the [MIT License]. + +[MIT License]: LICENSE.txt +[doc-img]: https://pkg.go.dev/badge/go.uber.org/multierr +[doc]: https://pkg.go.dev/go.uber.org/multierr +[ci-img]: https://github.com/uber-go/multierr/actions/workflows/go.yml/badge.svg +[cov-img]: https://codecov.io/gh/uber-go/multierr/branch/master/graph/badge.svg +[ci]: https://github.com/uber-go/multierr/actions/workflows/go.yml +[cov]: https://codecov.io/gh/uber-go/multierr diff --git a/vendor/go.uber.org/multierr/error.go b/vendor/go.uber.org/multierr/error.go new file mode 100644 index 0000000000..3a828b2dff --- /dev/null +++ b/vendor/go.uber.org/multierr/error.go @@ -0,0 +1,646 @@ +// Copyright (c) 2017-2023 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package multierr allows combining one or more errors together. +// +// # Overview +// +// Errors can be combined with the use of the Combine function. +// +// multierr.Combine( +// reader.Close(), +// writer.Close(), +// conn.Close(), +// ) +// +// If only two errors are being combined, the Append function may be used +// instead. +// +// err = multierr.Append(reader.Close(), writer.Close()) +// +// The underlying list of errors for a returned error object may be retrieved +// with the Errors function. +// +// errors := multierr.Errors(err) +// if len(errors) > 0 { +// fmt.Println("The following errors occurred:", errors) +// } +// +// # Appending from a loop +// +// You sometimes need to append into an error from a loop. +// +// var err error +// for _, item := range items { +// err = multierr.Append(err, process(item)) +// } +// +// Cases like this may require knowledge of whether an individual instance +// failed. This usually requires introduction of a new variable. +// +// var err error +// for _, item := range items { +// if perr := process(item); perr != nil { +// log.Warn("skipping item", item) +// err = multierr.Append(err, perr) +// } +// } +// +// multierr includes AppendInto to simplify cases like this. +// +// var err error +// for _, item := range items { +// if multierr.AppendInto(&err, process(item)) { +// log.Warn("skipping item", item) +// } +// } +// +// This will append the error into the err variable, and return true if that +// individual error was non-nil. +// +// See [AppendInto] for more information. +// +// # Deferred Functions +// +// Go makes it possible to modify the return value of a function in a defer +// block if the function was using named returns. This makes it possible to +// record resource cleanup failures from deferred blocks. +// +// func sendRequest(req Request) (err error) { +// conn, err := openConnection() +// if err != nil { +// return err +// } +// defer func() { +// err = multierr.Append(err, conn.Close()) +// }() +// // ... +// } +// +// multierr provides the Invoker type and AppendInvoke function to make cases +// like the above simpler and obviate the need for a closure. The following is +// roughly equivalent to the example above. +// +// func sendRequest(req Request) (err error) { +// conn, err := openConnection() +// if err != nil { +// return err +// } +// defer multierr.AppendInvoke(&err, multierr.Close(conn)) +// // ... +// } +// +// See [AppendInvoke] and [Invoker] for more information. +// +// NOTE: If you're modifying an error from inside a defer, you MUST use a named +// return value for that function. +// +// # Advanced Usage +// +// Errors returned by Combine and Append MAY implement the following +// interface. +// +// type errorGroup interface { +// // Returns a slice containing the underlying list of errors. +// // +// // This slice MUST NOT be modified by the caller. +// Errors() []error +// } +// +// Note that if you need access to list of errors behind a multierr error, you +// should prefer using the Errors function. That said, if you need cheap +// read-only access to the underlying errors slice, you can attempt to cast +// the error to this interface. You MUST handle the failure case gracefully +// because errors returned by Combine and Append are not guaranteed to +// implement this interface. +// +// var errors []error +// group, ok := err.(errorGroup) +// if ok { +// errors = group.Errors() +// } else { +// errors = []error{err} +// } +package multierr // import "go.uber.org/multierr" + +import ( + "bytes" + "errors" + "fmt" + "io" + "strings" + "sync" + "sync/atomic" +) + +var ( + // Separator for single-line error messages. + _singlelineSeparator = []byte("; ") + + // Prefix for multi-line messages + _multilinePrefix = []byte("the following errors occurred:") + + // Prefix for the first and following lines of an item in a list of + // multi-line error messages. + // + // For example, if a single item is: + // + // foo + // bar + // + // It will become, + // + // - foo + // bar + _multilineSeparator = []byte("\n - ") + _multilineIndent = []byte(" ") +) + +// _bufferPool is a pool of bytes.Buffers. +var _bufferPool = sync.Pool{ + New: func() interface{} { + return &bytes.Buffer{} + }, +} + +type errorGroup interface { + Errors() []error +} + +// Errors returns a slice containing zero or more errors that the supplied +// error is composed of. If the error is nil, a nil slice is returned. +// +// err := multierr.Append(r.Close(), w.Close()) +// errors := multierr.Errors(err) +// +// If the error is not composed of other errors, the returned slice contains +// just the error that was passed in. +// +// Callers of this function are free to modify the returned slice. +func Errors(err error) []error { + return extractErrors(err) +} + +// multiError is an error that holds one or more errors. +// +// An instance of this is guaranteed to be non-empty and flattened. That is, +// none of the errors inside multiError are other multiErrors. +// +// multiError formats to a semi-colon delimited list of error messages with +// %v and with a more readable multi-line format with %+v. +type multiError struct { + copyNeeded atomic.Bool + errors []error +} + +// Errors returns the list of underlying errors. +// +// This slice MUST NOT be modified. +func (merr *multiError) Errors() []error { + if merr == nil { + return nil + } + return merr.errors +} + +func (merr *multiError) Error() string { + if merr == nil { + return "" + } + + buff := _bufferPool.Get().(*bytes.Buffer) + buff.Reset() + + merr.writeSingleline(buff) + + result := buff.String() + _bufferPool.Put(buff) + return result +} + +// Every compares every error in the given err against the given target error +// using [errors.Is], and returns true only if every comparison returned true. +func Every(err error, target error) bool { + for _, e := range extractErrors(err) { + if !errors.Is(e, target) { + return false + } + } + return true +} + +func (merr *multiError) Format(f fmt.State, c rune) { + if c == 'v' && f.Flag('+') { + merr.writeMultiline(f) + } else { + merr.writeSingleline(f) + } +} + +func (merr *multiError) writeSingleline(w io.Writer) { + first := true + for _, item := range merr.errors { + if first { + first = false + } else { + w.Write(_singlelineSeparator) + } + io.WriteString(w, item.Error()) + } +} + +func (merr *multiError) writeMultiline(w io.Writer) { + w.Write(_multilinePrefix) + for _, item := range merr.errors { + w.Write(_multilineSeparator) + writePrefixLine(w, _multilineIndent, fmt.Sprintf("%+v", item)) + } +} + +// Writes s to the writer with the given prefix added before each line after +// the first. +func writePrefixLine(w io.Writer, prefix []byte, s string) { + first := true + for len(s) > 0 { + if first { + first = false + } else { + w.Write(prefix) + } + + idx := strings.IndexByte(s, '\n') + if idx < 0 { + idx = len(s) - 1 + } + + io.WriteString(w, s[:idx+1]) + s = s[idx+1:] + } +} + +type inspectResult struct { + // Number of top-level non-nil errors + Count int + + // Total number of errors including multiErrors + Capacity int + + // Index of the first non-nil error in the list. Value is meaningless if + // Count is zero. + FirstErrorIdx int + + // Whether the list contains at least one multiError + ContainsMultiError bool +} + +// Inspects the given slice of errors so that we can efficiently allocate +// space for it. +func inspect(errors []error) (res inspectResult) { + first := true + for i, err := range errors { + if err == nil { + continue + } + + res.Count++ + if first { + first = false + res.FirstErrorIdx = i + } + + if merr, ok := err.(*multiError); ok { + res.Capacity += len(merr.errors) + res.ContainsMultiError = true + } else { + res.Capacity++ + } + } + return +} + +// fromSlice converts the given list of errors into a single error. +func fromSlice(errors []error) error { + // Don't pay to inspect small slices. + switch len(errors) { + case 0: + return nil + case 1: + return errors[0] + } + + res := inspect(errors) + switch res.Count { + case 0: + return nil + case 1: + // only one non-nil entry + return errors[res.FirstErrorIdx] + case len(errors): + if !res.ContainsMultiError { + // Error list is flat. Make a copy of it + // Otherwise "errors" escapes to the heap + // unconditionally for all other cases. + // This lets us optimize for the "no errors" case. + out := append(([]error)(nil), errors...) + return &multiError{errors: out} + } + } + + nonNilErrs := make([]error, 0, res.Capacity) + for _, err := range errors[res.FirstErrorIdx:] { + if err == nil { + continue + } + + if nested, ok := err.(*multiError); ok { + nonNilErrs = append(nonNilErrs, nested.errors...) + } else { + nonNilErrs = append(nonNilErrs, err) + } + } + + return &multiError{errors: nonNilErrs} +} + +// Combine combines the passed errors into a single error. +// +// If zero arguments were passed or if all items are nil, a nil error is +// returned. +// +// Combine(nil, nil) // == nil +// +// If only a single error was passed, it is returned as-is. +// +// Combine(err) // == err +// +// Combine skips over nil arguments so this function may be used to combine +// together errors from operations that fail independently of each other. +// +// multierr.Combine( +// reader.Close(), +// writer.Close(), +// pipe.Close(), +// ) +// +// If any of the passed errors is a multierr error, it will be flattened along +// with the other errors. +// +// multierr.Combine(multierr.Combine(err1, err2), err3) +// // is the same as +// multierr.Combine(err1, err2, err3) +// +// The returned error formats into a readable multi-line error message if +// formatted with %+v. +// +// fmt.Sprintf("%+v", multierr.Combine(err1, err2)) +func Combine(errors ...error) error { + return fromSlice(errors) +} + +// Append appends the given errors together. Either value may be nil. +// +// This function is a specialization of Combine for the common case where +// there are only two errors. +// +// err = multierr.Append(reader.Close(), writer.Close()) +// +// The following pattern may also be used to record failure of deferred +// operations without losing information about the original error. +// +// func doSomething(..) (err error) { +// f := acquireResource() +// defer func() { +// err = multierr.Append(err, f.Close()) +// }() +// +// Note that the variable MUST be a named return to append an error to it from +// the defer statement. See also [AppendInvoke]. +func Append(left error, right error) error { + switch { + case left == nil: + return right + case right == nil: + return left + } + + if _, ok := right.(*multiError); !ok { + if l, ok := left.(*multiError); ok && !l.copyNeeded.Swap(true) { + // Common case where the error on the left is constantly being + // appended to. + errs := append(l.errors, right) + return &multiError{errors: errs} + } else if !ok { + // Both errors are single errors. + return &multiError{errors: []error{left, right}} + } + } + + // Either right or both, left and right, are multiErrors. Rely on usual + // expensive logic. + errors := [2]error{left, right} + return fromSlice(errors[0:]) +} + +// AppendInto appends an error into the destination of an error pointer and +// returns whether the error being appended was non-nil. +// +// var err error +// multierr.AppendInto(&err, r.Close()) +// multierr.AppendInto(&err, w.Close()) +// +// The above is equivalent to, +// +// err := multierr.Append(r.Close(), w.Close()) +// +// As AppendInto reports whether the provided error was non-nil, it may be +// used to build a multierr error in a loop more ergonomically. For example: +// +// var err error +// for line := range lines { +// var item Item +// if multierr.AppendInto(&err, parse(line, &item)) { +// continue +// } +// items = append(items, item) +// } +// +// Compare this with a version that relies solely on Append: +// +// var err error +// for line := range lines { +// var item Item +// if parseErr := parse(line, &item); parseErr != nil { +// err = multierr.Append(err, parseErr) +// continue +// } +// items = append(items, item) +// } +func AppendInto(into *error, err error) (errored bool) { + if into == nil { + // We panic if 'into' is nil. This is not documented above + // because suggesting that the pointer must be non-nil may + // confuse users into thinking that the error that it points + // to must be non-nil. + panic("misuse of multierr.AppendInto: into pointer must not be nil") + } + + if err == nil { + return false + } + *into = Append(*into, err) + return true +} + +// Invoker is an operation that may fail with an error. Use it with +// AppendInvoke to append the result of calling the function into an error. +// This allows you to conveniently defer capture of failing operations. +// +// See also, [Close] and [Invoke]. +type Invoker interface { + Invoke() error +} + +// Invoke wraps a function which may fail with an error to match the Invoker +// interface. Use it to supply functions matching this signature to +// AppendInvoke. +// +// For example, +// +// func processReader(r io.Reader) (err error) { +// scanner := bufio.NewScanner(r) +// defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err)) +// for scanner.Scan() { +// // ... +// } +// // ... +// } +// +// In this example, the following line will construct the Invoker right away, +// but defer the invocation of scanner.Err() until the function returns. +// +// defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err)) +// +// Note that the error you're appending to from the defer statement MUST be a +// named return. +type Invoke func() error + +// Invoke calls the supplied function and returns its result. +func (i Invoke) Invoke() error { return i() } + +// Close builds an Invoker that closes the provided io.Closer. Use it with +// AppendInvoke to close io.Closers and append their results into an error. +// +// For example, +// +// func processFile(path string) (err error) { +// f, err := os.Open(path) +// if err != nil { +// return err +// } +// defer multierr.AppendInvoke(&err, multierr.Close(f)) +// return processReader(f) +// } +// +// In this example, multierr.Close will construct the Invoker right away, but +// defer the invocation of f.Close until the function returns. +// +// defer multierr.AppendInvoke(&err, multierr.Close(f)) +// +// Note that the error you're appending to from the defer statement MUST be a +// named return. +func Close(closer io.Closer) Invoker { + return Invoke(closer.Close) +} + +// AppendInvoke appends the result of calling the given Invoker into the +// provided error pointer. Use it with named returns to safely defer +// invocation of fallible operations until a function returns, and capture the +// resulting errors. +// +// func doSomething(...) (err error) { +// // ... +// f, err := openFile(..) +// if err != nil { +// return err +// } +// +// // multierr will call f.Close() when this function returns and +// // if the operation fails, its append its error into the +// // returned error. +// defer multierr.AppendInvoke(&err, multierr.Close(f)) +// +// scanner := bufio.NewScanner(f) +// // Similarly, this scheduled scanner.Err to be called and +// // inspected when the function returns and append its error +// // into the returned error. +// defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err)) +// +// // ... +// } +// +// NOTE: If used with a defer, the error variable MUST be a named return. +// +// Without defer, AppendInvoke behaves exactly like AppendInto. +// +// err := // ... +// multierr.AppendInvoke(&err, mutltierr.Invoke(foo)) +// +// // ...is roughly equivalent to... +// +// err := // ... +// multierr.AppendInto(&err, foo()) +// +// The advantage of the indirection introduced by Invoker is to make it easy +// to defer the invocation of a function. Without this indirection, the +// invoked function will be evaluated at the time of the defer block rather +// than when the function returns. +// +// // BAD: This is likely not what the caller intended. This will evaluate +// // foo() right away and append its result into the error when the +// // function returns. +// defer multierr.AppendInto(&err, foo()) +// +// // GOOD: This will defer invocation of foo unutil the function returns. +// defer multierr.AppendInvoke(&err, multierr.Invoke(foo)) +// +// multierr provides a few Invoker implementations out of the box for +// convenience. See [Invoker] for more information. +func AppendInvoke(into *error, invoker Invoker) { + AppendInto(into, invoker.Invoke()) +} + +// AppendFunc is a shorthand for [AppendInvoke]. +// It allows using function or method value directly +// without having to wrap it into an [Invoker] interface. +// +// func doSomething(...) (err error) { +// w, err := startWorker(...) +// if err != nil { +// return err +// } +// +// // multierr will call w.Stop() when this function returns and +// // if the operation fails, it appends its error into the +// // returned error. +// defer multierr.AppendFunc(&err, w.Stop) +// } +func AppendFunc(into *error, fn func() error) { + AppendInvoke(into, Invoke(fn)) +} diff --git a/vendor/go.uber.org/multierr/error_post_go120.go b/vendor/go.uber.org/multierr/error_post_go120.go new file mode 100644 index 0000000000..a173f9c251 --- /dev/null +++ b/vendor/go.uber.org/multierr/error_post_go120.go @@ -0,0 +1,48 @@ +// Copyright (c) 2017-2023 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +//go:build go1.20 +// +build go1.20 + +package multierr + +// Unwrap returns a list of errors wrapped by this multierr. +func (merr *multiError) Unwrap() []error { + return merr.Errors() +} + +type multipleErrors interface { + Unwrap() []error +} + +func extractErrors(err error) []error { + if err == nil { + return nil + } + + // check if the given err is an Unwrapable error that + // implements multipleErrors interface. + eg, ok := err.(multipleErrors) + if !ok { + return []error{err} + } + + return append(([]error)(nil), eg.Unwrap()...) +} diff --git a/vendor/go.uber.org/multierr/error_pre_go120.go b/vendor/go.uber.org/multierr/error_pre_go120.go new file mode 100644 index 0000000000..93872a3fcd --- /dev/null +++ b/vendor/go.uber.org/multierr/error_pre_go120.go @@ -0,0 +1,79 @@ +// Copyright (c) 2017-2023 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +//go:build !go1.20 +// +build !go1.20 + +package multierr + +import "errors" + +// Versions of Go before 1.20 did not support the Unwrap() []error method. +// This provides a similar behavior by implementing the Is(..) and As(..) +// methods. +// See the errors.Join proposal for details: +// https://github.com/golang/go/issues/53435 + +// As attempts to find the first error in the error list that matches the type +// of the value that target points to. +// +// This function allows errors.As to traverse the values stored on the +// multierr error. +func (merr *multiError) As(target interface{}) bool { + for _, err := range merr.Errors() { + if errors.As(err, target) { + return true + } + } + return false +} + +// Is attempts to match the provided error against errors in the error list. +// +// This function allows errors.Is to traverse the values stored on the +// multierr error. +func (merr *multiError) Is(target error) bool { + for _, err := range merr.Errors() { + if errors.Is(err, target) { + return true + } + } + return false +} + +func extractErrors(err error) []error { + if err == nil { + return nil + } + + // Note that we're casting to multiError, not errorGroup. Our contract is + // that returned errors MAY implement errorGroup. Errors, however, only + // has special behavior for multierr-specific error objects. + // + // This behavior can be expanded in the future but I think it's prudent to + // start with as little as possible in terms of contract and possibility + // of misuse. + eg, ok := err.(*multiError) + if !ok { + return []error{err} + } + + return append(([]error)(nil), eg.Errors()...) +} diff --git a/vendor/go.uber.org/zap/.codecov.yml b/vendor/go.uber.org/zap/.codecov.yml new file mode 100644 index 0000000000..8e5ca7d3e2 --- /dev/null +++ b/vendor/go.uber.org/zap/.codecov.yml @@ -0,0 +1,17 @@ +coverage: + range: 80..100 + round: down + precision: 2 + + status: + project: # measuring the overall project coverage + default: # context, you can create multiple ones with custom titles + enabled: yes # must be yes|true to enable this status + target: 95% # specify the target coverage for each commit status + # option: "auto" (must increase from parent commit or pull request base) + # option: "X%" a static target percentage to hit + if_not_found: success # if parent is not found report status as success, error, or failure + if_ci_failed: error # if ci fails report status as success, error, or failure +ignore: + - internal/readme/readme.go + diff --git a/vendor/go.uber.org/zap/.gitignore b/vendor/go.uber.org/zap/.gitignore new file mode 100644 index 0000000000..da9d9d00b4 --- /dev/null +++ b/vendor/go.uber.org/zap/.gitignore @@ -0,0 +1,32 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test +vendor + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof +*.pprof +*.out +*.log + +/bin +cover.out +cover.html diff --git a/vendor/go.uber.org/zap/.readme.tmpl b/vendor/go.uber.org/zap/.readme.tmpl new file mode 100644 index 0000000000..92aa65d660 --- /dev/null +++ b/vendor/go.uber.org/zap/.readme.tmpl @@ -0,0 +1,109 @@ +# :zap: zap [![GoDoc][doc-img]][doc] [![Build Status][ci-img]][ci] [![Coverage Status][cov-img]][cov] + +Blazing fast, structured, leveled logging in Go. + +## Installation + +`go get -u go.uber.org/zap` + +Note that zap only supports the two most recent minor versions of Go. + +## Quick Start + +In contexts where performance is nice, but not critical, use the +`SugaredLogger`. It's 4-10x faster than other structured logging +packages and includes both structured and `printf`-style APIs. + +```go +logger, _ := zap.NewProduction() +defer logger.Sync() // flushes buffer, if any +sugar := logger.Sugar() +sugar.Infow("failed to fetch URL", + // Structured context as loosely typed key-value pairs. + "url", url, + "attempt", 3, + "backoff", time.Second, +) +sugar.Infof("Failed to fetch URL: %s", url) +``` + +When performance and type safety are critical, use the `Logger`. It's even +faster than the `SugaredLogger` and allocates far less, but it only supports +structured logging. + +```go +logger, _ := zap.NewProduction() +defer logger.Sync() +logger.Info("failed to fetch URL", + // Structured context as strongly typed Field values. + zap.String("url", url), + zap.Int("attempt", 3), + zap.Duration("backoff", time.Second), +) +``` + +See the [documentation][doc] and [FAQ](FAQ.md) for more details. + +## Performance + +For applications that log in the hot path, reflection-based serialization and +string formatting are prohibitively expensive — they're CPU-intensive +and make many small allocations. Put differently, using `encoding/json` and +`fmt.Fprintf` to log tons of `interface{}`s makes your application slow. + +Zap takes a different approach. It includes a reflection-free, zero-allocation +JSON encoder, and the base `Logger` strives to avoid serialization overhead +and allocations wherever possible. By building the high-level `SugaredLogger` +on that foundation, zap lets users *choose* when they need to count every +allocation and when they'd prefer a more familiar, loosely typed API. + +As measured by its own [benchmarking suite][], not only is zap more performant +than comparable structured logging packages — it's also faster than the +standard library. Like all benchmarks, take these with a grain of salt.[1](#footnote-versions) + +Log a message and 10 fields: + +{{.BenchmarkAddingFields}} + +Log a message with a logger that already has 10 fields of context: + +{{.BenchmarkAccumulatedContext}} + +Log a static string, without any context or `printf`-style templating: + +{{.BenchmarkWithoutFields}} + +## Development Status: Stable + +All APIs are finalized, and no breaking changes will be made in the 1.x series +of releases. Users of semver-aware dependency management systems should pin +zap to `^1`. + +## Contributing + +We encourage and support an active, healthy community of contributors — +including you! Details are in the [contribution guide](CONTRIBUTING.md) and +the [code of conduct](CODE_OF_CONDUCT.md). The zap maintainers keep an eye on +issues and pull requests, but you can also report any negative conduct to +oss-conduct@uber.com. That email list is a private, safe space; even the zap +maintainers don't have access, so don't hesitate to hold us to a high +standard. + +


      + +Released under the [MIT License](LICENSE.txt). + +1 In particular, keep in mind that we may be +benchmarking against slightly older versions of other packages. Versions are +pinned in the [benchmarks/go.mod][] file. [↩](#anchor-versions) + +[doc-img]: https://pkg.go.dev/badge/go.uber.org/zap +[doc]: https://pkg.go.dev/go.uber.org/zap +[ci-img]: https://github.com/uber-go/zap/actions/workflows/go.yml/badge.svg +[ci]: https://github.com/uber-go/zap/actions/workflows/go.yml +[cov-img]: https://codecov.io/gh/uber-go/zap/branch/master/graph/badge.svg +[cov]: https://codecov.io/gh/uber-go/zap +[benchmarking suite]: https://github.com/uber-go/zap/tree/master/benchmarks +[benchmarks/go.mod]: https://github.com/uber-go/zap/blob/master/benchmarks/go.mod + diff --git a/vendor/go.uber.org/zap/CHANGELOG.md b/vendor/go.uber.org/zap/CHANGELOG.md new file mode 100644 index 0000000000..0db1f9f15f --- /dev/null +++ b/vendor/go.uber.org/zap/CHANGELOG.md @@ -0,0 +1,617 @@ +# Changelog +All notable changes to this project will be documented in this file. + +This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). + +## 1.24.0 (30 Nov 2022) + +Enhancements: +* [#1148][]: Add `Level` to both `Logger` and `SugaredLogger` that reports the + current minimum enabled log level. +* [#1185][]: `SugaredLogger` turns errors to zap.Error automatically. + +Thanks to @Abirdcfly, @craigpastro, @nnnkkk7, and @sashamelentyev for their +contributions to this release. + +[#1148]: https://github.coml/uber-go/zap/pull/1148 +[#1185]: https://github.coml/uber-go/zap/pull/1185 + +## 1.23.0 (24 Aug 2022) + +Enhancements: +* [#1147][]: Add a `zapcore.LevelOf` function to determine the level of a + `LevelEnabler` or `Core`. +* [#1155][]: Add `zap.Stringers` field constructor to log arrays of objects + that implement `String() string`. + +[#1147]: https://github.com/uber-go/zap/pull/1147 +[#1155]: https://github.com/uber-go/zap/pull/1155 + + +## 1.22.0 (8 Aug 2022) + +Enhancements: +* [#1071][]: Add `zap.Objects` and `zap.ObjectValues` field constructors to log + arrays of objects. With these two constructors, you don't need to implement + `zapcore.ArrayMarshaler` for use with `zap.Array` if those objects implement + `zapcore.ObjectMarshaler`. +* [#1079][]: Add `SugaredLogger.WithOptions` to build a copy of an existing + `SugaredLogger` with the provided options applied. +* [#1080][]: Add `*ln` variants to `SugaredLogger` for each log level. + These functions provide a string joining behavior similar to `fmt.Println`. +* [#1088][]: Add `zap.WithFatalHook` option to control the behavior of the + logger for `Fatal`-level log entries. This defaults to exiting the program. +* [#1108][]: Add a `zap.Must` function that you can use with `NewProduction` or + `NewDevelopment` to panic if the system was unable to build the logger. +* [#1118][]: Add a `Logger.Log` method that allows specifying the log level for + a statement dynamically. + +Thanks to @cardil, @craigpastro, @sashamelentyev, @shota3506, and @zhupeijun +for their contributions to this release. + +[#1071]: https://github.com/uber-go/zap/pull/1071 +[#1079]: https://github.com/uber-go/zap/pull/1079 +[#1080]: https://github.com/uber-go/zap/pull/1080 +[#1088]: https://github.com/uber-go/zap/pull/1088 +[#1108]: https://github.com/uber-go/zap/pull/1108 +[#1118]: https://github.com/uber-go/zap/pull/1118 + +## 1.21.0 (7 Feb 2022) + +Enhancements: +* [#1047][]: Add `zapcore.ParseLevel` to parse a `Level` from a string. +* [#1048][]: Add `zap.ParseAtomicLevel` to parse an `AtomicLevel` from a + string. + +Bugfixes: +* [#1058][]: Fix panic in JSON encoder when `EncodeLevel` is unset. + +Other changes: +* [#1052][]: Improve encoding performance when the `AddCaller` and + `AddStacktrace` options are used together. + +[#1047]: https://github.com/uber-go/zap/pull/1047 +[#1048]: https://github.com/uber-go/zap/pull/1048 +[#1052]: https://github.com/uber-go/zap/pull/1052 +[#1058]: https://github.com/uber-go/zap/pull/1058 + +Thanks to @aerosol and @Techassi for their contributions to this release. + +## 1.20.0 (4 Jan 2022) + +Enhancements: +* [#989][]: Add `EncoderConfig.SkipLineEnding` flag to disable adding newline + characters between log statements. +* [#1039][]: Add `EncoderConfig.NewReflectedEncoder` field to customize JSON + encoding of reflected log fields. + +Bugfixes: +* [#1011][]: Fix inaccurate precision when encoding complex64 as JSON. +* [#554][], [#1017][]: Close JSON namespaces opened in `MarshalLogObject` + methods when the methods return. +* [#1033][]: Avoid panicking in Sampler core if `thereafter` is zero. + +Other changes: +* [#1028][]: Drop support for Go < 1.15. + +[#554]: https://github.com/uber-go/zap/pull/554 +[#989]: https://github.com/uber-go/zap/pull/989 +[#1011]: https://github.com/uber-go/zap/pull/1011 +[#1017]: https://github.com/uber-go/zap/pull/1017 +[#1028]: https://github.com/uber-go/zap/pull/1028 +[#1033]: https://github.com/uber-go/zap/pull/1033 +[#1039]: https://github.com/uber-go/zap/pull/1039 + +Thanks to @psrajat, @lruggieri, @sammyrnycreal for their contributions to this release. + +## 1.19.1 (8 Sep 2021) + +Bugfixes: +* [#1001][]: JSON: Fix complex number encoding with negative imaginary part. Thanks to @hemantjadon. +* [#1003][]: JSON: Fix inaccurate precision when encoding float32. + +[#1001]: https://github.com/uber-go/zap/pull/1001 +[#1003]: https://github.com/uber-go/zap/pull/1003 + +## 1.19.0 (9 Aug 2021) + +Enhancements: +* [#975][]: Avoid panicking in Sampler core if the level is out of bounds. +* [#984][]: Reduce the size of BufferedWriteSyncer by aligning the fields + better. + +[#975]: https://github.com/uber-go/zap/pull/975 +[#984]: https://github.com/uber-go/zap/pull/984 + +Thanks to @lancoLiu and @thockin for their contributions to this release. + +## 1.18.1 (28 Jun 2021) + +Bugfixes: +* [#974][]: Fix nil dereference in logger constructed by `zap.NewNop`. + +[#974]: https://github.com/uber-go/zap/pull/974 + +## 1.18.0 (28 Jun 2021) + +Enhancements: +* [#961][]: Add `zapcore.BufferedWriteSyncer`, a new `WriteSyncer` that buffers + messages in-memory and flushes them periodically. +* [#971][]: Add `zapio.Writer` to use a Zap logger as an `io.Writer`. +* [#897][]: Add `zap.WithClock` option to control the source of time via the + new `zapcore.Clock` interface. +* [#949][]: Avoid panicking in `zap.SugaredLogger` when arguments of `*w` + methods don't match expectations. +* [#943][]: Add support for filtering by level or arbitrary matcher function to + `zaptest/observer`. +* [#691][]: Comply with `io.StringWriter` and `io.ByteWriter` in Zap's + `buffer.Buffer`. + +Thanks to @atrn0, @ernado, @heyanfu, @hnlq715, @zchee +for their contributions to this release. + +[#691]: https://github.com/uber-go/zap/pull/691 +[#897]: https://github.com/uber-go/zap/pull/897 +[#943]: https://github.com/uber-go/zap/pull/943 +[#949]: https://github.com/uber-go/zap/pull/949 +[#961]: https://github.com/uber-go/zap/pull/961 +[#971]: https://github.com/uber-go/zap/pull/971 + +## 1.17.0 (25 May 2021) + +Bugfixes: +* [#867][]: Encode `` for nil `error` instead of a panic. +* [#931][], [#936][]: Update minimum version constraints to address + vulnerabilities in dependencies. + +Enhancements: +* [#865][]: Improve alignment of fields of the Logger struct, reducing its + size from 96 to 80 bytes. +* [#881][]: Support `grpclog.LoggerV2` in zapgrpc. +* [#903][]: Support URL-encoded POST requests to the AtomicLevel HTTP handler + with the `application/x-www-form-urlencoded` content type. +* [#912][]: Support multi-field encoding with `zap.Inline`. +* [#913][]: Speed up SugaredLogger for calls with a single string. +* [#928][]: Add support for filtering by field name to `zaptest/observer`. + +Thanks to @ash2k, @FMLS, @jimmystewpot, @Oncilla, @tsoslow, @tylitianrui, @withshubh, and @wziww for their contributions to this release. + +## 1.16.0 (1 Sep 2020) + +Bugfixes: +* [#828][]: Fix missing newline in IncreaseLevel error messages. +* [#835][]: Fix panic in JSON encoder when encoding times or durations + without specifying a time or duration encoder. +* [#843][]: Honor CallerSkip when taking stack traces. +* [#862][]: Fix the default file permissions to use `0666` and rely on the umask instead. +* [#854][]: Encode `` for nil `Stringer` instead of a panic error log. + +Enhancements: +* [#629][]: Added `zapcore.TimeEncoderOfLayout` to easily create time encoders + for custom layouts. +* [#697][]: Added support for a configurable delimiter in the console encoder. +* [#852][]: Optimize console encoder by pooling the underlying JSON encoder. +* [#844][]: Add ability to include the calling function as part of logs. +* [#843][]: Add `StackSkip` for including truncated stacks as a field. +* [#861][]: Add options to customize Fatal behaviour for better testability. + +Thanks to @SteelPhase, @tmshn, @lixingwang, @wyxloading, @moul, @segevfiner, @andy-retailnext and @jcorbin for their contributions to this release. + +## 1.15.0 (23 Apr 2020) + +Bugfixes: +* [#804][]: Fix handling of `Time` values out of `UnixNano` range. +* [#812][]: Fix `IncreaseLevel` being reset after a call to `With`. + +Enhancements: +* [#806][]: Add `WithCaller` option to supersede the `AddCaller` option. This + allows disabling annotation of log entries with caller information if + previously enabled with `AddCaller`. +* [#813][]: Deprecate `NewSampler` constructor in favor of + `NewSamplerWithOptions` which supports a `SamplerHook` option. This option + adds support for monitoring sampling decisions through a hook. + +Thanks to @danielbprice for their contributions to this release. + +## 1.14.1 (14 Mar 2020) + +Bugfixes: +* [#791][]: Fix panic on attempting to build a logger with an invalid Config. +* [#795][]: Vendoring Zap with `go mod vendor` no longer includes Zap's + development-time dependencies. +* [#799][]: Fix issue introduced in 1.14.0 that caused invalid JSON output to + be generated for arrays of `time.Time` objects when using string-based time + formats. + +Thanks to @YashishDua for their contributions to this release. + +## 1.14.0 (20 Feb 2020) + +Enhancements: +* [#771][]: Optimize calls for disabled log levels. +* [#773][]: Add millisecond duration encoder. +* [#775][]: Add option to increase the level of a logger. +* [#786][]: Optimize time formatters using `Time.AppendFormat` where possible. + +Thanks to @caibirdme for their contributions to this release. + +## 1.13.0 (13 Nov 2019) + +Enhancements: +* [#758][]: Add `Intp`, `Stringp`, and other similar `*p` field constructors + to log pointers to primitives with support for `nil` values. + +Thanks to @jbizzle for their contributions to this release. + +## 1.12.0 (29 Oct 2019) + +Enhancements: +* [#751][]: Migrate to Go modules. + +## 1.11.0 (21 Oct 2019) + +Enhancements: +* [#725][]: Add `zapcore.OmitKey` to omit keys in an `EncoderConfig`. +* [#736][]: Add `RFC3339` and `RFC3339Nano` time encoders. + +Thanks to @juicemia, @uhthomas for their contributions to this release. + +## 1.10.0 (29 Apr 2019) + +Bugfixes: +* [#657][]: Fix `MapObjectEncoder.AppendByteString` not adding value as a + string. +* [#706][]: Fix incorrect call depth to determine caller in Go 1.12. + +Enhancements: +* [#610][]: Add `zaptest.WrapOptions` to wrap `zap.Option` for creating test + loggers. +* [#675][]: Don't panic when encoding a String field. +* [#704][]: Disable HTML escaping for JSON objects encoded using the + reflect-based encoder. + +Thanks to @iaroslav-ciupin, @lelenanam, @joa, @NWilson for their contributions +to this release. + +## v1.9.1 (06 Aug 2018) + +Bugfixes: + +* [#614][]: MapObjectEncoder should not ignore empty slices. + +## v1.9.0 (19 Jul 2018) + +Enhancements: +* [#602][]: Reduce number of allocations when logging with reflection. +* [#572][], [#606][]: Expose a registry for third-party logging sinks. + +Thanks to @nfarah86, @AlekSi, @JeanMertz, @philippgille, @etsangsplk, and +@dimroc for their contributions to this release. + +## v1.8.0 (13 Apr 2018) + +Enhancements: +* [#508][]: Make log level configurable when redirecting the standard + library's logger. +* [#518][]: Add a logger that writes to a `*testing.TB`. +* [#577][]: Add a top-level alias for `zapcore.Field` to clean up GoDoc. + +Bugfixes: +* [#574][]: Add a missing import comment to `go.uber.org/zap/buffer`. + +Thanks to @DiSiqueira and @djui for their contributions to this release. + +## v1.7.1 (25 Sep 2017) + +Bugfixes: +* [#504][]: Store strings when using AddByteString with the map encoder. + +## v1.7.0 (21 Sep 2017) + +Enhancements: + +* [#487][]: Add `NewStdLogAt`, which extends `NewStdLog` by allowing the user + to specify the level of the logged messages. + +## v1.6.0 (30 Aug 2017) + +Enhancements: + +* [#491][]: Omit zap stack frames from stacktraces. +* [#490][]: Add a `ContextMap` method to observer logs for simpler + field validation in tests. + +## v1.5.0 (22 Jul 2017) + +Enhancements: + +* [#460][] and [#470][]: Support errors produced by `go.uber.org/multierr`. +* [#465][]: Support user-supplied encoders for logger names. + +Bugfixes: + +* [#477][]: Fix a bug that incorrectly truncated deep stacktraces. + +Thanks to @richard-tunein and @pavius for their contributions to this release. + +## v1.4.1 (08 Jun 2017) + +This release fixes two bugs. + +Bugfixes: + +* [#435][]: Support a variety of case conventions when unmarshaling levels. +* [#444][]: Fix a panic in the observer. + +## v1.4.0 (12 May 2017) + +This release adds a few small features and is fully backward-compatible. + +Enhancements: + +* [#424][]: Add a `LineEnding` field to `EncoderConfig`, allowing users to + override the Unix-style default. +* [#425][]: Preserve time zones when logging times. +* [#431][]: Make `zap.AtomicLevel` implement `fmt.Stringer`, which makes a + variety of operations a bit simpler. + +## v1.3.0 (25 Apr 2017) + +This release adds an enhancement to zap's testing helpers as well as the +ability to marshal an AtomicLevel. It is fully backward-compatible. + +Enhancements: + +* [#415][]: Add a substring-filtering helper to zap's observer. This is + particularly useful when testing the `SugaredLogger`. +* [#416][]: Make `AtomicLevel` implement `encoding.TextMarshaler`. + +## v1.2.0 (13 Apr 2017) + +This release adds a gRPC compatibility wrapper. It is fully backward-compatible. + +Enhancements: + +* [#402][]: Add a `zapgrpc` package that wraps zap's Logger and implements + `grpclog.Logger`. + +## v1.1.0 (31 Mar 2017) + +This release fixes two bugs and adds some enhancements to zap's testing helpers. +It is fully backward-compatible. + +Bugfixes: + +* [#385][]: Fix caller path trimming on Windows. +* [#396][]: Fix a panic when attempting to use non-existent directories with + zap's configuration struct. + +Enhancements: + +* [#386][]: Add filtering helpers to zaptest's observing logger. + +Thanks to @moitias for contributing to this release. + +## v1.0.0 (14 Mar 2017) + +This is zap's first stable release. All exported APIs are now final, and no +further breaking changes will be made in the 1.x release series. Anyone using a +semver-aware dependency manager should now pin to `^1`. + +Breaking changes: + +* [#366][]: Add byte-oriented APIs to encoders to log UTF-8 encoded text without + casting from `[]byte` to `string`. +* [#364][]: To support buffering outputs, add `Sync` methods to `zapcore.Core`, + `zap.Logger`, and `zap.SugaredLogger`. +* [#371][]: Rename the `testutils` package to `zaptest`, which is less likely to + clash with other testing helpers. + +Bugfixes: + +* [#362][]: Make the ISO8601 time formatters fixed-width, which is friendlier + for tab-separated console output. +* [#369][]: Remove the automatic locks in `zapcore.NewCore`, which allows zap to + work with concurrency-safe `WriteSyncer` implementations. +* [#347][]: Stop reporting errors when trying to `fsync` standard out on Linux + systems. +* [#373][]: Report the correct caller from zap's standard library + interoperability wrappers. + +Enhancements: + +* [#348][]: Add a registry allowing third-party encodings to work with zap's + built-in `Config`. +* [#327][]: Make the representation of logger callers configurable (like times, + levels, and durations). +* [#376][]: Allow third-party encoders to use their own buffer pools, which + removes the last performance advantage that zap's encoders have over plugins. +* [#346][]: Add `CombineWriteSyncers`, a convenience function to tee multiple + `WriteSyncer`s and lock the result. +* [#365][]: Make zap's stacktraces compatible with mid-stack inlining (coming in + Go 1.9). +* [#372][]: Export zap's observing logger as `zaptest/observer`. This makes it + easier for particularly punctilious users to unit test their application's + logging. + +Thanks to @suyash, @htrendev, @flisky, @Ulexus, and @skipor for their +contributions to this release. + +## v1.0.0-rc.3 (7 Mar 2017) + +This is the third release candidate for zap's stable release. There are no +breaking changes. + +Bugfixes: + +* [#339][]: Byte slices passed to `zap.Any` are now correctly treated as binary blobs + rather than `[]uint8`. + +Enhancements: + +* [#307][]: Users can opt into colored output for log levels. +* [#353][]: In addition to hijacking the output of the standard library's + package-global logging functions, users can now construct a zap-backed + `log.Logger` instance. +* [#311][]: Frames from common runtime functions and some of zap's internal + machinery are now omitted from stacktraces. + +Thanks to @ansel1 and @suyash for their contributions to this release. + +## v1.0.0-rc.2 (21 Feb 2017) + +This is the second release candidate for zap's stable release. It includes two +breaking changes. + +Breaking changes: + +* [#316][]: Zap's global loggers are now fully concurrency-safe + (previously, users had to ensure that `ReplaceGlobals` was called before the + loggers were in use). However, they must now be accessed via the `L()` and + `S()` functions. Users can update their projects with + + ``` + gofmt -r "zap.L -> zap.L()" -w . + gofmt -r "zap.S -> zap.S()" -w . + ``` +* [#309][] and [#317][]: RC1 was mistakenly shipped with invalid + JSON and YAML struct tags on all config structs. This release fixes the tags + and adds static analysis to prevent similar bugs in the future. + +Bugfixes: + +* [#321][]: Redirecting the standard library's `log` output now + correctly reports the logger's caller. + +Enhancements: + +* [#325][] and [#333][]: Zap now transparently supports non-standard, rich + errors like those produced by `github.com/pkg/errors`. +* [#326][]: Though `New(nil)` continues to return a no-op logger, `NewNop()` is + now preferred. Users can update their projects with `gofmt -r 'zap.New(nil) -> + zap.NewNop()' -w .`. +* [#300][]: Incorrectly importing zap as `github.com/uber-go/zap` now returns a + more informative error. + +Thanks to @skipor and @chapsuk for their contributions to this release. + +## v1.0.0-rc.1 (14 Feb 2017) + +This is the first release candidate for zap's stable release. There are multiple +breaking changes and improvements from the pre-release version. Most notably: + +* **Zap's import path is now "go.uber.org/zap"** — all users will + need to update their code. +* User-facing types and functions remain in the `zap` package. Code relevant + largely to extension authors is now in the `zapcore` package. +* The `zapcore.Core` type makes it easy for third-party packages to use zap's + internals but provide a different user-facing API. +* `Logger` is now a concrete type instead of an interface. +* A less verbose (though slower) logging API is included by default. +* Package-global loggers `L` and `S` are included. +* A human-friendly console encoder is included. +* A declarative config struct allows common logger configurations to be managed + as configuration instead of code. +* Sampling is more accurate, and doesn't depend on the standard library's shared + timer heap. + +## v0.1.0-beta.1 (6 Feb 2017) + +This is a minor version, tagged to allow users to pin to the pre-1.0 APIs and +upgrade at their leisure. Since this is the first tagged release, there are no +backward compatibility concerns and all functionality is new. + +Early zap adopters should pin to the 0.1.x minor version until they're ready to +upgrade to the upcoming stable release. + +[#316]: https://github.com/uber-go/zap/pull/316 +[#309]: https://github.com/uber-go/zap/pull/309 +[#317]: https://github.com/uber-go/zap/pull/317 +[#321]: https://github.com/uber-go/zap/pull/321 +[#325]: https://github.com/uber-go/zap/pull/325 +[#333]: https://github.com/uber-go/zap/pull/333 +[#326]: https://github.com/uber-go/zap/pull/326 +[#300]: https://github.com/uber-go/zap/pull/300 +[#339]: https://github.com/uber-go/zap/pull/339 +[#307]: https://github.com/uber-go/zap/pull/307 +[#353]: https://github.com/uber-go/zap/pull/353 +[#311]: https://github.com/uber-go/zap/pull/311 +[#366]: https://github.com/uber-go/zap/pull/366 +[#364]: https://github.com/uber-go/zap/pull/364 +[#371]: https://github.com/uber-go/zap/pull/371 +[#362]: https://github.com/uber-go/zap/pull/362 +[#369]: https://github.com/uber-go/zap/pull/369 +[#347]: https://github.com/uber-go/zap/pull/347 +[#373]: https://github.com/uber-go/zap/pull/373 +[#348]: https://github.com/uber-go/zap/pull/348 +[#327]: https://github.com/uber-go/zap/pull/327 +[#376]: https://github.com/uber-go/zap/pull/376 +[#346]: https://github.com/uber-go/zap/pull/346 +[#365]: https://github.com/uber-go/zap/pull/365 +[#372]: https://github.com/uber-go/zap/pull/372 +[#385]: https://github.com/uber-go/zap/pull/385 +[#396]: https://github.com/uber-go/zap/pull/396 +[#386]: https://github.com/uber-go/zap/pull/386 +[#402]: https://github.com/uber-go/zap/pull/402 +[#415]: https://github.com/uber-go/zap/pull/415 +[#416]: https://github.com/uber-go/zap/pull/416 +[#424]: https://github.com/uber-go/zap/pull/424 +[#425]: https://github.com/uber-go/zap/pull/425 +[#431]: https://github.com/uber-go/zap/pull/431 +[#435]: https://github.com/uber-go/zap/pull/435 +[#444]: https://github.com/uber-go/zap/pull/444 +[#477]: https://github.com/uber-go/zap/pull/477 +[#465]: https://github.com/uber-go/zap/pull/465 +[#460]: https://github.com/uber-go/zap/pull/460 +[#470]: https://github.com/uber-go/zap/pull/470 +[#487]: https://github.com/uber-go/zap/pull/487 +[#490]: https://github.com/uber-go/zap/pull/490 +[#491]: https://github.com/uber-go/zap/pull/491 +[#504]: https://github.com/uber-go/zap/pull/504 +[#508]: https://github.com/uber-go/zap/pull/508 +[#518]: https://github.com/uber-go/zap/pull/518 +[#577]: https://github.com/uber-go/zap/pull/577 +[#574]: https://github.com/uber-go/zap/pull/574 +[#602]: https://github.com/uber-go/zap/pull/602 +[#572]: https://github.com/uber-go/zap/pull/572 +[#606]: https://github.com/uber-go/zap/pull/606 +[#614]: https://github.com/uber-go/zap/pull/614 +[#657]: https://github.com/uber-go/zap/pull/657 +[#706]: https://github.com/uber-go/zap/pull/706 +[#610]: https://github.com/uber-go/zap/pull/610 +[#675]: https://github.com/uber-go/zap/pull/675 +[#704]: https://github.com/uber-go/zap/pull/704 +[#725]: https://github.com/uber-go/zap/pull/725 +[#736]: https://github.com/uber-go/zap/pull/736 +[#751]: https://github.com/uber-go/zap/pull/751 +[#758]: https://github.com/uber-go/zap/pull/758 +[#771]: https://github.com/uber-go/zap/pull/771 +[#773]: https://github.com/uber-go/zap/pull/773 +[#775]: https://github.com/uber-go/zap/pull/775 +[#786]: https://github.com/uber-go/zap/pull/786 +[#791]: https://github.com/uber-go/zap/pull/791 +[#795]: https://github.com/uber-go/zap/pull/795 +[#799]: https://github.com/uber-go/zap/pull/799 +[#804]: https://github.com/uber-go/zap/pull/804 +[#812]: https://github.com/uber-go/zap/pull/812 +[#806]: https://github.com/uber-go/zap/pull/806 +[#813]: https://github.com/uber-go/zap/pull/813 +[#629]: https://github.com/uber-go/zap/pull/629 +[#697]: https://github.com/uber-go/zap/pull/697 +[#828]: https://github.com/uber-go/zap/pull/828 +[#835]: https://github.com/uber-go/zap/pull/835 +[#843]: https://github.com/uber-go/zap/pull/843 +[#844]: https://github.com/uber-go/zap/pull/844 +[#852]: https://github.com/uber-go/zap/pull/852 +[#854]: https://github.com/uber-go/zap/pull/854 +[#861]: https://github.com/uber-go/zap/pull/861 +[#862]: https://github.com/uber-go/zap/pull/862 +[#865]: https://github.com/uber-go/zap/pull/865 +[#867]: https://github.com/uber-go/zap/pull/867 +[#881]: https://github.com/uber-go/zap/pull/881 +[#903]: https://github.com/uber-go/zap/pull/903 +[#912]: https://github.com/uber-go/zap/pull/912 +[#913]: https://github.com/uber-go/zap/pull/913 +[#928]: https://github.com/uber-go/zap/pull/928 +[#931]: https://github.com/uber-go/zap/pull/931 +[#936]: https://github.com/uber-go/zap/pull/936 diff --git a/vendor/go.uber.org/zap/CODE_OF_CONDUCT.md b/vendor/go.uber.org/zap/CODE_OF_CONDUCT.md new file mode 100644 index 0000000000..e327d9aa5c --- /dev/null +++ b/vendor/go.uber.org/zap/CODE_OF_CONDUCT.md @@ -0,0 +1,75 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, +body size, disability, ethnicity, gender identity and expression, level of +experience, nationality, personal appearance, race, religion, or sexual +identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an +appointed representative at an online or offline event. Representation of a +project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at oss-conduct@uber.com. The project +team will review and investigate all complaints, and will respond in a way +that it deems appropriate to the circumstances. The project team is obligated +to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 1.4, available at +[http://contributor-covenant.org/version/1/4][version]. + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/vendor/go.uber.org/zap/CONTRIBUTING.md b/vendor/go.uber.org/zap/CONTRIBUTING.md new file mode 100644 index 0000000000..ea02f3cae2 --- /dev/null +++ b/vendor/go.uber.org/zap/CONTRIBUTING.md @@ -0,0 +1,70 @@ +# Contributing + +We'd love your help making zap the very best structured logging library in Go! + +If you'd like to add new exported APIs, please [open an issue][open-issue] +describing your proposal — discussing API changes ahead of time makes +pull request review much smoother. In your issue, pull request, and any other +communications, please remember to treat your fellow contributors with +respect! We take our [code of conduct](CODE_OF_CONDUCT.md) seriously. + +Note that you'll need to sign [Uber's Contributor License Agreement][cla] +before we can accept any of your contributions. If necessary, a bot will remind +you to accept the CLA when you open your pull request. + +## Setup + +[Fork][fork], then clone the repository: + +```bash +mkdir -p $GOPATH/src/go.uber.org +cd $GOPATH/src/go.uber.org +git clone git@github.com:your_github_username/zap.git +cd zap +git remote add upstream https://github.com/uber-go/zap.git +git fetch upstream +``` + +Make sure that the tests and the linters pass: + +```bash +make test +make lint +``` + +## Making Changes + +Start by creating a new branch for your changes: + +```bash +cd $GOPATH/src/go.uber.org/zap +git checkout master +git fetch upstream +git rebase upstream/master +git checkout -b cool_new_feature +``` + +Make your changes, then ensure that `make lint` and `make test` still pass. If +you're satisfied with your changes, push them to your fork. + +```bash +git push origin cool_new_feature +``` + +Then use the GitHub UI to open a pull request. + +At this point, you're waiting on us to review your changes. We _try_ to respond +to issues and pull requests within a few business days, and we may suggest some +improvements or alternatives. Once your changes are approved, one of the +project maintainers will merge them. + +We're much more likely to approve your changes if you: + +- Add tests for new functionality. +- Write a [good commit message][commit-message]. +- Maintain backward compatibility. + +[fork]: https://github.com/uber-go/zap/fork +[open-issue]: https://github.com/uber-go/zap/issues/new +[cla]: https://cla-assistant.io/uber-go/zap +[commit-message]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html diff --git a/vendor/go.uber.org/zap/FAQ.md b/vendor/go.uber.org/zap/FAQ.md new file mode 100644 index 0000000000..b183b20bc1 --- /dev/null +++ b/vendor/go.uber.org/zap/FAQ.md @@ -0,0 +1,164 @@ +# Frequently Asked Questions + +## Design + +### Why spend so much effort on logger performance? + +Of course, most applications won't notice the impact of a slow logger: they +already take tens or hundreds of milliseconds for each operation, so an extra +millisecond doesn't matter. + +On the other hand, why *not* make structured logging fast? The `SugaredLogger` +isn't any harder to use than other logging packages, and the `Logger` makes +structured logging possible in performance-sensitive contexts. Across a fleet +of Go microservices, making each application even slightly more efficient adds +up quickly. + +### Why aren't `Logger` and `SugaredLogger` interfaces? + +Unlike the familiar `io.Writer` and `http.Handler`, `Logger` and +`SugaredLogger` interfaces would include *many* methods. As [Rob Pike points +out][go-proverbs], "The bigger the interface, the weaker the abstraction." +Interfaces are also rigid — *any* change requires releasing a new major +version, since it breaks all third-party implementations. + +Making the `Logger` and `SugaredLogger` concrete types doesn't sacrifice much +abstraction, and it lets us add methods without introducing breaking changes. +Your applications should define and depend upon an interface that includes +just the methods you use. + +### Why are some of my logs missing? + +Logs are dropped intentionally by zap when sampling is enabled. The production +configuration (as returned by `NewProductionConfig()` enables sampling which will +cause repeated logs within a second to be sampled. See more details on why sampling +is enabled in [Why sample application logs](https://github.com/uber-go/zap/blob/master/FAQ.md#why-sample-application-logs). + +### Why sample application logs? + +Applications often experience runs of errors, either because of a bug or +because of a misbehaving user. Logging errors is usually a good idea, but it +can easily make this bad situation worse: not only is your application coping +with a flood of errors, it's also spending extra CPU cycles and I/O logging +those errors. Since writes are typically serialized, logging limits throughput +when you need it most. + +Sampling fixes this problem by dropping repetitive log entries. Under normal +conditions, your application writes out every entry. When similar entries are +logged hundreds or thousands of times each second, though, zap begins dropping +duplicates to preserve throughput. + +### Why do the structured logging APIs take a message in addition to fields? + +Subjectively, we find it helpful to accompany structured context with a brief +description. This isn't critical during development, but it makes debugging +and operating unfamiliar systems much easier. + +More concretely, zap's sampling algorithm uses the message to identify +duplicate entries. In our experience, this is a practical middle ground +between random sampling (which often drops the exact entry that you need while +debugging) and hashing the complete entry (which is prohibitively expensive). + +### Why include package-global loggers? + +Since so many other logging packages include a global logger, many +applications aren't designed to accept loggers as explicit parameters. +Changing function signatures is often a breaking change, so zap includes +global loggers to simplify migration. + +Avoid them where possible. + +### Why include dedicated Panic and Fatal log levels? + +In general, application code should handle errors gracefully instead of using +`panic` or `os.Exit`. However, every rule has exceptions, and it's common to +crash when an error is truly unrecoverable. To avoid losing any information +— especially the reason for the crash — the logger must flush any +buffered entries before the process exits. + +Zap makes this easy by offering `Panic` and `Fatal` logging methods that +automatically flush before exiting. Of course, this doesn't guarantee that +logs will never be lost, but it eliminates a common error. + +See the discussion in uber-go/zap#207 for more details. + +### What's `DPanic`? + +`DPanic` stands for "panic in development." In development, it logs at +`PanicLevel`; otherwise, it logs at `ErrorLevel`. `DPanic` makes it easier to +catch errors that are theoretically possible, but shouldn't actually happen, +*without* crashing in production. + +If you've ever written code like this, you need `DPanic`: + +```go +if err != nil { + panic(fmt.Sprintf("shouldn't ever get here: %v", err)) +} +``` + +## Installation + +### What does the error `expects import "go.uber.org/zap"` mean? + +Either zap was installed incorrectly or you're referencing the wrong package +name in your code. + +Zap's source code happens to be hosted on GitHub, but the [import +path][import-path] is `go.uber.org/zap`. This gives us, the project +maintainers, the freedom to move the source code if necessary. However, it +means that you need to take a little care when installing and using the +package. + +If you follow two simple rules, everything should work: install zap with `go +get -u go.uber.org/zap`, and always import it in your code with `import +"go.uber.org/zap"`. Your code shouldn't contain *any* references to +`github.com/uber-go/zap`. + +## Usage + +### Does zap support log rotation? + +Zap doesn't natively support rotating log files, since we prefer to leave this +to an external program like `logrotate`. + +However, it's easy to integrate a log rotation package like +[`gopkg.in/natefinch/lumberjack.v2`][lumberjack] as a `zapcore.WriteSyncer`. + +```go +// lumberjack.Logger is already safe for concurrent use, so we don't need to +// lock it. +w := zapcore.AddSync(&lumberjack.Logger{ + Filename: "/var/log/myapp/foo.log", + MaxSize: 500, // megabytes + MaxBackups: 3, + MaxAge: 28, // days +}) +core := zapcore.NewCore( + zapcore.NewJSONEncoder(zap.NewProductionEncoderConfig()), + w, + zap.InfoLevel, +) +logger := zap.New(core) +``` + +## Extensions + +We'd love to support every logging need within zap itself, but we're only +familiar with a handful of log ingestion systems, flag-parsing packages, and +the like. Rather than merging code that we can't effectively debug and +support, we'd rather grow an ecosystem of zap extensions. + +We're aware of the following extensions, but haven't used them ourselves: + +| Package | Integration | +| --- | --- | +| `github.com/tchap/zapext` | Sentry, syslog | +| `github.com/fgrosse/zaptest` | Ginkgo | +| `github.com/blendle/zapdriver` | Stackdriver | +| `github.com/moul/zapgorm` | Gorm | +| `github.com/moul/zapfilter` | Advanced filtering rules | + +[go-proverbs]: https://go-proverbs.github.io/ +[import-path]: https://golang.org/cmd/go/#hdr-Remote_import_paths +[lumberjack]: https://godoc.org/gopkg.in/natefinch/lumberjack.v2 diff --git a/vendor/go.uber.org/zap/LICENSE.txt b/vendor/go.uber.org/zap/LICENSE.txt new file mode 100644 index 0000000000..6652bed45f --- /dev/null +++ b/vendor/go.uber.org/zap/LICENSE.txt @@ -0,0 +1,19 @@ +Copyright (c) 2016-2017 Uber Technologies, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/vendor/go.uber.org/zap/Makefile b/vendor/go.uber.org/zap/Makefile new file mode 100644 index 0000000000..9b1bc3b0e1 --- /dev/null +++ b/vendor/go.uber.org/zap/Makefile @@ -0,0 +1,73 @@ +export GOBIN ?= $(shell pwd)/bin + +GOLINT = $(GOBIN)/golint +STATICCHECK = $(GOBIN)/staticcheck +BENCH_FLAGS ?= -cpuprofile=cpu.pprof -memprofile=mem.pprof -benchmem + +# Directories containing independent Go modules. +# +# We track coverage only for the main module. +MODULE_DIRS = . ./benchmarks ./zapgrpc/internal/test + +# Many Go tools take file globs or directories as arguments instead of packages. +GO_FILES := $(shell \ + find . '(' -path '*/.*' -o -path './vendor' ')' -prune \ + -o -name '*.go' -print | cut -b3-) + +.PHONY: all +all: lint test + +.PHONY: lint +lint: $(GOLINT) $(STATICCHECK) + @rm -rf lint.log + @echo "Checking formatting..." + @gofmt -d -s $(GO_FILES) 2>&1 | tee lint.log + @echo "Checking vet..." + @$(foreach dir,$(MODULE_DIRS),(cd $(dir) && go vet ./... 2>&1) &&) true | tee -a lint.log + @echo "Checking lint..." + @$(foreach dir,$(MODULE_DIRS),(cd $(dir) && $(GOLINT) ./... 2>&1) &&) true | tee -a lint.log + @echo "Checking staticcheck..." + @$(foreach dir,$(MODULE_DIRS),(cd $(dir) && $(STATICCHECK) ./... 2>&1) &&) true | tee -a lint.log + @echo "Checking for unresolved FIXMEs..." + @git grep -i fixme | grep -v -e Makefile | tee -a lint.log + @echo "Checking for license headers..." + @./checklicense.sh | tee -a lint.log + @[ ! -s lint.log ] + @echo "Checking 'go mod tidy'..." + @make tidy + @if ! git diff --quiet; then \ + echo "'go mod tidy' resulted in changes or working tree is dirty:"; \ + git --no-pager diff; \ + fi + +$(GOLINT): + cd tools && go install golang.org/x/lint/golint + +$(STATICCHECK): + cd tools && go install honnef.co/go/tools/cmd/staticcheck + +.PHONY: test +test: + @$(foreach dir,$(MODULE_DIRS),(cd $(dir) && go test -race ./...) &&) true + +.PHONY: cover +cover: + go test -race -coverprofile=cover.out -coverpkg=./... ./... + go tool cover -html=cover.out -o cover.html + +.PHONY: bench +BENCH ?= . +bench: + @$(foreach dir,$(MODULE_DIRS), ( \ + cd $(dir) && \ + go list ./... | xargs -n1 go test -bench=$(BENCH) -run="^$$" $(BENCH_FLAGS) \ + ) &&) true + +.PHONY: updatereadme +updatereadme: + rm -f README.md + cat .readme.tmpl | go run internal/readme/readme.go > README.md + +.PHONY: tidy +tidy: + @$(foreach dir,$(MODULE_DIRS),(cd $(dir) && go mod tidy) &&) true diff --git a/vendor/go.uber.org/zap/README.md b/vendor/go.uber.org/zap/README.md new file mode 100644 index 0000000000..a553a428c8 --- /dev/null +++ b/vendor/go.uber.org/zap/README.md @@ -0,0 +1,133 @@ +# :zap: zap [![GoDoc][doc-img]][doc] [![Build Status][ci-img]][ci] [![Coverage Status][cov-img]][cov] + +Blazing fast, structured, leveled logging in Go. + +## Installation + +`go get -u go.uber.org/zap` + +Note that zap only supports the two most recent minor versions of Go. + +## Quick Start + +In contexts where performance is nice, but not critical, use the +`SugaredLogger`. It's 4-10x faster than other structured logging +packages and includes both structured and `printf`-style APIs. + +```go +logger, _ := zap.NewProduction() +defer logger.Sync() // flushes buffer, if any +sugar := logger.Sugar() +sugar.Infow("failed to fetch URL", + // Structured context as loosely typed key-value pairs. + "url", url, + "attempt", 3, + "backoff", time.Second, +) +sugar.Infof("Failed to fetch URL: %s", url) +``` + +When performance and type safety are critical, use the `Logger`. It's even +faster than the `SugaredLogger` and allocates far less, but it only supports +structured logging. + +```go +logger, _ := zap.NewProduction() +defer logger.Sync() +logger.Info("failed to fetch URL", + // Structured context as strongly typed Field values. + zap.String("url", url), + zap.Int("attempt", 3), + zap.Duration("backoff", time.Second), +) +``` + +See the [documentation][doc] and [FAQ](FAQ.md) for more details. + +## Performance + +For applications that log in the hot path, reflection-based serialization and +string formatting are prohibitively expensive — they're CPU-intensive +and make many small allocations. Put differently, using `encoding/json` and +`fmt.Fprintf` to log tons of `interface{}`s makes your application slow. + +Zap takes a different approach. It includes a reflection-free, zero-allocation +JSON encoder, and the base `Logger` strives to avoid serialization overhead +and allocations wherever possible. By building the high-level `SugaredLogger` +on that foundation, zap lets users _choose_ when they need to count every +allocation and when they'd prefer a more familiar, loosely typed API. + +As measured by its own [benchmarking suite][], not only is zap more performant +than comparable structured logging packages — it's also faster than the +standard library. Like all benchmarks, take these with a grain of salt.[1](#footnote-versions) + +Log a message and 10 fields: + +| Package | Time | Time % to zap | Objects Allocated | +| :------------------ | :---------: | :-----------: | :---------------: | +| :zap: zap | 2900 ns/op | +0% | 5 allocs/op | +| :zap: zap (sugared) | 3475 ns/op | +20% | 10 allocs/op | +| zerolog | 10639 ns/op | +267% | 32 allocs/op | +| go-kit | 14434 ns/op | +398% | 59 allocs/op | +| logrus | 17104 ns/op | +490% | 81 allocs/op | +| apex/log | 32424 ns/op | +1018% | 66 allocs/op | +| log15 | 33579 ns/op | +1058% | 76 allocs/op | + +Log a message with a logger that already has 10 fields of context: + +| Package | Time | Time % to zap | Objects Allocated | +| :------------------ | :---------: | :-----------: | :---------------: | +| :zap: zap | 373 ns/op | +0% | 0 allocs/op | +| :zap: zap (sugared) | 452 ns/op | +21% | 1 allocs/op | +| zerolog | 288 ns/op | -23% | 0 allocs/op | +| go-kit | 11785 ns/op | +3060% | 58 allocs/op | +| logrus | 19629 ns/op | +5162% | 70 allocs/op | +| log15 | 21866 ns/op | +5762% | 72 allocs/op | +| apex/log | 30890 ns/op | +8182% | 55 allocs/op | + +Log a static string, without any context or `printf`-style templating: + +| Package | Time | Time % to zap | Objects Allocated | +| :------------------ | :--------: | :-----------: | :---------------: | +| :zap: zap | 381 ns/op | +0% | 0 allocs/op | +| :zap: zap (sugared) | 410 ns/op | +8% | 1 allocs/op | +| zerolog | 369 ns/op | -3% | 0 allocs/op | +| standard library | 385 ns/op | +1% | 2 allocs/op | +| go-kit | 606 ns/op | +59% | 11 allocs/op | +| logrus | 1730 ns/op | +354% | 25 allocs/op | +| apex/log | 1998 ns/op | +424% | 7 allocs/op | +| log15 | 4546 ns/op | +1093% | 22 allocs/op | + +## Development Status: Stable + +All APIs are finalized, and no breaking changes will be made in the 1.x series +of releases. Users of semver-aware dependency management systems should pin +zap to `^1`. + +## Contributing + +We encourage and support an active, healthy community of contributors — +including you! Details are in the [contribution guide](CONTRIBUTING.md) and +the [code of conduct](CODE_OF_CONDUCT.md). The zap maintainers keep an eye on +issues and pull requests, but you can also report any negative conduct to +oss-conduct@uber.com. That email list is a private, safe space; even the zap +maintainers don't have access, so don't hesitate to hold us to a high +standard. + +
      + +Released under the [MIT License](LICENSE.txt). + +1 In particular, keep in mind that we may be +benchmarking against slightly older versions of other packages. Versions are +pinned in the [benchmarks/go.mod][] file. [↩](#anchor-versions) + +[doc-img]: https://pkg.go.dev/badge/go.uber.org/zap +[doc]: https://pkg.go.dev/go.uber.org/zap +[ci-img]: https://github.com/uber-go/zap/actions/workflows/go.yml/badge.svg +[ci]: https://github.com/uber-go/zap/actions/workflows/go.yml +[cov-img]: https://codecov.io/gh/uber-go/zap/branch/master/graph/badge.svg +[cov]: https://codecov.io/gh/uber-go/zap +[benchmarking suite]: https://github.com/uber-go/zap/tree/master/benchmarks +[benchmarks/go.mod]: https://github.com/uber-go/zap/blob/master/benchmarks/go.mod diff --git a/vendor/go.uber.org/zap/array.go b/vendor/go.uber.org/zap/array.go new file mode 100644 index 0000000000..5be3704a3e --- /dev/null +++ b/vendor/go.uber.org/zap/array.go @@ -0,0 +1,320 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "time" + + "go.uber.org/zap/zapcore" +) + +// Array constructs a field with the given key and ArrayMarshaler. It provides +// a flexible, but still type-safe and efficient, way to add array-like types +// to the logging context. The struct's MarshalLogArray method is called lazily. +func Array(key string, val zapcore.ArrayMarshaler) Field { + return Field{Key: key, Type: zapcore.ArrayMarshalerType, Interface: val} +} + +// Bools constructs a field that carries a slice of bools. +func Bools(key string, bs []bool) Field { + return Array(key, bools(bs)) +} + +// ByteStrings constructs a field that carries a slice of []byte, each of which +// must be UTF-8 encoded text. +func ByteStrings(key string, bss [][]byte) Field { + return Array(key, byteStringsArray(bss)) +} + +// Complex128s constructs a field that carries a slice of complex numbers. +func Complex128s(key string, nums []complex128) Field { + return Array(key, complex128s(nums)) +} + +// Complex64s constructs a field that carries a slice of complex numbers. +func Complex64s(key string, nums []complex64) Field { + return Array(key, complex64s(nums)) +} + +// Durations constructs a field that carries a slice of time.Durations. +func Durations(key string, ds []time.Duration) Field { + return Array(key, durations(ds)) +} + +// Float64s constructs a field that carries a slice of floats. +func Float64s(key string, nums []float64) Field { + return Array(key, float64s(nums)) +} + +// Float32s constructs a field that carries a slice of floats. +func Float32s(key string, nums []float32) Field { + return Array(key, float32s(nums)) +} + +// Ints constructs a field that carries a slice of integers. +func Ints(key string, nums []int) Field { + return Array(key, ints(nums)) +} + +// Int64s constructs a field that carries a slice of integers. +func Int64s(key string, nums []int64) Field { + return Array(key, int64s(nums)) +} + +// Int32s constructs a field that carries a slice of integers. +func Int32s(key string, nums []int32) Field { + return Array(key, int32s(nums)) +} + +// Int16s constructs a field that carries a slice of integers. +func Int16s(key string, nums []int16) Field { + return Array(key, int16s(nums)) +} + +// Int8s constructs a field that carries a slice of integers. +func Int8s(key string, nums []int8) Field { + return Array(key, int8s(nums)) +} + +// Strings constructs a field that carries a slice of strings. +func Strings(key string, ss []string) Field { + return Array(key, stringArray(ss)) +} + +// Times constructs a field that carries a slice of time.Times. +func Times(key string, ts []time.Time) Field { + return Array(key, times(ts)) +} + +// Uints constructs a field that carries a slice of unsigned integers. +func Uints(key string, nums []uint) Field { + return Array(key, uints(nums)) +} + +// Uint64s constructs a field that carries a slice of unsigned integers. +func Uint64s(key string, nums []uint64) Field { + return Array(key, uint64s(nums)) +} + +// Uint32s constructs a field that carries a slice of unsigned integers. +func Uint32s(key string, nums []uint32) Field { + return Array(key, uint32s(nums)) +} + +// Uint16s constructs a field that carries a slice of unsigned integers. +func Uint16s(key string, nums []uint16) Field { + return Array(key, uint16s(nums)) +} + +// Uint8s constructs a field that carries a slice of unsigned integers. +func Uint8s(key string, nums []uint8) Field { + return Array(key, uint8s(nums)) +} + +// Uintptrs constructs a field that carries a slice of pointer addresses. +func Uintptrs(key string, us []uintptr) Field { + return Array(key, uintptrs(us)) +} + +// Errors constructs a field that carries a slice of errors. +func Errors(key string, errs []error) Field { + return Array(key, errArray(errs)) +} + +type bools []bool + +func (bs bools) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range bs { + arr.AppendBool(bs[i]) + } + return nil +} + +type byteStringsArray [][]byte + +func (bss byteStringsArray) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range bss { + arr.AppendByteString(bss[i]) + } + return nil +} + +type complex128s []complex128 + +func (nums complex128s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendComplex128(nums[i]) + } + return nil +} + +type complex64s []complex64 + +func (nums complex64s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendComplex64(nums[i]) + } + return nil +} + +type durations []time.Duration + +func (ds durations) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range ds { + arr.AppendDuration(ds[i]) + } + return nil +} + +type float64s []float64 + +func (nums float64s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendFloat64(nums[i]) + } + return nil +} + +type float32s []float32 + +func (nums float32s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendFloat32(nums[i]) + } + return nil +} + +type ints []int + +func (nums ints) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendInt(nums[i]) + } + return nil +} + +type int64s []int64 + +func (nums int64s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendInt64(nums[i]) + } + return nil +} + +type int32s []int32 + +func (nums int32s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendInt32(nums[i]) + } + return nil +} + +type int16s []int16 + +func (nums int16s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendInt16(nums[i]) + } + return nil +} + +type int8s []int8 + +func (nums int8s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendInt8(nums[i]) + } + return nil +} + +type stringArray []string + +func (ss stringArray) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range ss { + arr.AppendString(ss[i]) + } + return nil +} + +type times []time.Time + +func (ts times) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range ts { + arr.AppendTime(ts[i]) + } + return nil +} + +type uints []uint + +func (nums uints) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendUint(nums[i]) + } + return nil +} + +type uint64s []uint64 + +func (nums uint64s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendUint64(nums[i]) + } + return nil +} + +type uint32s []uint32 + +func (nums uint32s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendUint32(nums[i]) + } + return nil +} + +type uint16s []uint16 + +func (nums uint16s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendUint16(nums[i]) + } + return nil +} + +type uint8s []uint8 + +func (nums uint8s) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendUint8(nums[i]) + } + return nil +} + +type uintptrs []uintptr + +func (nums uintptrs) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range nums { + arr.AppendUintptr(nums[i]) + } + return nil +} diff --git a/vendor/go.uber.org/zap/array_go118.go b/vendor/go.uber.org/zap/array_go118.go new file mode 100644 index 0000000000..d0d2c49d69 --- /dev/null +++ b/vendor/go.uber.org/zap/array_go118.go @@ -0,0 +1,156 @@ +// Copyright (c) 2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +//go:build go1.18 +// +build go1.18 + +package zap + +import ( + "fmt" + + "go.uber.org/zap/zapcore" +) + +// Objects constructs a field with the given key, holding a list of the +// provided objects that can be marshaled by Zap. +// +// Note that these objects must implement zapcore.ObjectMarshaler directly. +// That is, if you're trying to marshal a []Request, the MarshalLogObject +// method must be declared on the Request type, not its pointer (*Request). +// If it's on the pointer, use ObjectValues. +// +// Given an object that implements MarshalLogObject on the value receiver, you +// can log a slice of those objects with Objects like so: +// +// type Author struct{ ... } +// func (a Author) MarshalLogObject(enc zapcore.ObjectEncoder) error +// +// var authors []Author = ... +// logger.Info("loading article", zap.Objects("authors", authors)) +// +// Similarly, given a type that implements MarshalLogObject on its pointer +// receiver, you can log a slice of pointers to that object with Objects like +// so: +// +// type Request struct{ ... } +// func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error +// +// var requests []*Request = ... +// logger.Info("sending requests", zap.Objects("requests", requests)) +// +// If instead, you have a slice of values of such an object, use the +// ObjectValues constructor. +// +// var requests []Request = ... +// logger.Info("sending requests", zap.ObjectValues("requests", requests)) +func Objects[T zapcore.ObjectMarshaler](key string, values []T) Field { + return Array(key, objects[T](values)) +} + +type objects[T zapcore.ObjectMarshaler] []T + +func (os objects[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for _, o := range os { + if err := arr.AppendObject(o); err != nil { + return err + } + } + return nil +} + +// ObjectMarshalerPtr is a constraint that specifies that the given type +// implements zapcore.ObjectMarshaler on a pointer receiver. +type ObjectMarshalerPtr[T any] interface { + *T + zapcore.ObjectMarshaler +} + +// ObjectValues constructs a field with the given key, holding a list of the +// provided objects, where pointers to these objects can be marshaled by Zap. +// +// Note that pointers to these objects must implement zapcore.ObjectMarshaler. +// That is, if you're trying to marshal a []Request, the MarshalLogObject +// method must be declared on the *Request type, not the value (Request). +// If it's on the value, use Objects. +// +// Given an object that implements MarshalLogObject on the pointer receiver, +// you can log a slice of those objects with ObjectValues like so: +// +// type Request struct{ ... } +// func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error +// +// var requests []Request = ... +// logger.Info("sending requests", zap.ObjectValues("requests", requests)) +// +// If instead, you have a slice of pointers of such an object, use the Objects +// field constructor. +// +// var requests []*Request = ... +// logger.Info("sending requests", zap.Objects("requests", requests)) +func ObjectValues[T any, P ObjectMarshalerPtr[T]](key string, values []T) Field { + return Array(key, objectValues[T, P](values)) +} + +type objectValues[T any, P ObjectMarshalerPtr[T]] []T + +func (os objectValues[T, P]) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range os { + // It is necessary for us to explicitly reference the "P" type. + // We cannot simply pass "&os[i]" to AppendObject because its type + // is "*T", which the type system does not consider as + // implementing ObjectMarshaler. + // Only the type "P" satisfies ObjectMarshaler, which we have + // to convert "*T" to explicitly. + var p P = &os[i] + if err := arr.AppendObject(p); err != nil { + return err + } + } + return nil +} + +// Stringers constructs a field with the given key, holding a list of the +// output provided by the value's String method +// +// Given an object that implements String on the value receiver, you +// can log a slice of those objects with Objects like so: +// +// type Request struct{ ... } +// func (a Request) String() string +// +// var requests []Request = ... +// logger.Info("sending requests", zap.Stringers("requests", requests)) +// +// Note that these objects must implement fmt.Stringer directly. +// That is, if you're trying to marshal a []Request, the String method +// must be declared on the Request type, not its pointer (*Request). +func Stringers[T fmt.Stringer](key string, values []T) Field { + return Array(key, stringers[T](values)) +} + +type stringers[T fmt.Stringer] []T + +func (os stringers[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for _, o := range os { + arr.AppendString(o.String()) + } + return nil +} diff --git a/vendor/go.uber.org/zap/buffer/buffer.go b/vendor/go.uber.org/zap/buffer/buffer.go new file mode 100644 index 0000000000..9e929cd98e --- /dev/null +++ b/vendor/go.uber.org/zap/buffer/buffer.go @@ -0,0 +1,141 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package buffer provides a thin wrapper around a byte slice. Unlike the +// standard library's bytes.Buffer, it supports a portion of the strconv +// package's zero-allocation formatters. +package buffer // import "go.uber.org/zap/buffer" + +import ( + "strconv" + "time" +) + +const _size = 1024 // by default, create 1 KiB buffers + +// Buffer is a thin wrapper around a byte slice. It's intended to be pooled, so +// the only way to construct one is via a Pool. +type Buffer struct { + bs []byte + pool Pool +} + +// AppendByte writes a single byte to the Buffer. +func (b *Buffer) AppendByte(v byte) { + b.bs = append(b.bs, v) +} + +// AppendString writes a string to the Buffer. +func (b *Buffer) AppendString(s string) { + b.bs = append(b.bs, s...) +} + +// AppendInt appends an integer to the underlying buffer (assuming base 10). +func (b *Buffer) AppendInt(i int64) { + b.bs = strconv.AppendInt(b.bs, i, 10) +} + +// AppendTime appends the time formatted using the specified layout. +func (b *Buffer) AppendTime(t time.Time, layout string) { + b.bs = t.AppendFormat(b.bs, layout) +} + +// AppendUint appends an unsigned integer to the underlying buffer (assuming +// base 10). +func (b *Buffer) AppendUint(i uint64) { + b.bs = strconv.AppendUint(b.bs, i, 10) +} + +// AppendBool appends a bool to the underlying buffer. +func (b *Buffer) AppendBool(v bool) { + b.bs = strconv.AppendBool(b.bs, v) +} + +// AppendFloat appends a float to the underlying buffer. It doesn't quote NaN +// or +/- Inf. +func (b *Buffer) AppendFloat(f float64, bitSize int) { + b.bs = strconv.AppendFloat(b.bs, f, 'f', -1, bitSize) +} + +// Len returns the length of the underlying byte slice. +func (b *Buffer) Len() int { + return len(b.bs) +} + +// Cap returns the capacity of the underlying byte slice. +func (b *Buffer) Cap() int { + return cap(b.bs) +} + +// Bytes returns a mutable reference to the underlying byte slice. +func (b *Buffer) Bytes() []byte { + return b.bs +} + +// String returns a string copy of the underlying byte slice. +func (b *Buffer) String() string { + return string(b.bs) +} + +// Reset resets the underlying byte slice. Subsequent writes re-use the slice's +// backing array. +func (b *Buffer) Reset() { + b.bs = b.bs[:0] +} + +// Write implements io.Writer. +func (b *Buffer) Write(bs []byte) (int, error) { + b.bs = append(b.bs, bs...) + return len(bs), nil +} + +// WriteByte writes a single byte to the Buffer. +// +// Error returned is always nil, function signature is compatible +// with bytes.Buffer and bufio.Writer +func (b *Buffer) WriteByte(v byte) error { + b.AppendByte(v) + return nil +} + +// WriteString writes a string to the Buffer. +// +// Error returned is always nil, function signature is compatible +// with bytes.Buffer and bufio.Writer +func (b *Buffer) WriteString(s string) (int, error) { + b.AppendString(s) + return len(s), nil +} + +// TrimNewline trims any final "\n" byte from the end of the buffer. +func (b *Buffer) TrimNewline() { + if i := len(b.bs) - 1; i >= 0 { + if b.bs[i] == '\n' { + b.bs = b.bs[:i] + } + } +} + +// Free returns the Buffer to its Pool. +// +// Callers must not retain references to the Buffer after calling Free. +func (b *Buffer) Free() { + b.pool.put(b) +} diff --git a/vendor/go.uber.org/zap/buffer/pool.go b/vendor/go.uber.org/zap/buffer/pool.go new file mode 100644 index 0000000000..8fb3e202cf --- /dev/null +++ b/vendor/go.uber.org/zap/buffer/pool.go @@ -0,0 +1,49 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package buffer + +import "sync" + +// A Pool is a type-safe wrapper around a sync.Pool. +type Pool struct { + p *sync.Pool +} + +// NewPool constructs a new Pool. +func NewPool() Pool { + return Pool{p: &sync.Pool{ + New: func() interface{} { + return &Buffer{bs: make([]byte, 0, _size)} + }, + }} +} + +// Get retrieves a Buffer from the pool, creating one if necessary. +func (p Pool) Get() *Buffer { + buf := p.p.Get().(*Buffer) + buf.Reset() + buf.pool = p + return buf +} + +func (p Pool) put(buf *Buffer) { + p.p.Put(buf) +} diff --git a/vendor/go.uber.org/zap/checklicense.sh b/vendor/go.uber.org/zap/checklicense.sh new file mode 100644 index 0000000000..345ac8b89a --- /dev/null +++ b/vendor/go.uber.org/zap/checklicense.sh @@ -0,0 +1,17 @@ +#!/bin/bash -e + +ERROR_COUNT=0 +while read -r file +do + case "$(head -1 "${file}")" in + *"Copyright (c) "*" Uber Technologies, Inc.") + # everything's cool + ;; + *) + echo "$file is missing license header." + (( ERROR_COUNT++ )) + ;; + esac +done < <(git ls-files "*\.go") + +exit $ERROR_COUNT diff --git a/vendor/go.uber.org/zap/config.go b/vendor/go.uber.org/zap/config.go new file mode 100644 index 0000000000..ee6096766a --- /dev/null +++ b/vendor/go.uber.org/zap/config.go @@ -0,0 +1,264 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "errors" + "sort" + "time" + + "go.uber.org/zap/zapcore" +) + +// SamplingConfig sets a sampling strategy for the logger. Sampling caps the +// global CPU and I/O load that logging puts on your process while attempting +// to preserve a representative subset of your logs. +// +// If specified, the Sampler will invoke the Hook after each decision. +// +// Values configured here are per-second. See zapcore.NewSamplerWithOptions for +// details. +type SamplingConfig struct { + Initial int `json:"initial" yaml:"initial"` + Thereafter int `json:"thereafter" yaml:"thereafter"` + Hook func(zapcore.Entry, zapcore.SamplingDecision) `json:"-" yaml:"-"` +} + +// Config offers a declarative way to construct a logger. It doesn't do +// anything that can't be done with New, Options, and the various +// zapcore.WriteSyncer and zapcore.Core wrappers, but it's a simpler way to +// toggle common options. +// +// Note that Config intentionally supports only the most common options. More +// unusual logging setups (logging to network connections or message queues, +// splitting output between multiple files, etc.) are possible, but require +// direct use of the zapcore package. For sample code, see the package-level +// BasicConfiguration and AdvancedConfiguration examples. +// +// For an example showing runtime log level changes, see the documentation for +// AtomicLevel. +type Config struct { + // Level is the minimum enabled logging level. Note that this is a dynamic + // level, so calling Config.Level.SetLevel will atomically change the log + // level of all loggers descended from this config. + Level AtomicLevel `json:"level" yaml:"level"` + // Development puts the logger in development mode, which changes the + // behavior of DPanicLevel and takes stacktraces more liberally. + Development bool `json:"development" yaml:"development"` + // DisableCaller stops annotating logs with the calling function's file + // name and line number. By default, all logs are annotated. + DisableCaller bool `json:"disableCaller" yaml:"disableCaller"` + // DisableStacktrace completely disables automatic stacktrace capturing. By + // default, stacktraces are captured for WarnLevel and above logs in + // development and ErrorLevel and above in production. + DisableStacktrace bool `json:"disableStacktrace" yaml:"disableStacktrace"` + // Sampling sets a sampling policy. A nil SamplingConfig disables sampling. + Sampling *SamplingConfig `json:"sampling" yaml:"sampling"` + // Encoding sets the logger's encoding. Valid values are "json" and + // "console", as well as any third-party encodings registered via + // RegisterEncoder. + Encoding string `json:"encoding" yaml:"encoding"` + // EncoderConfig sets options for the chosen encoder. See + // zapcore.EncoderConfig for details. + EncoderConfig zapcore.EncoderConfig `json:"encoderConfig" yaml:"encoderConfig"` + // OutputPaths is a list of URLs or file paths to write logging output to. + // See Open for details. + OutputPaths []string `json:"outputPaths" yaml:"outputPaths"` + // ErrorOutputPaths is a list of URLs to write internal logger errors to. + // The default is standard error. + // + // Note that this setting only affects internal errors; for sample code that + // sends error-level logs to a different location from info- and debug-level + // logs, see the package-level AdvancedConfiguration example. + ErrorOutputPaths []string `json:"errorOutputPaths" yaml:"errorOutputPaths"` + // InitialFields is a collection of fields to add to the root logger. + InitialFields map[string]interface{} `json:"initialFields" yaml:"initialFields"` +} + +// NewProductionEncoderConfig returns an opinionated EncoderConfig for +// production environments. +func NewProductionEncoderConfig() zapcore.EncoderConfig { + return zapcore.EncoderConfig{ + TimeKey: "ts", + LevelKey: "level", + NameKey: "logger", + CallerKey: "caller", + FunctionKey: zapcore.OmitKey, + MessageKey: "msg", + StacktraceKey: "stacktrace", + LineEnding: zapcore.DefaultLineEnding, + EncodeLevel: zapcore.LowercaseLevelEncoder, + EncodeTime: zapcore.EpochTimeEncoder, + EncodeDuration: zapcore.SecondsDurationEncoder, + EncodeCaller: zapcore.ShortCallerEncoder, + } +} + +// NewProductionConfig is a reasonable production logging configuration. +// Logging is enabled at InfoLevel and above. +// +// It uses a JSON encoder, writes to standard error, and enables sampling. +// Stacktraces are automatically included on logs of ErrorLevel and above. +func NewProductionConfig() Config { + return Config{ + Level: NewAtomicLevelAt(InfoLevel), + Development: false, + Sampling: &SamplingConfig{ + Initial: 100, + Thereafter: 100, + }, + Encoding: "json", + EncoderConfig: NewProductionEncoderConfig(), + OutputPaths: []string{"stderr"}, + ErrorOutputPaths: []string{"stderr"}, + } +} + +// NewDevelopmentEncoderConfig returns an opinionated EncoderConfig for +// development environments. +func NewDevelopmentEncoderConfig() zapcore.EncoderConfig { + return zapcore.EncoderConfig{ + // Keys can be anything except the empty string. + TimeKey: "T", + LevelKey: "L", + NameKey: "N", + CallerKey: "C", + FunctionKey: zapcore.OmitKey, + MessageKey: "M", + StacktraceKey: "S", + LineEnding: zapcore.DefaultLineEnding, + EncodeLevel: zapcore.CapitalLevelEncoder, + EncodeTime: zapcore.ISO8601TimeEncoder, + EncodeDuration: zapcore.StringDurationEncoder, + EncodeCaller: zapcore.ShortCallerEncoder, + } +} + +// NewDevelopmentConfig is a reasonable development logging configuration. +// Logging is enabled at DebugLevel and above. +// +// It enables development mode (which makes DPanicLevel logs panic), uses a +// console encoder, writes to standard error, and disables sampling. +// Stacktraces are automatically included on logs of WarnLevel and above. +func NewDevelopmentConfig() Config { + return Config{ + Level: NewAtomicLevelAt(DebugLevel), + Development: true, + Encoding: "console", + EncoderConfig: NewDevelopmentEncoderConfig(), + OutputPaths: []string{"stderr"}, + ErrorOutputPaths: []string{"stderr"}, + } +} + +// Build constructs a logger from the Config and Options. +func (cfg Config) Build(opts ...Option) (*Logger, error) { + enc, err := cfg.buildEncoder() + if err != nil { + return nil, err + } + + sink, errSink, err := cfg.openSinks() + if err != nil { + return nil, err + } + + if cfg.Level == (AtomicLevel{}) { + return nil, errors.New("missing Level") + } + + log := New( + zapcore.NewCore(enc, sink, cfg.Level), + cfg.buildOptions(errSink)..., + ) + if len(opts) > 0 { + log = log.WithOptions(opts...) + } + return log, nil +} + +func (cfg Config) buildOptions(errSink zapcore.WriteSyncer) []Option { + opts := []Option{ErrorOutput(errSink)} + + if cfg.Development { + opts = append(opts, Development()) + } + + if !cfg.DisableCaller { + opts = append(opts, AddCaller()) + } + + stackLevel := ErrorLevel + if cfg.Development { + stackLevel = WarnLevel + } + if !cfg.DisableStacktrace { + opts = append(opts, AddStacktrace(stackLevel)) + } + + if scfg := cfg.Sampling; scfg != nil { + opts = append(opts, WrapCore(func(core zapcore.Core) zapcore.Core { + var samplerOpts []zapcore.SamplerOption + if scfg.Hook != nil { + samplerOpts = append(samplerOpts, zapcore.SamplerHook(scfg.Hook)) + } + return zapcore.NewSamplerWithOptions( + core, + time.Second, + cfg.Sampling.Initial, + cfg.Sampling.Thereafter, + samplerOpts..., + ) + })) + } + + if len(cfg.InitialFields) > 0 { + fs := make([]Field, 0, len(cfg.InitialFields)) + keys := make([]string, 0, len(cfg.InitialFields)) + for k := range cfg.InitialFields { + keys = append(keys, k) + } + sort.Strings(keys) + for _, k := range keys { + fs = append(fs, Any(k, cfg.InitialFields[k])) + } + opts = append(opts, Fields(fs...)) + } + + return opts +} + +func (cfg Config) openSinks() (zapcore.WriteSyncer, zapcore.WriteSyncer, error) { + sink, closeOut, err := Open(cfg.OutputPaths...) + if err != nil { + return nil, nil, err + } + errSink, _, err := Open(cfg.ErrorOutputPaths...) + if err != nil { + closeOut() + return nil, nil, err + } + return sink, errSink, nil +} + +func (cfg Config) buildEncoder() (zapcore.Encoder, error) { + return newEncoder(cfg.Encoding, cfg.EncoderConfig) +} diff --git a/vendor/go.uber.org/zap/doc.go b/vendor/go.uber.org/zap/doc.go new file mode 100644 index 0000000000..3c50d7b4d3 --- /dev/null +++ b/vendor/go.uber.org/zap/doc.go @@ -0,0 +1,117 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package zap provides fast, structured, leveled logging. +// +// For applications that log in the hot path, reflection-based serialization +// and string formatting are prohibitively expensive - they're CPU-intensive +// and make many small allocations. Put differently, using json.Marshal and +// fmt.Fprintf to log tons of interface{} makes your application slow. +// +// Zap takes a different approach. It includes a reflection-free, +// zero-allocation JSON encoder, and the base Logger strives to avoid +// serialization overhead and allocations wherever possible. By building the +// high-level SugaredLogger on that foundation, zap lets users choose when +// they need to count every allocation and when they'd prefer a more familiar, +// loosely typed API. +// +// # Choosing a Logger +// +// In contexts where performance is nice, but not critical, use the +// SugaredLogger. It's 4-10x faster than other structured logging packages and +// supports both structured and printf-style logging. Like log15 and go-kit, +// the SugaredLogger's structured logging APIs are loosely typed and accept a +// variadic number of key-value pairs. (For more advanced use cases, they also +// accept strongly typed fields - see the SugaredLogger.With documentation for +// details.) +// +// sugar := zap.NewExample().Sugar() +// defer sugar.Sync() +// sugar.Infow("failed to fetch URL", +// "url", "http://example.com", +// "attempt", 3, +// "backoff", time.Second, +// ) +// sugar.Infof("failed to fetch URL: %s", "http://example.com") +// +// By default, loggers are unbuffered. However, since zap's low-level APIs +// allow buffering, calling Sync before letting your process exit is a good +// habit. +// +// In the rare contexts where every microsecond and every allocation matter, +// use the Logger. It's even faster than the SugaredLogger and allocates far +// less, but it only supports strongly-typed, structured logging. +// +// logger := zap.NewExample() +// defer logger.Sync() +// logger.Info("failed to fetch URL", +// zap.String("url", "http://example.com"), +// zap.Int("attempt", 3), +// zap.Duration("backoff", time.Second), +// ) +// +// Choosing between the Logger and SugaredLogger doesn't need to be an +// application-wide decision: converting between the two is simple and +// inexpensive. +// +// logger := zap.NewExample() +// defer logger.Sync() +// sugar := logger.Sugar() +// plain := sugar.Desugar() +// +// # Configuring Zap +// +// The simplest way to build a Logger is to use zap's opinionated presets: +// NewExample, NewProduction, and NewDevelopment. These presets build a logger +// with a single function call: +// +// logger, err := zap.NewProduction() +// if err != nil { +// log.Fatalf("can't initialize zap logger: %v", err) +// } +// defer logger.Sync() +// +// Presets are fine for small projects, but larger projects and organizations +// naturally require a bit more customization. For most users, zap's Config +// struct strikes the right balance between flexibility and convenience. See +// the package-level BasicConfiguration example for sample code. +// +// More unusual configurations (splitting output between files, sending logs +// to a message queue, etc.) are possible, but require direct use of +// go.uber.org/zap/zapcore. See the package-level AdvancedConfiguration +// example for sample code. +// +// # Extending Zap +// +// The zap package itself is a relatively thin wrapper around the interfaces +// in go.uber.org/zap/zapcore. Extending zap to support a new encoding (e.g., +// BSON), a new log sink (e.g., Kafka), or something more exotic (perhaps an +// exception aggregation service, like Sentry or Rollbar) typically requires +// implementing the zapcore.Encoder, zapcore.WriteSyncer, or zapcore.Core +// interfaces. See the zapcore documentation for details. +// +// Similarly, package authors can use the high-performance Encoder and Core +// implementations in the zapcore package to build their own loggers. +// +// # Frequently Asked Questions +// +// An FAQ covering everything from installation errors to design decisions is +// available at https://github.com/uber-go/zap/blob/master/FAQ.md. +package zap // import "go.uber.org/zap" diff --git a/vendor/go.uber.org/zap/encoder.go b/vendor/go.uber.org/zap/encoder.go new file mode 100644 index 0000000000..caa04ceefd --- /dev/null +++ b/vendor/go.uber.org/zap/encoder.go @@ -0,0 +1,79 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "errors" + "fmt" + "sync" + + "go.uber.org/zap/zapcore" +) + +var ( + errNoEncoderNameSpecified = errors.New("no encoder name specified") + + _encoderNameToConstructor = map[string]func(zapcore.EncoderConfig) (zapcore.Encoder, error){ + "console": func(encoderConfig zapcore.EncoderConfig) (zapcore.Encoder, error) { + return zapcore.NewConsoleEncoder(encoderConfig), nil + }, + "json": func(encoderConfig zapcore.EncoderConfig) (zapcore.Encoder, error) { + return zapcore.NewJSONEncoder(encoderConfig), nil + }, + } + _encoderMutex sync.RWMutex +) + +// RegisterEncoder registers an encoder constructor, which the Config struct +// can then reference. By default, the "json" and "console" encoders are +// registered. +// +// Attempting to register an encoder whose name is already taken returns an +// error. +func RegisterEncoder(name string, constructor func(zapcore.EncoderConfig) (zapcore.Encoder, error)) error { + _encoderMutex.Lock() + defer _encoderMutex.Unlock() + if name == "" { + return errNoEncoderNameSpecified + } + if _, ok := _encoderNameToConstructor[name]; ok { + return fmt.Errorf("encoder already registered for name %q", name) + } + _encoderNameToConstructor[name] = constructor + return nil +} + +func newEncoder(name string, encoderConfig zapcore.EncoderConfig) (zapcore.Encoder, error) { + if encoderConfig.TimeKey != "" && encoderConfig.EncodeTime == nil { + return nil, errors.New("missing EncodeTime in EncoderConfig") + } + + _encoderMutex.RLock() + defer _encoderMutex.RUnlock() + if name == "" { + return nil, errNoEncoderNameSpecified + } + constructor, ok := _encoderNameToConstructor[name] + if !ok { + return nil, fmt.Errorf("no encoder registered for name %q", name) + } + return constructor(encoderConfig) +} diff --git a/vendor/go.uber.org/zap/error.go b/vendor/go.uber.org/zap/error.go new file mode 100644 index 0000000000..65982a51e5 --- /dev/null +++ b/vendor/go.uber.org/zap/error.go @@ -0,0 +1,80 @@ +// Copyright (c) 2017 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "sync" + + "go.uber.org/zap/zapcore" +) + +var _errArrayElemPool = sync.Pool{New: func() interface{} { + return &errArrayElem{} +}} + +// Error is shorthand for the common idiom NamedError("error", err). +func Error(err error) Field { + return NamedError("error", err) +} + +// NamedError constructs a field that lazily stores err.Error() under the +// provided key. Errors which also implement fmt.Formatter (like those produced +// by github.com/pkg/errors) will also have their verbose representation stored +// under key+"Verbose". If passed a nil error, the field is a no-op. +// +// For the common case in which the key is simply "error", the Error function +// is shorter and less repetitive. +func NamedError(key string, err error) Field { + if err == nil { + return Skip() + } + return Field{Key: key, Type: zapcore.ErrorType, Interface: err} +} + +type errArray []error + +func (errs errArray) MarshalLogArray(arr zapcore.ArrayEncoder) error { + for i := range errs { + if errs[i] == nil { + continue + } + // To represent each error as an object with an "error" attribute and + // potentially an "errorVerbose" attribute, we need to wrap it in a + // type that implements LogObjectMarshaler. To prevent this from + // allocating, pool the wrapper type. + elem := _errArrayElemPool.Get().(*errArrayElem) + elem.error = errs[i] + arr.AppendObject(elem) + elem.error = nil + _errArrayElemPool.Put(elem) + } + return nil +} + +type errArrayElem struct { + error +} + +func (e *errArrayElem) MarshalLogObject(enc zapcore.ObjectEncoder) error { + // Re-use the error field's logic, which supports non-standard error types. + Error(e.error).AddTo(enc) + return nil +} diff --git a/vendor/go.uber.org/zap/field.go b/vendor/go.uber.org/zap/field.go new file mode 100644 index 0000000000..bbb745db5b --- /dev/null +++ b/vendor/go.uber.org/zap/field.go @@ -0,0 +1,549 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "fmt" + "math" + "time" + + "go.uber.org/zap/zapcore" +) + +// Field is an alias for Field. Aliasing this type dramatically +// improves the navigability of this package's API documentation. +type Field = zapcore.Field + +var ( + _minTimeInt64 = time.Unix(0, math.MinInt64) + _maxTimeInt64 = time.Unix(0, math.MaxInt64) +) + +// Skip constructs a no-op field, which is often useful when handling invalid +// inputs in other Field constructors. +func Skip() Field { + return Field{Type: zapcore.SkipType} +} + +// nilField returns a field which will marshal explicitly as nil. See motivation +// in https://github.com/uber-go/zap/issues/753 . If we ever make breaking +// changes and add zapcore.NilType and zapcore.ObjectEncoder.AddNil, the +// implementation here should be changed to reflect that. +func nilField(key string) Field { return Reflect(key, nil) } + +// Binary constructs a field that carries an opaque binary blob. +// +// Binary data is serialized in an encoding-appropriate format. For example, +// zap's JSON encoder base64-encodes binary blobs. To log UTF-8 encoded text, +// use ByteString. +func Binary(key string, val []byte) Field { + return Field{Key: key, Type: zapcore.BinaryType, Interface: val} +} + +// Bool constructs a field that carries a bool. +func Bool(key string, val bool) Field { + var ival int64 + if val { + ival = 1 + } + return Field{Key: key, Type: zapcore.BoolType, Integer: ival} +} + +// Boolp constructs a field that carries a *bool. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Boolp(key string, val *bool) Field { + if val == nil { + return nilField(key) + } + return Bool(key, *val) +} + +// ByteString constructs a field that carries UTF-8 encoded text as a []byte. +// To log opaque binary blobs (which aren't necessarily valid UTF-8), use +// Binary. +func ByteString(key string, val []byte) Field { + return Field{Key: key, Type: zapcore.ByteStringType, Interface: val} +} + +// Complex128 constructs a field that carries a complex number. Unlike most +// numeric fields, this costs an allocation (to convert the complex128 to +// interface{}). +func Complex128(key string, val complex128) Field { + return Field{Key: key, Type: zapcore.Complex128Type, Interface: val} +} + +// Complex128p constructs a field that carries a *complex128. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Complex128p(key string, val *complex128) Field { + if val == nil { + return nilField(key) + } + return Complex128(key, *val) +} + +// Complex64 constructs a field that carries a complex number. Unlike most +// numeric fields, this costs an allocation (to convert the complex64 to +// interface{}). +func Complex64(key string, val complex64) Field { + return Field{Key: key, Type: zapcore.Complex64Type, Interface: val} +} + +// Complex64p constructs a field that carries a *complex64. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Complex64p(key string, val *complex64) Field { + if val == nil { + return nilField(key) + } + return Complex64(key, *val) +} + +// Float64 constructs a field that carries a float64. The way the +// floating-point value is represented is encoder-dependent, so marshaling is +// necessarily lazy. +func Float64(key string, val float64) Field { + return Field{Key: key, Type: zapcore.Float64Type, Integer: int64(math.Float64bits(val))} +} + +// Float64p constructs a field that carries a *float64. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Float64p(key string, val *float64) Field { + if val == nil { + return nilField(key) + } + return Float64(key, *val) +} + +// Float32 constructs a field that carries a float32. The way the +// floating-point value is represented is encoder-dependent, so marshaling is +// necessarily lazy. +func Float32(key string, val float32) Field { + return Field{Key: key, Type: zapcore.Float32Type, Integer: int64(math.Float32bits(val))} +} + +// Float32p constructs a field that carries a *float32. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Float32p(key string, val *float32) Field { + if val == nil { + return nilField(key) + } + return Float32(key, *val) +} + +// Int constructs a field with the given key and value. +func Int(key string, val int) Field { + return Int64(key, int64(val)) +} + +// Intp constructs a field that carries a *int. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Intp(key string, val *int) Field { + if val == nil { + return nilField(key) + } + return Int(key, *val) +} + +// Int64 constructs a field with the given key and value. +func Int64(key string, val int64) Field { + return Field{Key: key, Type: zapcore.Int64Type, Integer: val} +} + +// Int64p constructs a field that carries a *int64. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Int64p(key string, val *int64) Field { + if val == nil { + return nilField(key) + } + return Int64(key, *val) +} + +// Int32 constructs a field with the given key and value. +func Int32(key string, val int32) Field { + return Field{Key: key, Type: zapcore.Int32Type, Integer: int64(val)} +} + +// Int32p constructs a field that carries a *int32. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Int32p(key string, val *int32) Field { + if val == nil { + return nilField(key) + } + return Int32(key, *val) +} + +// Int16 constructs a field with the given key and value. +func Int16(key string, val int16) Field { + return Field{Key: key, Type: zapcore.Int16Type, Integer: int64(val)} +} + +// Int16p constructs a field that carries a *int16. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Int16p(key string, val *int16) Field { + if val == nil { + return nilField(key) + } + return Int16(key, *val) +} + +// Int8 constructs a field with the given key and value. +func Int8(key string, val int8) Field { + return Field{Key: key, Type: zapcore.Int8Type, Integer: int64(val)} +} + +// Int8p constructs a field that carries a *int8. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Int8p(key string, val *int8) Field { + if val == nil { + return nilField(key) + } + return Int8(key, *val) +} + +// String constructs a field with the given key and value. +func String(key string, val string) Field { + return Field{Key: key, Type: zapcore.StringType, String: val} +} + +// Stringp constructs a field that carries a *string. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Stringp(key string, val *string) Field { + if val == nil { + return nilField(key) + } + return String(key, *val) +} + +// Uint constructs a field with the given key and value. +func Uint(key string, val uint) Field { + return Uint64(key, uint64(val)) +} + +// Uintp constructs a field that carries a *uint. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Uintp(key string, val *uint) Field { + if val == nil { + return nilField(key) + } + return Uint(key, *val) +} + +// Uint64 constructs a field with the given key and value. +func Uint64(key string, val uint64) Field { + return Field{Key: key, Type: zapcore.Uint64Type, Integer: int64(val)} +} + +// Uint64p constructs a field that carries a *uint64. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Uint64p(key string, val *uint64) Field { + if val == nil { + return nilField(key) + } + return Uint64(key, *val) +} + +// Uint32 constructs a field with the given key and value. +func Uint32(key string, val uint32) Field { + return Field{Key: key, Type: zapcore.Uint32Type, Integer: int64(val)} +} + +// Uint32p constructs a field that carries a *uint32. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Uint32p(key string, val *uint32) Field { + if val == nil { + return nilField(key) + } + return Uint32(key, *val) +} + +// Uint16 constructs a field with the given key and value. +func Uint16(key string, val uint16) Field { + return Field{Key: key, Type: zapcore.Uint16Type, Integer: int64(val)} +} + +// Uint16p constructs a field that carries a *uint16. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Uint16p(key string, val *uint16) Field { + if val == nil { + return nilField(key) + } + return Uint16(key, *val) +} + +// Uint8 constructs a field with the given key and value. +func Uint8(key string, val uint8) Field { + return Field{Key: key, Type: zapcore.Uint8Type, Integer: int64(val)} +} + +// Uint8p constructs a field that carries a *uint8. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Uint8p(key string, val *uint8) Field { + if val == nil { + return nilField(key) + } + return Uint8(key, *val) +} + +// Uintptr constructs a field with the given key and value. +func Uintptr(key string, val uintptr) Field { + return Field{Key: key, Type: zapcore.UintptrType, Integer: int64(val)} +} + +// Uintptrp constructs a field that carries a *uintptr. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Uintptrp(key string, val *uintptr) Field { + if val == nil { + return nilField(key) + } + return Uintptr(key, *val) +} + +// Reflect constructs a field with the given key and an arbitrary object. It uses +// an encoding-appropriate, reflection-based function to lazily serialize nearly +// any object into the logging context, but it's relatively slow and +// allocation-heavy. Outside tests, Any is always a better choice. +// +// If encoding fails (e.g., trying to serialize a map[int]string to JSON), Reflect +// includes the error message in the final log output. +func Reflect(key string, val interface{}) Field { + return Field{Key: key, Type: zapcore.ReflectType, Interface: val} +} + +// Namespace creates a named, isolated scope within the logger's context. All +// subsequent fields will be added to the new namespace. +// +// This helps prevent key collisions when injecting loggers into sub-components +// or third-party libraries. +func Namespace(key string) Field { + return Field{Key: key, Type: zapcore.NamespaceType} +} + +// Stringer constructs a field with the given key and the output of the value's +// String method. The Stringer's String method is called lazily. +func Stringer(key string, val fmt.Stringer) Field { + return Field{Key: key, Type: zapcore.StringerType, Interface: val} +} + +// Time constructs a Field with the given key and value. The encoder +// controls how the time is serialized. +func Time(key string, val time.Time) Field { + if val.Before(_minTimeInt64) || val.After(_maxTimeInt64) { + return Field{Key: key, Type: zapcore.TimeFullType, Interface: val} + } + return Field{Key: key, Type: zapcore.TimeType, Integer: val.UnixNano(), Interface: val.Location()} +} + +// Timep constructs a field that carries a *time.Time. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Timep(key string, val *time.Time) Field { + if val == nil { + return nilField(key) + } + return Time(key, *val) +} + +// Stack constructs a field that stores a stacktrace of the current goroutine +// under provided key. Keep in mind that taking a stacktrace is eager and +// expensive (relatively speaking); this function both makes an allocation and +// takes about two microseconds. +func Stack(key string) Field { + return StackSkip(key, 1) // skip Stack +} + +// StackSkip constructs a field similarly to Stack, but also skips the given +// number of frames from the top of the stacktrace. +func StackSkip(key string, skip int) Field { + // Returning the stacktrace as a string costs an allocation, but saves us + // from expanding the zapcore.Field union struct to include a byte slice. Since + // taking a stacktrace is already so expensive (~10us), the extra allocation + // is okay. + return String(key, takeStacktrace(skip+1)) // skip StackSkip +} + +// Duration constructs a field with the given key and value. The encoder +// controls how the duration is serialized. +func Duration(key string, val time.Duration) Field { + return Field{Key: key, Type: zapcore.DurationType, Integer: int64(val)} +} + +// Durationp constructs a field that carries a *time.Duration. The returned Field will safely +// and explicitly represent `nil` when appropriate. +func Durationp(key string, val *time.Duration) Field { + if val == nil { + return nilField(key) + } + return Duration(key, *val) +} + +// Object constructs a field with the given key and ObjectMarshaler. It +// provides a flexible, but still type-safe and efficient, way to add map- or +// struct-like user-defined types to the logging context. The struct's +// MarshalLogObject method is called lazily. +func Object(key string, val zapcore.ObjectMarshaler) Field { + return Field{Key: key, Type: zapcore.ObjectMarshalerType, Interface: val} +} + +// Inline constructs a Field that is similar to Object, but it +// will add the elements of the provided ObjectMarshaler to the +// current namespace. +func Inline(val zapcore.ObjectMarshaler) Field { + return zapcore.Field{ + Type: zapcore.InlineMarshalerType, + Interface: val, + } +} + +// Any takes a key and an arbitrary value and chooses the best way to represent +// them as a field, falling back to a reflection-based approach only if +// necessary. +// +// Since byte/uint8 and rune/int32 are aliases, Any can't differentiate between +// them. To minimize surprises, []byte values are treated as binary blobs, byte +// values are treated as uint8, and runes are always treated as integers. +func Any(key string, value interface{}) Field { + switch val := value.(type) { + case zapcore.ObjectMarshaler: + return Object(key, val) + case zapcore.ArrayMarshaler: + return Array(key, val) + case bool: + return Bool(key, val) + case *bool: + return Boolp(key, val) + case []bool: + return Bools(key, val) + case complex128: + return Complex128(key, val) + case *complex128: + return Complex128p(key, val) + case []complex128: + return Complex128s(key, val) + case complex64: + return Complex64(key, val) + case *complex64: + return Complex64p(key, val) + case []complex64: + return Complex64s(key, val) + case float64: + return Float64(key, val) + case *float64: + return Float64p(key, val) + case []float64: + return Float64s(key, val) + case float32: + return Float32(key, val) + case *float32: + return Float32p(key, val) + case []float32: + return Float32s(key, val) + case int: + return Int(key, val) + case *int: + return Intp(key, val) + case []int: + return Ints(key, val) + case int64: + return Int64(key, val) + case *int64: + return Int64p(key, val) + case []int64: + return Int64s(key, val) + case int32: + return Int32(key, val) + case *int32: + return Int32p(key, val) + case []int32: + return Int32s(key, val) + case int16: + return Int16(key, val) + case *int16: + return Int16p(key, val) + case []int16: + return Int16s(key, val) + case int8: + return Int8(key, val) + case *int8: + return Int8p(key, val) + case []int8: + return Int8s(key, val) + case string: + return String(key, val) + case *string: + return Stringp(key, val) + case []string: + return Strings(key, val) + case uint: + return Uint(key, val) + case *uint: + return Uintp(key, val) + case []uint: + return Uints(key, val) + case uint64: + return Uint64(key, val) + case *uint64: + return Uint64p(key, val) + case []uint64: + return Uint64s(key, val) + case uint32: + return Uint32(key, val) + case *uint32: + return Uint32p(key, val) + case []uint32: + return Uint32s(key, val) + case uint16: + return Uint16(key, val) + case *uint16: + return Uint16p(key, val) + case []uint16: + return Uint16s(key, val) + case uint8: + return Uint8(key, val) + case *uint8: + return Uint8p(key, val) + case []byte: + return Binary(key, val) + case uintptr: + return Uintptr(key, val) + case *uintptr: + return Uintptrp(key, val) + case []uintptr: + return Uintptrs(key, val) + case time.Time: + return Time(key, val) + case *time.Time: + return Timep(key, val) + case []time.Time: + return Times(key, val) + case time.Duration: + return Duration(key, val) + case *time.Duration: + return Durationp(key, val) + case []time.Duration: + return Durations(key, val) + case error: + return NamedError(key, val) + case []error: + return Errors(key, val) + case fmt.Stringer: + return Stringer(key, val) + default: + return Reflect(key, val) + } +} diff --git a/vendor/go.uber.org/zap/flag.go b/vendor/go.uber.org/zap/flag.go new file mode 100644 index 0000000000..1312875072 --- /dev/null +++ b/vendor/go.uber.org/zap/flag.go @@ -0,0 +1,39 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "flag" + + "go.uber.org/zap/zapcore" +) + +// LevelFlag uses the standard library's flag.Var to declare a global flag +// with the specified name, default, and usage guidance. The returned value is +// a pointer to the value of the flag. +// +// If you don't want to use the flag package's global state, you can use any +// non-nil *Level as a flag.Value with your own *flag.FlagSet. +func LevelFlag(name string, defaultLevel zapcore.Level, usage string) *zapcore.Level { + lvl := defaultLevel + flag.Var(&lvl, name, usage) + return &lvl +} diff --git a/vendor/go.uber.org/zap/glide.yaml b/vendor/go.uber.org/zap/glide.yaml new file mode 100644 index 0000000000..8e1d05e9ab --- /dev/null +++ b/vendor/go.uber.org/zap/glide.yaml @@ -0,0 +1,34 @@ +package: go.uber.org/zap +license: MIT +import: +- package: go.uber.org/atomic + version: ^1 +- package: go.uber.org/multierr + version: ^1 +testImport: +- package: github.com/satori/go.uuid +- package: github.com/sirupsen/logrus +- package: github.com/apex/log + subpackages: + - handlers/json +- package: github.com/go-kit/kit + subpackages: + - log +- package: github.com/stretchr/testify + subpackages: + - assert + - require +- package: gopkg.in/inconshreveable/log15.v2 +- package: github.com/mattn/goveralls +- package: github.com/pborman/uuid +- package: github.com/pkg/errors +- package: github.com/rs/zerolog +- package: golang.org/x/tools + subpackages: + - cover +- package: golang.org/x/lint + subpackages: + - golint +- package: github.com/axw/gocov + subpackages: + - gocov diff --git a/vendor/go.uber.org/zap/global.go b/vendor/go.uber.org/zap/global.go new file mode 100644 index 0000000000..3cb46c9e0a --- /dev/null +++ b/vendor/go.uber.org/zap/global.go @@ -0,0 +1,169 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "bytes" + "fmt" + "log" + "os" + "sync" + + "go.uber.org/zap/zapcore" +) + +const ( + _stdLogDefaultDepth = 1 + _loggerWriterDepth = 2 + _programmerErrorTemplate = "You've found a bug in zap! Please file a bug at " + + "https://github.com/uber-go/zap/issues/new and reference this error: %v" +) + +var ( + _globalMu sync.RWMutex + _globalL = NewNop() + _globalS = _globalL.Sugar() +) + +// L returns the global Logger, which can be reconfigured with ReplaceGlobals. +// It's safe for concurrent use. +func L() *Logger { + _globalMu.RLock() + l := _globalL + _globalMu.RUnlock() + return l +} + +// S returns the global SugaredLogger, which can be reconfigured with +// ReplaceGlobals. It's safe for concurrent use. +func S() *SugaredLogger { + _globalMu.RLock() + s := _globalS + _globalMu.RUnlock() + return s +} + +// ReplaceGlobals replaces the global Logger and SugaredLogger, and returns a +// function to restore the original values. It's safe for concurrent use. +func ReplaceGlobals(logger *Logger) func() { + _globalMu.Lock() + prev := _globalL + _globalL = logger + _globalS = logger.Sugar() + _globalMu.Unlock() + return func() { ReplaceGlobals(prev) } +} + +// NewStdLog returns a *log.Logger which writes to the supplied zap Logger at +// InfoLevel. To redirect the standard library's package-global logging +// functions, use RedirectStdLog instead. +func NewStdLog(l *Logger) *log.Logger { + logger := l.WithOptions(AddCallerSkip(_stdLogDefaultDepth + _loggerWriterDepth)) + f := logger.Info + return log.New(&loggerWriter{f}, "" /* prefix */, 0 /* flags */) +} + +// NewStdLogAt returns *log.Logger which writes to supplied zap logger at +// required level. +func NewStdLogAt(l *Logger, level zapcore.Level) (*log.Logger, error) { + logger := l.WithOptions(AddCallerSkip(_stdLogDefaultDepth + _loggerWriterDepth)) + logFunc, err := levelToFunc(logger, level) + if err != nil { + return nil, err + } + return log.New(&loggerWriter{logFunc}, "" /* prefix */, 0 /* flags */), nil +} + +// RedirectStdLog redirects output from the standard library's package-global +// logger to the supplied logger at InfoLevel. Since zap already handles caller +// annotations, timestamps, etc., it automatically disables the standard +// library's annotations and prefixing. +// +// It returns a function to restore the original prefix and flags and reset the +// standard library's output to os.Stderr. +func RedirectStdLog(l *Logger) func() { + f, err := redirectStdLogAt(l, InfoLevel) + if err != nil { + // Can't get here, since passing InfoLevel to redirectStdLogAt always + // works. + panic(fmt.Sprintf(_programmerErrorTemplate, err)) + } + return f +} + +// RedirectStdLogAt redirects output from the standard library's package-global +// logger to the supplied logger at the specified level. Since zap already +// handles caller annotations, timestamps, etc., it automatically disables the +// standard library's annotations and prefixing. +// +// It returns a function to restore the original prefix and flags and reset the +// standard library's output to os.Stderr. +func RedirectStdLogAt(l *Logger, level zapcore.Level) (func(), error) { + return redirectStdLogAt(l, level) +} + +func redirectStdLogAt(l *Logger, level zapcore.Level) (func(), error) { + flags := log.Flags() + prefix := log.Prefix() + log.SetFlags(0) + log.SetPrefix("") + logger := l.WithOptions(AddCallerSkip(_stdLogDefaultDepth + _loggerWriterDepth)) + logFunc, err := levelToFunc(logger, level) + if err != nil { + return nil, err + } + log.SetOutput(&loggerWriter{logFunc}) + return func() { + log.SetFlags(flags) + log.SetPrefix(prefix) + log.SetOutput(os.Stderr) + }, nil +} + +func levelToFunc(logger *Logger, lvl zapcore.Level) (func(string, ...Field), error) { + switch lvl { + case DebugLevel: + return logger.Debug, nil + case InfoLevel: + return logger.Info, nil + case WarnLevel: + return logger.Warn, nil + case ErrorLevel: + return logger.Error, nil + case DPanicLevel: + return logger.DPanic, nil + case PanicLevel: + return logger.Panic, nil + case FatalLevel: + return logger.Fatal, nil + } + return nil, fmt.Errorf("unrecognized level: %q", lvl) +} + +type loggerWriter struct { + logFunc func(msg string, fields ...Field) +} + +func (l *loggerWriter) Write(p []byte) (int, error) { + p = bytes.TrimSpace(p) + l.logFunc(string(p)) + return len(p), nil +} diff --git a/vendor/go.uber.org/zap/http_handler.go b/vendor/go.uber.org/zap/http_handler.go new file mode 100644 index 0000000000..632b6831a8 --- /dev/null +++ b/vendor/go.uber.org/zap/http_handler.go @@ -0,0 +1,133 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + + "go.uber.org/zap/zapcore" +) + +// ServeHTTP is a simple JSON endpoint that can report on or change the current +// logging level. +// +// # GET +// +// The GET request returns a JSON description of the current logging level like: +// +// {"level":"info"} +// +// # PUT +// +// The PUT request changes the logging level. It is perfectly safe to change the +// logging level while a program is running. Two content types are supported: +// +// Content-Type: application/x-www-form-urlencoded +// +// With this content type, the level can be provided through the request body or +// a query parameter. The log level is URL encoded like: +// +// level=debug +// +// The request body takes precedence over the query parameter, if both are +// specified. +// +// This content type is the default for a curl PUT request. Following are two +// example curl requests that both set the logging level to debug. +// +// curl -X PUT localhost:8080/log/level?level=debug +// curl -X PUT localhost:8080/log/level -d level=debug +// +// For any other content type, the payload is expected to be JSON encoded and +// look like: +// +// {"level":"info"} +// +// An example curl request could look like this: +// +// curl -X PUT localhost:8080/log/level -H "Content-Type: application/json" -d '{"level":"debug"}' +func (lvl AtomicLevel) ServeHTTP(w http.ResponseWriter, r *http.Request) { + type errorResponse struct { + Error string `json:"error"` + } + type payload struct { + Level zapcore.Level `json:"level"` + } + + enc := json.NewEncoder(w) + + switch r.Method { + case http.MethodGet: + enc.Encode(payload{Level: lvl.Level()}) + case http.MethodPut: + requestedLvl, err := decodePutRequest(r.Header.Get("Content-Type"), r) + if err != nil { + w.WriteHeader(http.StatusBadRequest) + enc.Encode(errorResponse{Error: err.Error()}) + return + } + lvl.SetLevel(requestedLvl) + enc.Encode(payload{Level: lvl.Level()}) + default: + w.WriteHeader(http.StatusMethodNotAllowed) + enc.Encode(errorResponse{ + Error: "Only GET and PUT are supported.", + }) + } +} + +// Decodes incoming PUT requests and returns the requested logging level. +func decodePutRequest(contentType string, r *http.Request) (zapcore.Level, error) { + if contentType == "application/x-www-form-urlencoded" { + return decodePutURL(r) + } + return decodePutJSON(r.Body) +} + +func decodePutURL(r *http.Request) (zapcore.Level, error) { + lvl := r.FormValue("level") + if lvl == "" { + return 0, errors.New("must specify logging level") + } + var l zapcore.Level + if err := l.UnmarshalText([]byte(lvl)); err != nil { + return 0, err + } + return l, nil +} + +func decodePutJSON(body io.Reader) (zapcore.Level, error) { + var pld struct { + Level *zapcore.Level `json:"level"` + } + if err := json.NewDecoder(body).Decode(&pld); err != nil { + return 0, fmt.Errorf("malformed request body: %v", err) + } + if pld.Level == nil { + return 0, errors.New("must specify logging level") + } + return *pld.Level, nil + +} diff --git a/vendor/go.uber.org/zap/internal/bufferpool/bufferpool.go b/vendor/go.uber.org/zap/internal/bufferpool/bufferpool.go new file mode 100644 index 0000000000..dad583aaa5 --- /dev/null +++ b/vendor/go.uber.org/zap/internal/bufferpool/bufferpool.go @@ -0,0 +1,31 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package bufferpool houses zap's shared internal buffer pool. Third-party +// packages can recreate the same functionality with buffers.NewPool. +package bufferpool + +import "go.uber.org/zap/buffer" + +var ( + _pool = buffer.NewPool() + // Get retrieves a buffer from the pool, creating one if necessary. + Get = _pool.Get +) diff --git a/vendor/go.uber.org/zap/internal/color/color.go b/vendor/go.uber.org/zap/internal/color/color.go new file mode 100644 index 0000000000..c4d5d02abc --- /dev/null +++ b/vendor/go.uber.org/zap/internal/color/color.go @@ -0,0 +1,44 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package color adds coloring functionality for TTY output. +package color + +import "fmt" + +// Foreground colors. +const ( + Black Color = iota + 30 + Red + Green + Yellow + Blue + Magenta + Cyan + White +) + +// Color represents a text color. +type Color uint8 + +// Add adds the coloring to the given string. +func (c Color) Add(s string) string { + return fmt.Sprintf("\x1b[%dm%s\x1b[0m", uint8(c), s) +} diff --git a/vendor/go.uber.org/zap/internal/exit/exit.go b/vendor/go.uber.org/zap/internal/exit/exit.go new file mode 100644 index 0000000000..f673f9947b --- /dev/null +++ b/vendor/go.uber.org/zap/internal/exit/exit.go @@ -0,0 +1,66 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package exit provides stubs so that unit tests can exercise code that calls +// os.Exit(1). +package exit + +import "os" + +var _exit = os.Exit + +// With terminates the process by calling os.Exit(code). If the package is +// stubbed, it instead records a call in the testing spy. +func With(code int) { + _exit(code) +} + +// A StubbedExit is a testing fake for os.Exit. +type StubbedExit struct { + Exited bool + Code int + prev func(code int) +} + +// Stub substitutes a fake for the call to os.Exit(1). +func Stub() *StubbedExit { + s := &StubbedExit{prev: _exit} + _exit = s.exit + return s +} + +// WithStub runs the supplied function with Exit stubbed. It returns the stub +// used, so that users can test whether the process would have crashed. +func WithStub(f func()) *StubbedExit { + s := Stub() + defer s.Unstub() + f() + return s +} + +// Unstub restores the previous exit function. +func (se *StubbedExit) Unstub() { + _exit = se.prev +} + +func (se *StubbedExit) exit(code int) { + se.Exited = true + se.Code = code +} diff --git a/vendor/go.uber.org/zap/internal/level_enabler.go b/vendor/go.uber.org/zap/internal/level_enabler.go new file mode 100644 index 0000000000..5f3e3f1b92 --- /dev/null +++ b/vendor/go.uber.org/zap/internal/level_enabler.go @@ -0,0 +1,35 @@ +// Copyright (c) 2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package internal + +import "go.uber.org/zap/zapcore" + +// LeveledEnabler is an interface satisfied by LevelEnablers that are able to +// report their own level. +// +// This interface is defined to use more conveniently in tests and non-zapcore +// packages. +// This cannot be imported from zapcore because of the cyclic dependency. +type LeveledEnabler interface { + zapcore.LevelEnabler + + Level() zapcore.Level +} diff --git a/vendor/go.uber.org/zap/level.go b/vendor/go.uber.org/zap/level.go new file mode 100644 index 0000000000..db951e19a5 --- /dev/null +++ b/vendor/go.uber.org/zap/level.go @@ -0,0 +1,152 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "go.uber.org/atomic" + "go.uber.org/zap/internal" + "go.uber.org/zap/zapcore" +) + +const ( + // DebugLevel logs are typically voluminous, and are usually disabled in + // production. + DebugLevel = zapcore.DebugLevel + // InfoLevel is the default logging priority. + InfoLevel = zapcore.InfoLevel + // WarnLevel logs are more important than Info, but don't need individual + // human review. + WarnLevel = zapcore.WarnLevel + // ErrorLevel logs are high-priority. If an application is running smoothly, + // it shouldn't generate any error-level logs. + ErrorLevel = zapcore.ErrorLevel + // DPanicLevel logs are particularly important errors. In development the + // logger panics after writing the message. + DPanicLevel = zapcore.DPanicLevel + // PanicLevel logs a message, then panics. + PanicLevel = zapcore.PanicLevel + // FatalLevel logs a message, then calls os.Exit(1). + FatalLevel = zapcore.FatalLevel +) + +// LevelEnablerFunc is a convenient way to implement zapcore.LevelEnabler with +// an anonymous function. +// +// It's particularly useful when splitting log output between different +// outputs (e.g., standard error and standard out). For sample code, see the +// package-level AdvancedConfiguration example. +type LevelEnablerFunc func(zapcore.Level) bool + +// Enabled calls the wrapped function. +func (f LevelEnablerFunc) Enabled(lvl zapcore.Level) bool { return f(lvl) } + +// An AtomicLevel is an atomically changeable, dynamic logging level. It lets +// you safely change the log level of a tree of loggers (the root logger and +// any children created by adding context) at runtime. +// +// The AtomicLevel itself is an http.Handler that serves a JSON endpoint to +// alter its level. +// +// AtomicLevels must be created with the NewAtomicLevel constructor to allocate +// their internal atomic pointer. +type AtomicLevel struct { + l *atomic.Int32 +} + +var _ internal.LeveledEnabler = AtomicLevel{} + +// NewAtomicLevel creates an AtomicLevel with InfoLevel and above logging +// enabled. +func NewAtomicLevel() AtomicLevel { + return AtomicLevel{ + l: atomic.NewInt32(int32(InfoLevel)), + } +} + +// NewAtomicLevelAt is a convenience function that creates an AtomicLevel +// and then calls SetLevel with the given level. +func NewAtomicLevelAt(l zapcore.Level) AtomicLevel { + a := NewAtomicLevel() + a.SetLevel(l) + return a +} + +// ParseAtomicLevel parses an AtomicLevel based on a lowercase or all-caps ASCII +// representation of the log level. If the provided ASCII representation is +// invalid an error is returned. +// +// This is particularly useful when dealing with text input to configure log +// levels. +func ParseAtomicLevel(text string) (AtomicLevel, error) { + a := NewAtomicLevel() + l, err := zapcore.ParseLevel(text) + if err != nil { + return a, err + } + + a.SetLevel(l) + return a, nil +} + +// Enabled implements the zapcore.LevelEnabler interface, which allows the +// AtomicLevel to be used in place of traditional static levels. +func (lvl AtomicLevel) Enabled(l zapcore.Level) bool { + return lvl.Level().Enabled(l) +} + +// Level returns the minimum enabled log level. +func (lvl AtomicLevel) Level() zapcore.Level { + return zapcore.Level(int8(lvl.l.Load())) +} + +// SetLevel alters the logging level. +func (lvl AtomicLevel) SetLevel(l zapcore.Level) { + lvl.l.Store(int32(l)) +} + +// String returns the string representation of the underlying Level. +func (lvl AtomicLevel) String() string { + return lvl.Level().String() +} + +// UnmarshalText unmarshals the text to an AtomicLevel. It uses the same text +// representations as the static zapcore.Levels ("debug", "info", "warn", +// "error", "dpanic", "panic", and "fatal"). +func (lvl *AtomicLevel) UnmarshalText(text []byte) error { + if lvl.l == nil { + lvl.l = &atomic.Int32{} + } + + var l zapcore.Level + if err := l.UnmarshalText(text); err != nil { + return err + } + + lvl.SetLevel(l) + return nil +} + +// MarshalText marshals the AtomicLevel to a byte slice. It uses the same +// text representation as the static zapcore.Levels ("debug", "info", "warn", +// "error", "dpanic", "panic", and "fatal"). +func (lvl AtomicLevel) MarshalText() (text []byte, err error) { + return lvl.Level().MarshalText() +} diff --git a/vendor/go.uber.org/zap/logger.go b/vendor/go.uber.org/zap/logger.go new file mode 100644 index 0000000000..cd44030d13 --- /dev/null +++ b/vendor/go.uber.org/zap/logger.go @@ -0,0 +1,400 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "fmt" + "io" + "os" + "strings" + + "go.uber.org/zap/internal/bufferpool" + "go.uber.org/zap/zapcore" +) + +// A Logger provides fast, leveled, structured logging. All methods are safe +// for concurrent use. +// +// The Logger is designed for contexts in which every microsecond and every +// allocation matters, so its API intentionally favors performance and type +// safety over brevity. For most applications, the SugaredLogger strikes a +// better balance between performance and ergonomics. +type Logger struct { + core zapcore.Core + + development bool + addCaller bool + onFatal zapcore.CheckWriteHook // default is WriteThenFatal + + name string + errorOutput zapcore.WriteSyncer + + addStack zapcore.LevelEnabler + + callerSkip int + + clock zapcore.Clock +} + +// New constructs a new Logger from the provided zapcore.Core and Options. If +// the passed zapcore.Core is nil, it falls back to using a no-op +// implementation. +// +// This is the most flexible way to construct a Logger, but also the most +// verbose. For typical use cases, the highly-opinionated presets +// (NewProduction, NewDevelopment, and NewExample) or the Config struct are +// more convenient. +// +// For sample code, see the package-level AdvancedConfiguration example. +func New(core zapcore.Core, options ...Option) *Logger { + if core == nil { + return NewNop() + } + log := &Logger{ + core: core, + errorOutput: zapcore.Lock(os.Stderr), + addStack: zapcore.FatalLevel + 1, + clock: zapcore.DefaultClock, + } + return log.WithOptions(options...) +} + +// NewNop returns a no-op Logger. It never writes out logs or internal errors, +// and it never runs user-defined hooks. +// +// Using WithOptions to replace the Core or error output of a no-op Logger can +// re-enable logging. +func NewNop() *Logger { + return &Logger{ + core: zapcore.NewNopCore(), + errorOutput: zapcore.AddSync(io.Discard), + addStack: zapcore.FatalLevel + 1, + clock: zapcore.DefaultClock, + } +} + +// NewProduction builds a sensible production Logger that writes InfoLevel and +// above logs to standard error as JSON. +// +// It's a shortcut for NewProductionConfig().Build(...Option). +func NewProduction(options ...Option) (*Logger, error) { + return NewProductionConfig().Build(options...) +} + +// NewDevelopment builds a development Logger that writes DebugLevel and above +// logs to standard error in a human-friendly format. +// +// It's a shortcut for NewDevelopmentConfig().Build(...Option). +func NewDevelopment(options ...Option) (*Logger, error) { + return NewDevelopmentConfig().Build(options...) +} + +// Must is a helper that wraps a call to a function returning (*Logger, error) +// and panics if the error is non-nil. It is intended for use in variable +// initialization such as: +// +// var logger = zap.Must(zap.NewProduction()) +func Must(logger *Logger, err error) *Logger { + if err != nil { + panic(err) + } + + return logger +} + +// NewExample builds a Logger that's designed for use in zap's testable +// examples. It writes DebugLevel and above logs to standard out as JSON, but +// omits the timestamp and calling function to keep example output +// short and deterministic. +func NewExample(options ...Option) *Logger { + encoderCfg := zapcore.EncoderConfig{ + MessageKey: "msg", + LevelKey: "level", + NameKey: "logger", + EncodeLevel: zapcore.LowercaseLevelEncoder, + EncodeTime: zapcore.ISO8601TimeEncoder, + EncodeDuration: zapcore.StringDurationEncoder, + } + core := zapcore.NewCore(zapcore.NewJSONEncoder(encoderCfg), os.Stdout, DebugLevel) + return New(core).WithOptions(options...) +} + +// Sugar wraps the Logger to provide a more ergonomic, but slightly slower, +// API. Sugaring a Logger is quite inexpensive, so it's reasonable for a +// single application to use both Loggers and SugaredLoggers, converting +// between them on the boundaries of performance-sensitive code. +func (log *Logger) Sugar() *SugaredLogger { + core := log.clone() + core.callerSkip += 2 + return &SugaredLogger{core} +} + +// Named adds a new path segment to the logger's name. Segments are joined by +// periods. By default, Loggers are unnamed. +func (log *Logger) Named(s string) *Logger { + if s == "" { + return log + } + l := log.clone() + if log.name == "" { + l.name = s + } else { + l.name = strings.Join([]string{l.name, s}, ".") + } + return l +} + +// WithOptions clones the current Logger, applies the supplied Options, and +// returns the resulting Logger. It's safe to use concurrently. +func (log *Logger) WithOptions(opts ...Option) *Logger { + c := log.clone() + for _, opt := range opts { + opt.apply(c) + } + return c +} + +// With creates a child logger and adds structured context to it. Fields added +// to the child don't affect the parent, and vice versa. +func (log *Logger) With(fields ...Field) *Logger { + if len(fields) == 0 { + return log + } + l := log.clone() + l.core = l.core.With(fields) + return l +} + +// Level reports the minimum enabled level for this logger. +// +// For NopLoggers, this is [zapcore.InvalidLevel]. +func (log *Logger) Level() zapcore.Level { + return zapcore.LevelOf(log.core) +} + +// Check returns a CheckedEntry if logging a message at the specified level +// is enabled. It's a completely optional optimization; in high-performance +// applications, Check can help avoid allocating a slice to hold fields. +func (log *Logger) Check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry { + return log.check(lvl, msg) +} + +// Log logs a message at the specified level. The message includes any fields +// passed at the log site, as well as any fields accumulated on the logger. +func (log *Logger) Log(lvl zapcore.Level, msg string, fields ...Field) { + if ce := log.check(lvl, msg); ce != nil { + ce.Write(fields...) + } +} + +// Debug logs a message at DebugLevel. The message includes any fields passed +// at the log site, as well as any fields accumulated on the logger. +func (log *Logger) Debug(msg string, fields ...Field) { + if ce := log.check(DebugLevel, msg); ce != nil { + ce.Write(fields...) + } +} + +// Info logs a message at InfoLevel. The message includes any fields passed +// at the log site, as well as any fields accumulated on the logger. +func (log *Logger) Info(msg string, fields ...Field) { + if ce := log.check(InfoLevel, msg); ce != nil { + ce.Write(fields...) + } +} + +// Warn logs a message at WarnLevel. The message includes any fields passed +// at the log site, as well as any fields accumulated on the logger. +func (log *Logger) Warn(msg string, fields ...Field) { + if ce := log.check(WarnLevel, msg); ce != nil { + ce.Write(fields...) + } +} + +// Error logs a message at ErrorLevel. The message includes any fields passed +// at the log site, as well as any fields accumulated on the logger. +func (log *Logger) Error(msg string, fields ...Field) { + if ce := log.check(ErrorLevel, msg); ce != nil { + ce.Write(fields...) + } +} + +// DPanic logs a message at DPanicLevel. The message includes any fields +// passed at the log site, as well as any fields accumulated on the logger. +// +// If the logger is in development mode, it then panics (DPanic means +// "development panic"). This is useful for catching errors that are +// recoverable, but shouldn't ever happen. +func (log *Logger) DPanic(msg string, fields ...Field) { + if ce := log.check(DPanicLevel, msg); ce != nil { + ce.Write(fields...) + } +} + +// Panic logs a message at PanicLevel. The message includes any fields passed +// at the log site, as well as any fields accumulated on the logger. +// +// The logger then panics, even if logging at PanicLevel is disabled. +func (log *Logger) Panic(msg string, fields ...Field) { + if ce := log.check(PanicLevel, msg); ce != nil { + ce.Write(fields...) + } +} + +// Fatal logs a message at FatalLevel. The message includes any fields passed +// at the log site, as well as any fields accumulated on the logger. +// +// The logger then calls os.Exit(1), even if logging at FatalLevel is +// disabled. +func (log *Logger) Fatal(msg string, fields ...Field) { + if ce := log.check(FatalLevel, msg); ce != nil { + ce.Write(fields...) + } +} + +// Sync calls the underlying Core's Sync method, flushing any buffered log +// entries. Applications should take care to call Sync before exiting. +func (log *Logger) Sync() error { + return log.core.Sync() +} + +// Core returns the Logger's underlying zapcore.Core. +func (log *Logger) Core() zapcore.Core { + return log.core +} + +func (log *Logger) clone() *Logger { + copy := *log + return © +} + +func (log *Logger) check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry { + // Logger.check must always be called directly by a method in the + // Logger interface (e.g., Check, Info, Fatal). + // This skips Logger.check and the Info/Fatal/Check/etc. method that + // called it. + const callerSkipOffset = 2 + + // Check the level first to reduce the cost of disabled log calls. + // Since Panic and higher may exit, we skip the optimization for those levels. + if lvl < zapcore.DPanicLevel && !log.core.Enabled(lvl) { + return nil + } + + // Create basic checked entry thru the core; this will be non-nil if the + // log message will actually be written somewhere. + ent := zapcore.Entry{ + LoggerName: log.name, + Time: log.clock.Now(), + Level: lvl, + Message: msg, + } + ce := log.core.Check(ent, nil) + willWrite := ce != nil + + // Set up any required terminal behavior. + switch ent.Level { + case zapcore.PanicLevel: + ce = ce.After(ent, zapcore.WriteThenPanic) + case zapcore.FatalLevel: + onFatal := log.onFatal + // nil or WriteThenNoop will lead to continued execution after + // a Fatal log entry, which is unexpected. For example, + // + // f, err := os.Open(..) + // if err != nil { + // log.Fatal("cannot open", zap.Error(err)) + // } + // fmt.Println(f.Name()) + // + // The f.Name() will panic if we continue execution after the + // log.Fatal. + if onFatal == nil || onFatal == zapcore.WriteThenNoop { + onFatal = zapcore.WriteThenFatal + } + ce = ce.After(ent, onFatal) + case zapcore.DPanicLevel: + if log.development { + ce = ce.After(ent, zapcore.WriteThenPanic) + } + } + + // Only do further annotation if we're going to write this message; checked + // entries that exist only for terminal behavior don't benefit from + // annotation. + if !willWrite { + return ce + } + + // Thread the error output through to the CheckedEntry. + ce.ErrorOutput = log.errorOutput + + addStack := log.addStack.Enabled(ce.Level) + if !log.addCaller && !addStack { + return ce + } + + // Adding the caller or stack trace requires capturing the callers of + // this function. We'll share information between these two. + stackDepth := stacktraceFirst + if addStack { + stackDepth = stacktraceFull + } + stack := captureStacktrace(log.callerSkip+callerSkipOffset, stackDepth) + defer stack.Free() + + if stack.Count() == 0 { + if log.addCaller { + fmt.Fprintf(log.errorOutput, "%v Logger.check error: failed to get caller\n", ent.Time.UTC()) + log.errorOutput.Sync() + } + return ce + } + + frame, more := stack.Next() + + if log.addCaller { + ce.Caller = zapcore.EntryCaller{ + Defined: frame.PC != 0, + PC: frame.PC, + File: frame.File, + Line: frame.Line, + Function: frame.Function, + } + } + + if addStack { + buffer := bufferpool.Get() + defer buffer.Free() + + stackfmt := newStackFormatter(buffer) + + // We've already extracted the first frame, so format that + // separately and defer to stackfmt for the rest. + stackfmt.FormatFrame(frame) + if more { + stackfmt.FormatStack(stack) + } + ce.Stack = buffer.String() + } + + return ce +} diff --git a/vendor/go.uber.org/zap/options.go b/vendor/go.uber.org/zap/options.go new file mode 100644 index 0000000000..c4f3bca3d2 --- /dev/null +++ b/vendor/go.uber.org/zap/options.go @@ -0,0 +1,167 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "fmt" + + "go.uber.org/zap/zapcore" +) + +// An Option configures a Logger. +type Option interface { + apply(*Logger) +} + +// optionFunc wraps a func so it satisfies the Option interface. +type optionFunc func(*Logger) + +func (f optionFunc) apply(log *Logger) { + f(log) +} + +// WrapCore wraps or replaces the Logger's underlying zapcore.Core. +func WrapCore(f func(zapcore.Core) zapcore.Core) Option { + return optionFunc(func(log *Logger) { + log.core = f(log.core) + }) +} + +// Hooks registers functions which will be called each time the Logger writes +// out an Entry. Repeated use of Hooks is additive. +// +// Hooks are useful for simple side effects, like capturing metrics for the +// number of emitted logs. More complex side effects, including anything that +// requires access to the Entry's structured fields, should be implemented as +// a zapcore.Core instead. See zapcore.RegisterHooks for details. +func Hooks(hooks ...func(zapcore.Entry) error) Option { + return optionFunc(func(log *Logger) { + log.core = zapcore.RegisterHooks(log.core, hooks...) + }) +} + +// Fields adds fields to the Logger. +func Fields(fs ...Field) Option { + return optionFunc(func(log *Logger) { + log.core = log.core.With(fs) + }) +} + +// ErrorOutput sets the destination for errors generated by the Logger. Note +// that this option only affects internal errors; for sample code that sends +// error-level logs to a different location from info- and debug-level logs, +// see the package-level AdvancedConfiguration example. +// +// The supplied WriteSyncer must be safe for concurrent use. The Open and +// zapcore.Lock functions are the simplest ways to protect files with a mutex. +func ErrorOutput(w zapcore.WriteSyncer) Option { + return optionFunc(func(log *Logger) { + log.errorOutput = w + }) +} + +// Development puts the logger in development mode, which makes DPanic-level +// logs panic instead of simply logging an error. +func Development() Option { + return optionFunc(func(log *Logger) { + log.development = true + }) +} + +// AddCaller configures the Logger to annotate each message with the filename, +// line number, and function name of zap's caller. See also WithCaller. +func AddCaller() Option { + return WithCaller(true) +} + +// WithCaller configures the Logger to annotate each message with the filename, +// line number, and function name of zap's caller, or not, depending on the +// value of enabled. This is a generalized form of AddCaller. +func WithCaller(enabled bool) Option { + return optionFunc(func(log *Logger) { + log.addCaller = enabled + }) +} + +// AddCallerSkip increases the number of callers skipped by caller annotation +// (as enabled by the AddCaller option). When building wrappers around the +// Logger and SugaredLogger, supplying this Option prevents zap from always +// reporting the wrapper code as the caller. +func AddCallerSkip(skip int) Option { + return optionFunc(func(log *Logger) { + log.callerSkip += skip + }) +} + +// AddStacktrace configures the Logger to record a stack trace for all messages at +// or above a given level. +func AddStacktrace(lvl zapcore.LevelEnabler) Option { + return optionFunc(func(log *Logger) { + log.addStack = lvl + }) +} + +// IncreaseLevel increase the level of the logger. It has no effect if +// the passed in level tries to decrease the level of the logger. +func IncreaseLevel(lvl zapcore.LevelEnabler) Option { + return optionFunc(func(log *Logger) { + core, err := zapcore.NewIncreaseLevelCore(log.core, lvl) + if err != nil { + fmt.Fprintf(log.errorOutput, "failed to IncreaseLevel: %v\n", err) + } else { + log.core = core + } + }) +} + +// OnFatal sets the action to take on fatal logs. +// +// Deprecated: Use [WithFatalHook] instead. +func OnFatal(action zapcore.CheckWriteAction) Option { + return WithFatalHook(action) +} + +// WithFatalHook sets a CheckWriteHook to run on fatal logs. +// Zap will call this hook after writing a log statement with a Fatal level. +// +// For example, the following builds a logger that will exit the current +// goroutine after writing a fatal log message, but it will not exit the +// program. +// +// zap.New(core, zap.WithFatalHook(zapcore.WriteThenGoexit)) +// +// It is important that the provided CheckWriteHook stops the control flow at +// the current statement to meet expectations of callers of the logger. +// We recommend calling os.Exit or runtime.Goexit inside custom hooks at +// minimum. +func WithFatalHook(hook zapcore.CheckWriteHook) Option { + return optionFunc(func(log *Logger) { + log.onFatal = hook + }) +} + +// WithClock specifies the clock used by the logger to determine the current +// time for logged entries. Defaults to the system clock with time.Now. +func WithClock(clock zapcore.Clock) Option { + return optionFunc(func(log *Logger) { + log.clock = clock + }) +} diff --git a/vendor/go.uber.org/zap/sink.go b/vendor/go.uber.org/zap/sink.go new file mode 100644 index 0000000000..478c9a10ff --- /dev/null +++ b/vendor/go.uber.org/zap/sink.go @@ -0,0 +1,179 @@ +// Copyright (c) 2016-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "errors" + "fmt" + "io" + "net/url" + "os" + "path/filepath" + "strings" + "sync" + + "go.uber.org/zap/zapcore" +) + +const schemeFile = "file" + +var _sinkRegistry = newSinkRegistry() + +// Sink defines the interface to write to and close logger destinations. +type Sink interface { + zapcore.WriteSyncer + io.Closer +} + +type errSinkNotFound struct { + scheme string +} + +func (e *errSinkNotFound) Error() string { + return fmt.Sprintf("no sink found for scheme %q", e.scheme) +} + +type nopCloserSink struct{ zapcore.WriteSyncer } + +func (nopCloserSink) Close() error { return nil } + +type sinkRegistry struct { + mu sync.Mutex + factories map[string]func(*url.URL) (Sink, error) // keyed by scheme + openFile func(string, int, os.FileMode) (*os.File, error) // type matches os.OpenFile +} + +func newSinkRegistry() *sinkRegistry { + sr := &sinkRegistry{ + factories: make(map[string]func(*url.URL) (Sink, error)), + openFile: os.OpenFile, + } + sr.RegisterSink(schemeFile, sr.newFileSinkFromURL) + return sr +} + +// RegisterScheme registers the given factory for the specific scheme. +func (sr *sinkRegistry) RegisterSink(scheme string, factory func(*url.URL) (Sink, error)) error { + sr.mu.Lock() + defer sr.mu.Unlock() + + if scheme == "" { + return errors.New("can't register a sink factory for empty string") + } + normalized, err := normalizeScheme(scheme) + if err != nil { + return fmt.Errorf("%q is not a valid scheme: %v", scheme, err) + } + if _, ok := sr.factories[normalized]; ok { + return fmt.Errorf("sink factory already registered for scheme %q", normalized) + } + sr.factories[normalized] = factory + return nil +} + +func (sr *sinkRegistry) newSink(rawURL string) (Sink, error) { + // URL parsing doesn't work well for Windows paths such as `c:\log.txt`, as scheme is set to + // the drive, and path is unset unless `c:/log.txt` is used. + // To avoid Windows-specific URL handling, we instead check IsAbs to open as a file. + // filepath.IsAbs is OS-specific, so IsAbs('c:/log.txt') is false outside of Windows. + if filepath.IsAbs(rawURL) { + return sr.newFileSinkFromPath(rawURL) + } + + u, err := url.Parse(rawURL) + if err != nil { + return nil, fmt.Errorf("can't parse %q as a URL: %v", rawURL, err) + } + if u.Scheme == "" { + u.Scheme = schemeFile + } + + sr.mu.Lock() + factory, ok := sr.factories[u.Scheme] + sr.mu.Unlock() + if !ok { + return nil, &errSinkNotFound{u.Scheme} + } + return factory(u) +} + +// RegisterSink registers a user-supplied factory for all sinks with a +// particular scheme. +// +// All schemes must be ASCII, valid under section 0.1 of RFC 3986 +// (https://tools.ietf.org/html/rfc3983#section-3.1), and must not already +// have a factory registered. Zap automatically registers a factory for the +// "file" scheme. +func RegisterSink(scheme string, factory func(*url.URL) (Sink, error)) error { + return _sinkRegistry.RegisterSink(scheme, factory) +} + +func (sr *sinkRegistry) newFileSinkFromURL(u *url.URL) (Sink, error) { + if u.User != nil { + return nil, fmt.Errorf("user and password not allowed with file URLs: got %v", u) + } + if u.Fragment != "" { + return nil, fmt.Errorf("fragments not allowed with file URLs: got %v", u) + } + if u.RawQuery != "" { + return nil, fmt.Errorf("query parameters not allowed with file URLs: got %v", u) + } + // Error messages are better if we check hostname and port separately. + if u.Port() != "" { + return nil, fmt.Errorf("ports not allowed with file URLs: got %v", u) + } + if hn := u.Hostname(); hn != "" && hn != "localhost" { + return nil, fmt.Errorf("file URLs must leave host empty or use localhost: got %v", u) + } + + return sr.newFileSinkFromPath(u.Path) +} + +func (sr *sinkRegistry) newFileSinkFromPath(path string) (Sink, error) { + switch path { + case "stdout": + return nopCloserSink{os.Stdout}, nil + case "stderr": + return nopCloserSink{os.Stderr}, nil + } + return sr.openFile(path, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0666) +} + +func normalizeScheme(s string) (string, error) { + // https://tools.ietf.org/html/rfc3986#section-3.1 + s = strings.ToLower(s) + if first := s[0]; 'a' > first || 'z' < first { + return "", errors.New("must start with a letter") + } + for i := 1; i < len(s); i++ { // iterate over bytes, not runes + c := s[i] + switch { + case 'a' <= c && c <= 'z': + continue + case '0' <= c && c <= '9': + continue + case c == '.' || c == '+' || c == '-': + continue + } + return "", fmt.Errorf("may not contain %q", c) + } + return s, nil +} diff --git a/vendor/go.uber.org/zap/stacktrace.go b/vendor/go.uber.org/zap/stacktrace.go new file mode 100644 index 0000000000..817a3bde8b --- /dev/null +++ b/vendor/go.uber.org/zap/stacktrace.go @@ -0,0 +1,176 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "runtime" + "sync" + + "go.uber.org/zap/buffer" + "go.uber.org/zap/internal/bufferpool" +) + +var _stacktracePool = sync.Pool{ + New: func() interface{} { + return &stacktrace{ + storage: make([]uintptr, 64), + } + }, +} + +type stacktrace struct { + pcs []uintptr // program counters; always a subslice of storage + frames *runtime.Frames + + // The size of pcs varies depending on requirements: + // it will be one if the only the first frame was requested, + // and otherwise it will reflect the depth of the call stack. + // + // storage decouples the slice we need (pcs) from the slice we pool. + // We will always allocate a reasonably large storage, but we'll use + // only as much of it as we need. + storage []uintptr +} + +// stacktraceDepth specifies how deep of a stack trace should be captured. +type stacktraceDepth int + +const ( + // stacktraceFirst captures only the first frame. + stacktraceFirst stacktraceDepth = iota + + // stacktraceFull captures the entire call stack, allocating more + // storage for it if needed. + stacktraceFull +) + +// captureStacktrace captures a stack trace of the specified depth, skipping +// the provided number of frames. skip=0 identifies the caller of +// captureStacktrace. +// +// The caller must call Free on the returned stacktrace after using it. +func captureStacktrace(skip int, depth stacktraceDepth) *stacktrace { + stack := _stacktracePool.Get().(*stacktrace) + + switch depth { + case stacktraceFirst: + stack.pcs = stack.storage[:1] + case stacktraceFull: + stack.pcs = stack.storage + } + + // Unlike other "skip"-based APIs, skip=0 identifies runtime.Callers + // itself. +2 to skip captureStacktrace and runtime.Callers. + numFrames := runtime.Callers( + skip+2, + stack.pcs, + ) + + // runtime.Callers truncates the recorded stacktrace if there is no + // room in the provided slice. For the full stack trace, keep expanding + // storage until there are fewer frames than there is room. + if depth == stacktraceFull { + pcs := stack.pcs + for numFrames == len(pcs) { + pcs = make([]uintptr, len(pcs)*2) + numFrames = runtime.Callers(skip+2, pcs) + } + + // Discard old storage instead of returning it to the pool. + // This will adjust the pool size over time if stack traces are + // consistently very deep. + stack.storage = pcs + stack.pcs = pcs[:numFrames] + } else { + stack.pcs = stack.pcs[:numFrames] + } + + stack.frames = runtime.CallersFrames(stack.pcs) + return stack +} + +// Free releases resources associated with this stacktrace +// and returns it back to the pool. +func (st *stacktrace) Free() { + st.frames = nil + st.pcs = nil + _stacktracePool.Put(st) +} + +// Count reports the total number of frames in this stacktrace. +// Count DOES NOT change as Next is called. +func (st *stacktrace) Count() int { + return len(st.pcs) +} + +// Next returns the next frame in the stack trace, +// and a boolean indicating whether there are more after it. +func (st *stacktrace) Next() (_ runtime.Frame, more bool) { + return st.frames.Next() +} + +func takeStacktrace(skip int) string { + stack := captureStacktrace(skip+1, stacktraceFull) + defer stack.Free() + + buffer := bufferpool.Get() + defer buffer.Free() + + stackfmt := newStackFormatter(buffer) + stackfmt.FormatStack(stack) + return buffer.String() +} + +// stackFormatter formats a stack trace into a readable string representation. +type stackFormatter struct { + b *buffer.Buffer + nonEmpty bool // whehther we've written at least one frame already +} + +// newStackFormatter builds a new stackFormatter. +func newStackFormatter(b *buffer.Buffer) stackFormatter { + return stackFormatter{b: b} +} + +// FormatStack formats all remaining frames in the provided stacktrace -- minus +// the final runtime.main/runtime.goexit frame. +func (sf *stackFormatter) FormatStack(stack *stacktrace) { + // Note: On the last iteration, frames.Next() returns false, with a valid + // frame, but we ignore this frame. The last frame is a runtime frame which + // adds noise, since it's only either runtime.main or runtime.goexit. + for frame, more := stack.Next(); more; frame, more = stack.Next() { + sf.FormatFrame(frame) + } +} + +// FormatFrame formats the given frame. +func (sf *stackFormatter) FormatFrame(frame runtime.Frame) { + if sf.nonEmpty { + sf.b.AppendByte('\n') + } + sf.nonEmpty = true + sf.b.AppendString(frame.Function) + sf.b.AppendByte('\n') + sf.b.AppendByte('\t') + sf.b.AppendString(frame.File) + sf.b.AppendByte(':') + sf.b.AppendInt(int64(frame.Line)) +} diff --git a/vendor/go.uber.org/zap/sugar.go b/vendor/go.uber.org/zap/sugar.go new file mode 100644 index 0000000000..ac387b3e47 --- /dev/null +++ b/vendor/go.uber.org/zap/sugar.go @@ -0,0 +1,416 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "fmt" + + "go.uber.org/zap/zapcore" + + "go.uber.org/multierr" +) + +const ( + _oddNumberErrMsg = "Ignored key without a value." + _nonStringKeyErrMsg = "Ignored key-value pairs with non-string keys." + _multipleErrMsg = "Multiple errors without a key." +) + +// A SugaredLogger wraps the base Logger functionality in a slower, but less +// verbose, API. Any Logger can be converted to a SugaredLogger with its Sugar +// method. +// +// Unlike the Logger, the SugaredLogger doesn't insist on structured logging. +// For each log level, it exposes four methods: +// +// - methods named after the log level for log.Print-style logging +// - methods ending in "w" for loosely-typed structured logging +// - methods ending in "f" for log.Printf-style logging +// - methods ending in "ln" for log.Println-style logging +// +// For example, the methods for InfoLevel are: +// +// Info(...any) Print-style logging +// Infow(...any) Structured logging (read as "info with") +// Infof(string, ...any) Printf-style logging +// Infoln(...any) Println-style logging +type SugaredLogger struct { + base *Logger +} + +// Desugar unwraps a SugaredLogger, exposing the original Logger. Desugaring +// is quite inexpensive, so it's reasonable for a single application to use +// both Loggers and SugaredLoggers, converting between them on the boundaries +// of performance-sensitive code. +func (s *SugaredLogger) Desugar() *Logger { + base := s.base.clone() + base.callerSkip -= 2 + return base +} + +// Named adds a sub-scope to the logger's name. See Logger.Named for details. +func (s *SugaredLogger) Named(name string) *SugaredLogger { + return &SugaredLogger{base: s.base.Named(name)} +} + +// WithOptions clones the current SugaredLogger, applies the supplied Options, +// and returns the result. It's safe to use concurrently. +func (s *SugaredLogger) WithOptions(opts ...Option) *SugaredLogger { + base := s.base.clone() + for _, opt := range opts { + opt.apply(base) + } + return &SugaredLogger{base: base} +} + +// With adds a variadic number of fields to the logging context. It accepts a +// mix of strongly-typed Field objects and loosely-typed key-value pairs. When +// processing pairs, the first element of the pair is used as the field key +// and the second as the field value. +// +// For example, +// +// sugaredLogger.With( +// "hello", "world", +// "failure", errors.New("oh no"), +// Stack(), +// "count", 42, +// "user", User{Name: "alice"}, +// ) +// +// is the equivalent of +// +// unsugared.With( +// String("hello", "world"), +// String("failure", "oh no"), +// Stack(), +// Int("count", 42), +// Object("user", User{Name: "alice"}), +// ) +// +// Note that the keys in key-value pairs should be strings. In development, +// passing a non-string key panics. In production, the logger is more +// forgiving: a separate error is logged, but the key-value pair is skipped +// and execution continues. Passing an orphaned key triggers similar behavior: +// panics in development and errors in production. +func (s *SugaredLogger) With(args ...interface{}) *SugaredLogger { + return &SugaredLogger{base: s.base.With(s.sweetenFields(args)...)} +} + +// Level reports the minimum enabled level for this logger. +// +// For NopLoggers, this is [zapcore.InvalidLevel]. +func (s *SugaredLogger) Level() zapcore.Level { + return zapcore.LevelOf(s.base.core) +} + +// Debug uses fmt.Sprint to construct and log a message. +func (s *SugaredLogger) Debug(args ...interface{}) { + s.log(DebugLevel, "", args, nil) +} + +// Info uses fmt.Sprint to construct and log a message. +func (s *SugaredLogger) Info(args ...interface{}) { + s.log(InfoLevel, "", args, nil) +} + +// Warn uses fmt.Sprint to construct and log a message. +func (s *SugaredLogger) Warn(args ...interface{}) { + s.log(WarnLevel, "", args, nil) +} + +// Error uses fmt.Sprint to construct and log a message. +func (s *SugaredLogger) Error(args ...interface{}) { + s.log(ErrorLevel, "", args, nil) +} + +// DPanic uses fmt.Sprint to construct and log a message. In development, the +// logger then panics. (See DPanicLevel for details.) +func (s *SugaredLogger) DPanic(args ...interface{}) { + s.log(DPanicLevel, "", args, nil) +} + +// Panic uses fmt.Sprint to construct and log a message, then panics. +func (s *SugaredLogger) Panic(args ...interface{}) { + s.log(PanicLevel, "", args, nil) +} + +// Fatal uses fmt.Sprint to construct and log a message, then calls os.Exit. +func (s *SugaredLogger) Fatal(args ...interface{}) { + s.log(FatalLevel, "", args, nil) +} + +// Debugf uses fmt.Sprintf to log a templated message. +func (s *SugaredLogger) Debugf(template string, args ...interface{}) { + s.log(DebugLevel, template, args, nil) +} + +// Infof uses fmt.Sprintf to log a templated message. +func (s *SugaredLogger) Infof(template string, args ...interface{}) { + s.log(InfoLevel, template, args, nil) +} + +// Warnf uses fmt.Sprintf to log a templated message. +func (s *SugaredLogger) Warnf(template string, args ...interface{}) { + s.log(WarnLevel, template, args, nil) +} + +// Errorf uses fmt.Sprintf to log a templated message. +func (s *SugaredLogger) Errorf(template string, args ...interface{}) { + s.log(ErrorLevel, template, args, nil) +} + +// DPanicf uses fmt.Sprintf to log a templated message. In development, the +// logger then panics. (See DPanicLevel for details.) +func (s *SugaredLogger) DPanicf(template string, args ...interface{}) { + s.log(DPanicLevel, template, args, nil) +} + +// Panicf uses fmt.Sprintf to log a templated message, then panics. +func (s *SugaredLogger) Panicf(template string, args ...interface{}) { + s.log(PanicLevel, template, args, nil) +} + +// Fatalf uses fmt.Sprintf to log a templated message, then calls os.Exit. +func (s *SugaredLogger) Fatalf(template string, args ...interface{}) { + s.log(FatalLevel, template, args, nil) +} + +// Debugw logs a message with some additional context. The variadic key-value +// pairs are treated as they are in With. +// +// When debug-level logging is disabled, this is much faster than +// +// s.With(keysAndValues).Debug(msg) +func (s *SugaredLogger) Debugw(msg string, keysAndValues ...interface{}) { + s.log(DebugLevel, msg, nil, keysAndValues) +} + +// Infow logs a message with some additional context. The variadic key-value +// pairs are treated as they are in With. +func (s *SugaredLogger) Infow(msg string, keysAndValues ...interface{}) { + s.log(InfoLevel, msg, nil, keysAndValues) +} + +// Warnw logs a message with some additional context. The variadic key-value +// pairs are treated as they are in With. +func (s *SugaredLogger) Warnw(msg string, keysAndValues ...interface{}) { + s.log(WarnLevel, msg, nil, keysAndValues) +} + +// Errorw logs a message with some additional context. The variadic key-value +// pairs are treated as they are in With. +func (s *SugaredLogger) Errorw(msg string, keysAndValues ...interface{}) { + s.log(ErrorLevel, msg, nil, keysAndValues) +} + +// DPanicw logs a message with some additional context. In development, the +// logger then panics. (See DPanicLevel for details.) The variadic key-value +// pairs are treated as they are in With. +func (s *SugaredLogger) DPanicw(msg string, keysAndValues ...interface{}) { + s.log(DPanicLevel, msg, nil, keysAndValues) +} + +// Panicw logs a message with some additional context, then panics. The +// variadic key-value pairs are treated as they are in With. +func (s *SugaredLogger) Panicw(msg string, keysAndValues ...interface{}) { + s.log(PanicLevel, msg, nil, keysAndValues) +} + +// Fatalw logs a message with some additional context, then calls os.Exit. The +// variadic key-value pairs are treated as they are in With. +func (s *SugaredLogger) Fatalw(msg string, keysAndValues ...interface{}) { + s.log(FatalLevel, msg, nil, keysAndValues) +} + +// Debugln uses fmt.Sprintln to construct and log a message. +func (s *SugaredLogger) Debugln(args ...interface{}) { + s.logln(DebugLevel, args, nil) +} + +// Infoln uses fmt.Sprintln to construct and log a message. +func (s *SugaredLogger) Infoln(args ...interface{}) { + s.logln(InfoLevel, args, nil) +} + +// Warnln uses fmt.Sprintln to construct and log a message. +func (s *SugaredLogger) Warnln(args ...interface{}) { + s.logln(WarnLevel, args, nil) +} + +// Errorln uses fmt.Sprintln to construct and log a message. +func (s *SugaredLogger) Errorln(args ...interface{}) { + s.logln(ErrorLevel, args, nil) +} + +// DPanicln uses fmt.Sprintln to construct and log a message. In development, the +// logger then panics. (See DPanicLevel for details.) +func (s *SugaredLogger) DPanicln(args ...interface{}) { + s.logln(DPanicLevel, args, nil) +} + +// Panicln uses fmt.Sprintln to construct and log a message, then panics. +func (s *SugaredLogger) Panicln(args ...interface{}) { + s.logln(PanicLevel, args, nil) +} + +// Fatalln uses fmt.Sprintln to construct and log a message, then calls os.Exit. +func (s *SugaredLogger) Fatalln(args ...interface{}) { + s.logln(FatalLevel, args, nil) +} + +// Sync flushes any buffered log entries. +func (s *SugaredLogger) Sync() error { + return s.base.Sync() +} + +// log message with Sprint, Sprintf, or neither. +func (s *SugaredLogger) log(lvl zapcore.Level, template string, fmtArgs []interface{}, context []interface{}) { + // If logging at this level is completely disabled, skip the overhead of + // string formatting. + if lvl < DPanicLevel && !s.base.Core().Enabled(lvl) { + return + } + + msg := getMessage(template, fmtArgs) + if ce := s.base.Check(lvl, msg); ce != nil { + ce.Write(s.sweetenFields(context)...) + } +} + +// logln message with Sprintln +func (s *SugaredLogger) logln(lvl zapcore.Level, fmtArgs []interface{}, context []interface{}) { + if lvl < DPanicLevel && !s.base.Core().Enabled(lvl) { + return + } + + msg := getMessageln(fmtArgs) + if ce := s.base.Check(lvl, msg); ce != nil { + ce.Write(s.sweetenFields(context)...) + } +} + +// getMessage format with Sprint, Sprintf, or neither. +func getMessage(template string, fmtArgs []interface{}) string { + if len(fmtArgs) == 0 { + return template + } + + if template != "" { + return fmt.Sprintf(template, fmtArgs...) + } + + if len(fmtArgs) == 1 { + if str, ok := fmtArgs[0].(string); ok { + return str + } + } + return fmt.Sprint(fmtArgs...) +} + +// getMessageln format with Sprintln. +func getMessageln(fmtArgs []interface{}) string { + msg := fmt.Sprintln(fmtArgs...) + return msg[:len(msg)-1] +} + +func (s *SugaredLogger) sweetenFields(args []interface{}) []Field { + if len(args) == 0 { + return nil + } + + var ( + // Allocate enough space for the worst case; if users pass only structured + // fields, we shouldn't penalize them with extra allocations. + fields = make([]Field, 0, len(args)) + invalid invalidPairs + seenError bool + ) + + for i := 0; i < len(args); { + // This is a strongly-typed field. Consume it and move on. + if f, ok := args[i].(Field); ok { + fields = append(fields, f) + i++ + continue + } + + // If it is an error, consume it and move on. + if err, ok := args[i].(error); ok { + if !seenError { + seenError = true + fields = append(fields, Error(err)) + } else { + s.base.Error(_multipleErrMsg, Error(err)) + } + i++ + continue + } + + // Make sure this element isn't a dangling key. + if i == len(args)-1 { + s.base.Error(_oddNumberErrMsg, Any("ignored", args[i])) + break + } + + // Consume this value and the next, treating them as a key-value pair. If the + // key isn't a string, add this pair to the slice of invalid pairs. + key, val := args[i], args[i+1] + if keyStr, ok := key.(string); !ok { + // Subsequent errors are likely, so allocate once up front. + if cap(invalid) == 0 { + invalid = make(invalidPairs, 0, len(args)/2) + } + invalid = append(invalid, invalidPair{i, key, val}) + } else { + fields = append(fields, Any(keyStr, val)) + } + i += 2 + } + + // If we encountered any invalid key-value pairs, log an error. + if len(invalid) > 0 { + s.base.Error(_nonStringKeyErrMsg, Array("invalid", invalid)) + } + return fields +} + +type invalidPair struct { + position int + key, value interface{} +} + +func (p invalidPair) MarshalLogObject(enc zapcore.ObjectEncoder) error { + enc.AddInt64("position", int64(p.position)) + Any("key", p.key).AddTo(enc) + Any("value", p.value).AddTo(enc) + return nil +} + +type invalidPairs []invalidPair + +func (ps invalidPairs) MarshalLogArray(enc zapcore.ArrayEncoder) error { + var err error + for i := range ps { + err = multierr.Append(err, enc.AppendObject(ps[i])) + } + return err +} diff --git a/vendor/go.uber.org/zap/time.go b/vendor/go.uber.org/zap/time.go new file mode 100644 index 0000000000..c5a1f16225 --- /dev/null +++ b/vendor/go.uber.org/zap/time.go @@ -0,0 +1,27 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import "time" + +func timeToMillis(t time.Time) int64 { + return t.UnixNano() / int64(time.Millisecond) +} diff --git a/vendor/go.uber.org/zap/writer.go b/vendor/go.uber.org/zap/writer.go new file mode 100644 index 0000000000..f08728e1ec --- /dev/null +++ b/vendor/go.uber.org/zap/writer.go @@ -0,0 +1,98 @@ +// Copyright (c) 2016-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zap + +import ( + "fmt" + "io" + + "go.uber.org/zap/zapcore" + + "go.uber.org/multierr" +) + +// Open is a high-level wrapper that takes a variadic number of URLs, opens or +// creates each of the specified resources, and combines them into a locked +// WriteSyncer. It also returns any error encountered and a function to close +// any opened files. +// +// Passing no URLs returns a no-op WriteSyncer. Zap handles URLs without a +// scheme and URLs with the "file" scheme. Third-party code may register +// factories for other schemes using RegisterSink. +// +// URLs with the "file" scheme must use absolute paths on the local +// filesystem. No user, password, port, fragments, or query parameters are +// allowed, and the hostname must be empty or "localhost". +// +// Since it's common to write logs to the local filesystem, URLs without a +// scheme (e.g., "/var/log/foo.log") are treated as local file paths. Without +// a scheme, the special paths "stdout" and "stderr" are interpreted as +// os.Stdout and os.Stderr. When specified without a scheme, relative file +// paths also work. +func Open(paths ...string) (zapcore.WriteSyncer, func(), error) { + writers, close, err := open(paths) + if err != nil { + return nil, nil, err + } + + writer := CombineWriteSyncers(writers...) + return writer, close, nil +} + +func open(paths []string) ([]zapcore.WriteSyncer, func(), error) { + writers := make([]zapcore.WriteSyncer, 0, len(paths)) + closers := make([]io.Closer, 0, len(paths)) + close := func() { + for _, c := range closers { + c.Close() + } + } + + var openErr error + for _, path := range paths { + sink, err := _sinkRegistry.newSink(path) + if err != nil { + openErr = multierr.Append(openErr, fmt.Errorf("open sink %q: %w", path, err)) + continue + } + writers = append(writers, sink) + closers = append(closers, sink) + } + if openErr != nil { + close() + return nil, nil, openErr + } + + return writers, close, nil +} + +// CombineWriteSyncers is a utility that combines multiple WriteSyncers into a +// single, locked WriteSyncer. If no inputs are supplied, it returns a no-op +// WriteSyncer. +// +// It's provided purely as a convenience; the result is no different from +// using zapcore.NewMultiWriteSyncer and zapcore.Lock individually. +func CombineWriteSyncers(writers ...zapcore.WriteSyncer) zapcore.WriteSyncer { + if len(writers) == 0 { + return zapcore.AddSync(io.Discard) + } + return zapcore.Lock(zapcore.NewMultiWriteSyncer(writers...)) +} diff --git a/vendor/go.uber.org/zap/zapcore/buffered_write_syncer.go b/vendor/go.uber.org/zap/zapcore/buffered_write_syncer.go new file mode 100644 index 0000000000..a40e93b3ec --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/buffered_write_syncer.go @@ -0,0 +1,219 @@ +// Copyright (c) 2021 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "bufio" + "sync" + "time" + + "go.uber.org/multierr" +) + +const ( + // _defaultBufferSize specifies the default size used by Buffer. + _defaultBufferSize = 256 * 1024 // 256 kB + + // _defaultFlushInterval specifies the default flush interval for + // Buffer. + _defaultFlushInterval = 30 * time.Second +) + +// A BufferedWriteSyncer is a WriteSyncer that buffers writes in-memory before +// flushing them to a wrapped WriteSyncer after reaching some limit, or at some +// fixed interval--whichever comes first. +// +// BufferedWriteSyncer is safe for concurrent use. You don't need to use +// zapcore.Lock for WriteSyncers with BufferedWriteSyncer. +// +// To set up a BufferedWriteSyncer, construct a WriteSyncer for your log +// destination (*os.File is a valid WriteSyncer), wrap it with +// BufferedWriteSyncer, and defer a Stop() call for when you no longer need the +// object. +// +// func main() { +// ws := ... // your log destination +// bws := &zapcore.BufferedWriteSyncer{WS: ws} +// defer bws.Stop() +// +// // ... +// core := zapcore.NewCore(enc, bws, lvl) +// logger := zap.New(core) +// +// // ... +// } +// +// By default, a BufferedWriteSyncer will buffer up to 256 kilobytes of logs, +// waiting at most 30 seconds between flushes. +// You can customize these parameters by setting the Size or FlushInterval +// fields. +// For example, the following buffers up to 512 kB of logs before flushing them +// to Stderr, with a maximum of one minute between each flush. +// +// ws := &BufferedWriteSyncer{ +// WS: os.Stderr, +// Size: 512 * 1024, // 512 kB +// FlushInterval: time.Minute, +// } +// defer ws.Stop() +type BufferedWriteSyncer struct { + // WS is the WriteSyncer around which BufferedWriteSyncer will buffer + // writes. + // + // This field is required. + WS WriteSyncer + + // Size specifies the maximum amount of data the writer will buffered + // before flushing. + // + // Defaults to 256 kB if unspecified. + Size int + + // FlushInterval specifies how often the writer should flush data if + // there have been no writes. + // + // Defaults to 30 seconds if unspecified. + FlushInterval time.Duration + + // Clock, if specified, provides control of the source of time for the + // writer. + // + // Defaults to the system clock. + Clock Clock + + // unexported fields for state + mu sync.Mutex + initialized bool // whether initialize() has run + stopped bool // whether Stop() has run + writer *bufio.Writer + ticker *time.Ticker + stop chan struct{} // closed when flushLoop should stop + done chan struct{} // closed when flushLoop has stopped +} + +func (s *BufferedWriteSyncer) initialize() { + size := s.Size + if size == 0 { + size = _defaultBufferSize + } + + flushInterval := s.FlushInterval + if flushInterval == 0 { + flushInterval = _defaultFlushInterval + } + + if s.Clock == nil { + s.Clock = DefaultClock + } + + s.ticker = s.Clock.NewTicker(flushInterval) + s.writer = bufio.NewWriterSize(s.WS, size) + s.stop = make(chan struct{}) + s.done = make(chan struct{}) + s.initialized = true + go s.flushLoop() +} + +// Write writes log data into buffer syncer directly, multiple Write calls will be batched, +// and log data will be flushed to disk when the buffer is full or periodically. +func (s *BufferedWriteSyncer) Write(bs []byte) (int, error) { + s.mu.Lock() + defer s.mu.Unlock() + + if !s.initialized { + s.initialize() + } + + // To avoid partial writes from being flushed, we manually flush the existing buffer if: + // * The current write doesn't fit into the buffer fully, and + // * The buffer is not empty (since bufio will not split large writes when the buffer is empty) + if len(bs) > s.writer.Available() && s.writer.Buffered() > 0 { + if err := s.writer.Flush(); err != nil { + return 0, err + } + } + + return s.writer.Write(bs) +} + +// Sync flushes buffered log data into disk directly. +func (s *BufferedWriteSyncer) Sync() error { + s.mu.Lock() + defer s.mu.Unlock() + + var err error + if s.initialized { + err = s.writer.Flush() + } + + return multierr.Append(err, s.WS.Sync()) +} + +// flushLoop flushes the buffer at the configured interval until Stop is +// called. +func (s *BufferedWriteSyncer) flushLoop() { + defer close(s.done) + + for { + select { + case <-s.ticker.C: + // we just simply ignore error here + // because the underlying bufio writer stores any errors + // and we return any error from Sync() as part of the close + _ = s.Sync() + case <-s.stop: + return + } + } +} + +// Stop closes the buffer, cleans up background goroutines, and flushes +// remaining unwritten data. +func (s *BufferedWriteSyncer) Stop() (err error) { + var stopped bool + + // Critical section. + func() { + s.mu.Lock() + defer s.mu.Unlock() + + if !s.initialized { + return + } + + stopped = s.stopped + if stopped { + return + } + s.stopped = true + + s.ticker.Stop() + close(s.stop) // tell flushLoop to stop + <-s.done // and wait until it has + }() + + // Don't call Sync on consecutive Stops. + if !stopped { + err = s.Sync() + } + + return err +} diff --git a/vendor/go.uber.org/zap/zapcore/clock.go b/vendor/go.uber.org/zap/zapcore/clock.go new file mode 100644 index 0000000000..422fd82a6b --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/clock.go @@ -0,0 +1,48 @@ +// Copyright (c) 2021 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import "time" + +// DefaultClock is the default clock used by Zap in operations that require +// time. This clock uses the system clock for all operations. +var DefaultClock = systemClock{} + +// Clock is a source of time for logged entries. +type Clock interface { + // Now returns the current local time. + Now() time.Time + + // NewTicker returns *time.Ticker that holds a channel + // that delivers "ticks" of a clock. + NewTicker(time.Duration) *time.Ticker +} + +// systemClock implements default Clock that uses system time. +type systemClock struct{} + +func (systemClock) Now() time.Time { + return time.Now() +} + +func (systemClock) NewTicker(duration time.Duration) *time.Ticker { + return time.NewTicker(duration) +} diff --git a/vendor/go.uber.org/zap/zapcore/console_encoder.go b/vendor/go.uber.org/zap/zapcore/console_encoder.go new file mode 100644 index 0000000000..1aa5dc3646 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/console_encoder.go @@ -0,0 +1,157 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "fmt" + "sync" + + "go.uber.org/zap/buffer" + "go.uber.org/zap/internal/bufferpool" +) + +var _sliceEncoderPool = sync.Pool{ + New: func() interface{} { + return &sliceArrayEncoder{elems: make([]interface{}, 0, 2)} + }, +} + +func getSliceEncoder() *sliceArrayEncoder { + return _sliceEncoderPool.Get().(*sliceArrayEncoder) +} + +func putSliceEncoder(e *sliceArrayEncoder) { + e.elems = e.elems[:0] + _sliceEncoderPool.Put(e) +} + +type consoleEncoder struct { + *jsonEncoder +} + +// NewConsoleEncoder creates an encoder whose output is designed for human - +// rather than machine - consumption. It serializes the core log entry data +// (message, level, timestamp, etc.) in a plain-text format and leaves the +// structured context as JSON. +// +// Note that although the console encoder doesn't use the keys specified in the +// encoder configuration, it will omit any element whose key is set to the empty +// string. +func NewConsoleEncoder(cfg EncoderConfig) Encoder { + if cfg.ConsoleSeparator == "" { + // Use a default delimiter of '\t' for backwards compatibility + cfg.ConsoleSeparator = "\t" + } + return consoleEncoder{newJSONEncoder(cfg, true)} +} + +func (c consoleEncoder) Clone() Encoder { + return consoleEncoder{c.jsonEncoder.Clone().(*jsonEncoder)} +} + +func (c consoleEncoder) EncodeEntry(ent Entry, fields []Field) (*buffer.Buffer, error) { + line := bufferpool.Get() + + // We don't want the entry's metadata to be quoted and escaped (if it's + // encoded as strings), which means that we can't use the JSON encoder. The + // simplest option is to use the memory encoder and fmt.Fprint. + // + // If this ever becomes a performance bottleneck, we can implement + // ArrayEncoder for our plain-text format. + arr := getSliceEncoder() + if c.TimeKey != "" && c.EncodeTime != nil { + c.EncodeTime(ent.Time, arr) + } + if c.LevelKey != "" && c.EncodeLevel != nil { + c.EncodeLevel(ent.Level, arr) + } + if ent.LoggerName != "" && c.NameKey != "" { + nameEncoder := c.EncodeName + + if nameEncoder == nil { + // Fall back to FullNameEncoder for backward compatibility. + nameEncoder = FullNameEncoder + } + + nameEncoder(ent.LoggerName, arr) + } + if ent.Caller.Defined { + if c.CallerKey != "" && c.EncodeCaller != nil { + c.EncodeCaller(ent.Caller, arr) + } + if c.FunctionKey != "" { + arr.AppendString(ent.Caller.Function) + } + } + for i := range arr.elems { + if i > 0 { + line.AppendString(c.ConsoleSeparator) + } + fmt.Fprint(line, arr.elems[i]) + } + putSliceEncoder(arr) + + // Add the message itself. + if c.MessageKey != "" { + c.addSeparatorIfNecessary(line) + line.AppendString(ent.Message) + } + + // Add any structured context. + c.writeContext(line, fields) + + // If there's no stacktrace key, honor that; this allows users to force + // single-line output. + if ent.Stack != "" && c.StacktraceKey != "" { + line.AppendByte('\n') + line.AppendString(ent.Stack) + } + + line.AppendString(c.LineEnding) + return line, nil +} + +func (c consoleEncoder) writeContext(line *buffer.Buffer, extra []Field) { + context := c.jsonEncoder.Clone().(*jsonEncoder) + defer func() { + // putJSONEncoder assumes the buffer is still used, but we write out the buffer so + // we can free it. + context.buf.Free() + putJSONEncoder(context) + }() + + addFields(context, extra) + context.closeOpenNamespaces() + if context.buf.Len() == 0 { + return + } + + c.addSeparatorIfNecessary(line) + line.AppendByte('{') + line.Write(context.buf.Bytes()) + line.AppendByte('}') +} + +func (c consoleEncoder) addSeparatorIfNecessary(line *buffer.Buffer) { + if line.Len() > 0 { + line.AppendString(c.ConsoleSeparator) + } +} diff --git a/vendor/go.uber.org/zap/zapcore/core.go b/vendor/go.uber.org/zap/zapcore/core.go new file mode 100644 index 0000000000..9dfd64051f --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/core.go @@ -0,0 +1,122 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +// Core is a minimal, fast logger interface. It's designed for library authors +// to wrap in a more user-friendly API. +type Core interface { + LevelEnabler + + // With adds structured context to the Core. + With([]Field) Core + // Check determines whether the supplied Entry should be logged (using the + // embedded LevelEnabler and possibly some extra logic). If the entry + // should be logged, the Core adds itself to the CheckedEntry and returns + // the result. + // + // Callers must use Check before calling Write. + Check(Entry, *CheckedEntry) *CheckedEntry + // Write serializes the Entry and any Fields supplied at the log site and + // writes them to their destination. + // + // If called, Write should always log the Entry and Fields; it should not + // replicate the logic of Check. + Write(Entry, []Field) error + // Sync flushes buffered logs (if any). + Sync() error +} + +type nopCore struct{} + +// NewNopCore returns a no-op Core. +func NewNopCore() Core { return nopCore{} } +func (nopCore) Enabled(Level) bool { return false } +func (n nopCore) With([]Field) Core { return n } +func (nopCore) Check(_ Entry, ce *CheckedEntry) *CheckedEntry { return ce } +func (nopCore) Write(Entry, []Field) error { return nil } +func (nopCore) Sync() error { return nil } + +// NewCore creates a Core that writes logs to a WriteSyncer. +func NewCore(enc Encoder, ws WriteSyncer, enab LevelEnabler) Core { + return &ioCore{ + LevelEnabler: enab, + enc: enc, + out: ws, + } +} + +type ioCore struct { + LevelEnabler + enc Encoder + out WriteSyncer +} + +var ( + _ Core = (*ioCore)(nil) + _ leveledEnabler = (*ioCore)(nil) +) + +func (c *ioCore) Level() Level { + return LevelOf(c.LevelEnabler) +} + +func (c *ioCore) With(fields []Field) Core { + clone := c.clone() + addFields(clone.enc, fields) + return clone +} + +func (c *ioCore) Check(ent Entry, ce *CheckedEntry) *CheckedEntry { + if c.Enabled(ent.Level) { + return ce.AddCore(ent, c) + } + return ce +} + +func (c *ioCore) Write(ent Entry, fields []Field) error { + buf, err := c.enc.EncodeEntry(ent, fields) + if err != nil { + return err + } + _, err = c.out.Write(buf.Bytes()) + buf.Free() + if err != nil { + return err + } + if ent.Level > ErrorLevel { + // Since we may be crashing the program, sync the output. Ignore Sync + // errors, pending a clean solution to issue #370. + c.Sync() + } + return nil +} + +func (c *ioCore) Sync() error { + return c.out.Sync() +} + +func (c *ioCore) clone() *ioCore { + return &ioCore{ + LevelEnabler: c.LevelEnabler, + enc: c.enc.Clone(), + out: c.out, + } +} diff --git a/vendor/go.uber.org/zap/zapcore/doc.go b/vendor/go.uber.org/zap/zapcore/doc.go new file mode 100644 index 0000000000..31000e91f7 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/doc.go @@ -0,0 +1,24 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +// Package zapcore defines and implements the low-level interfaces upon which +// zap is built. By providing alternate implementations of these interfaces, +// external packages can extend zap's capabilities. +package zapcore // import "go.uber.org/zap/zapcore" diff --git a/vendor/go.uber.org/zap/zapcore/encoder.go b/vendor/go.uber.org/zap/zapcore/encoder.go new file mode 100644 index 0000000000..5769ff3e4e --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/encoder.go @@ -0,0 +1,451 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "encoding/json" + "io" + "time" + + "go.uber.org/zap/buffer" +) + +// DefaultLineEnding defines the default line ending when writing logs. +// Alternate line endings specified in EncoderConfig can override this +// behavior. +const DefaultLineEnding = "\n" + +// OmitKey defines the key to use when callers want to remove a key from log output. +const OmitKey = "" + +// A LevelEncoder serializes a Level to a primitive type. +type LevelEncoder func(Level, PrimitiveArrayEncoder) + +// LowercaseLevelEncoder serializes a Level to a lowercase string. For example, +// InfoLevel is serialized to "info". +func LowercaseLevelEncoder(l Level, enc PrimitiveArrayEncoder) { + enc.AppendString(l.String()) +} + +// LowercaseColorLevelEncoder serializes a Level to a lowercase string and adds coloring. +// For example, InfoLevel is serialized to "info" and colored blue. +func LowercaseColorLevelEncoder(l Level, enc PrimitiveArrayEncoder) { + s, ok := _levelToLowercaseColorString[l] + if !ok { + s = _unknownLevelColor.Add(l.String()) + } + enc.AppendString(s) +} + +// CapitalLevelEncoder serializes a Level to an all-caps string. For example, +// InfoLevel is serialized to "INFO". +func CapitalLevelEncoder(l Level, enc PrimitiveArrayEncoder) { + enc.AppendString(l.CapitalString()) +} + +// CapitalColorLevelEncoder serializes a Level to an all-caps string and adds color. +// For example, InfoLevel is serialized to "INFO" and colored blue. +func CapitalColorLevelEncoder(l Level, enc PrimitiveArrayEncoder) { + s, ok := _levelToCapitalColorString[l] + if !ok { + s = _unknownLevelColor.Add(l.CapitalString()) + } + enc.AppendString(s) +} + +// UnmarshalText unmarshals text to a LevelEncoder. "capital" is unmarshaled to +// CapitalLevelEncoder, "coloredCapital" is unmarshaled to CapitalColorLevelEncoder, +// "colored" is unmarshaled to LowercaseColorLevelEncoder, and anything else +// is unmarshaled to LowercaseLevelEncoder. +func (e *LevelEncoder) UnmarshalText(text []byte) error { + switch string(text) { + case "capital": + *e = CapitalLevelEncoder + case "capitalColor": + *e = CapitalColorLevelEncoder + case "color": + *e = LowercaseColorLevelEncoder + default: + *e = LowercaseLevelEncoder + } + return nil +} + +// A TimeEncoder serializes a time.Time to a primitive type. +type TimeEncoder func(time.Time, PrimitiveArrayEncoder) + +// EpochTimeEncoder serializes a time.Time to a floating-point number of seconds +// since the Unix epoch. +func EpochTimeEncoder(t time.Time, enc PrimitiveArrayEncoder) { + nanos := t.UnixNano() + sec := float64(nanos) / float64(time.Second) + enc.AppendFloat64(sec) +} + +// EpochMillisTimeEncoder serializes a time.Time to a floating-point number of +// milliseconds since the Unix epoch. +func EpochMillisTimeEncoder(t time.Time, enc PrimitiveArrayEncoder) { + nanos := t.UnixNano() + millis := float64(nanos) / float64(time.Millisecond) + enc.AppendFloat64(millis) +} + +// EpochNanosTimeEncoder serializes a time.Time to an integer number of +// nanoseconds since the Unix epoch. +func EpochNanosTimeEncoder(t time.Time, enc PrimitiveArrayEncoder) { + enc.AppendInt64(t.UnixNano()) +} + +func encodeTimeLayout(t time.Time, layout string, enc PrimitiveArrayEncoder) { + type appendTimeEncoder interface { + AppendTimeLayout(time.Time, string) + } + + if enc, ok := enc.(appendTimeEncoder); ok { + enc.AppendTimeLayout(t, layout) + return + } + + enc.AppendString(t.Format(layout)) +} + +// ISO8601TimeEncoder serializes a time.Time to an ISO8601-formatted string +// with millisecond precision. +// +// If enc supports AppendTimeLayout(t time.Time,layout string), it's used +// instead of appending a pre-formatted string value. +func ISO8601TimeEncoder(t time.Time, enc PrimitiveArrayEncoder) { + encodeTimeLayout(t, "2006-01-02T15:04:05.000Z0700", enc) +} + +// RFC3339TimeEncoder serializes a time.Time to an RFC3339-formatted string. +// +// If enc supports AppendTimeLayout(t time.Time,layout string), it's used +// instead of appending a pre-formatted string value. +func RFC3339TimeEncoder(t time.Time, enc PrimitiveArrayEncoder) { + encodeTimeLayout(t, time.RFC3339, enc) +} + +// RFC3339NanoTimeEncoder serializes a time.Time to an RFC3339-formatted string +// with nanosecond precision. +// +// If enc supports AppendTimeLayout(t time.Time,layout string), it's used +// instead of appending a pre-formatted string value. +func RFC3339NanoTimeEncoder(t time.Time, enc PrimitiveArrayEncoder) { + encodeTimeLayout(t, time.RFC3339Nano, enc) +} + +// TimeEncoderOfLayout returns TimeEncoder which serializes a time.Time using +// given layout. +func TimeEncoderOfLayout(layout string) TimeEncoder { + return func(t time.Time, enc PrimitiveArrayEncoder) { + encodeTimeLayout(t, layout, enc) + } +} + +// UnmarshalText unmarshals text to a TimeEncoder. +// "rfc3339nano" and "RFC3339Nano" are unmarshaled to RFC3339NanoTimeEncoder. +// "rfc3339" and "RFC3339" are unmarshaled to RFC3339TimeEncoder. +// "iso8601" and "ISO8601" are unmarshaled to ISO8601TimeEncoder. +// "millis" is unmarshaled to EpochMillisTimeEncoder. +// "nanos" is unmarshaled to EpochNanosEncoder. +// Anything else is unmarshaled to EpochTimeEncoder. +func (e *TimeEncoder) UnmarshalText(text []byte) error { + switch string(text) { + case "rfc3339nano", "RFC3339Nano": + *e = RFC3339NanoTimeEncoder + case "rfc3339", "RFC3339": + *e = RFC3339TimeEncoder + case "iso8601", "ISO8601": + *e = ISO8601TimeEncoder + case "millis": + *e = EpochMillisTimeEncoder + case "nanos": + *e = EpochNanosTimeEncoder + default: + *e = EpochTimeEncoder + } + return nil +} + +// UnmarshalYAML unmarshals YAML to a TimeEncoder. +// If value is an object with a "layout" field, it will be unmarshaled to TimeEncoder with given layout. +// +// timeEncoder: +// layout: 06/01/02 03:04pm +// +// If value is string, it uses UnmarshalText. +// +// timeEncoder: iso8601 +func (e *TimeEncoder) UnmarshalYAML(unmarshal func(interface{}) error) error { + var o struct { + Layout string `json:"layout" yaml:"layout"` + } + if err := unmarshal(&o); err == nil { + *e = TimeEncoderOfLayout(o.Layout) + return nil + } + + var s string + if err := unmarshal(&s); err != nil { + return err + } + return e.UnmarshalText([]byte(s)) +} + +// UnmarshalJSON unmarshals JSON to a TimeEncoder as same way UnmarshalYAML does. +func (e *TimeEncoder) UnmarshalJSON(data []byte) error { + return e.UnmarshalYAML(func(v interface{}) error { + return json.Unmarshal(data, v) + }) +} + +// A DurationEncoder serializes a time.Duration to a primitive type. +type DurationEncoder func(time.Duration, PrimitiveArrayEncoder) + +// SecondsDurationEncoder serializes a time.Duration to a floating-point number of seconds elapsed. +func SecondsDurationEncoder(d time.Duration, enc PrimitiveArrayEncoder) { + enc.AppendFloat64(float64(d) / float64(time.Second)) +} + +// NanosDurationEncoder serializes a time.Duration to an integer number of +// nanoseconds elapsed. +func NanosDurationEncoder(d time.Duration, enc PrimitiveArrayEncoder) { + enc.AppendInt64(int64(d)) +} + +// MillisDurationEncoder serializes a time.Duration to an integer number of +// milliseconds elapsed. +func MillisDurationEncoder(d time.Duration, enc PrimitiveArrayEncoder) { + enc.AppendInt64(d.Nanoseconds() / 1e6) +} + +// StringDurationEncoder serializes a time.Duration using its built-in String +// method. +func StringDurationEncoder(d time.Duration, enc PrimitiveArrayEncoder) { + enc.AppendString(d.String()) +} + +// UnmarshalText unmarshals text to a DurationEncoder. "string" is unmarshaled +// to StringDurationEncoder, and anything else is unmarshaled to +// NanosDurationEncoder. +func (e *DurationEncoder) UnmarshalText(text []byte) error { + switch string(text) { + case "string": + *e = StringDurationEncoder + case "nanos": + *e = NanosDurationEncoder + case "ms": + *e = MillisDurationEncoder + default: + *e = SecondsDurationEncoder + } + return nil +} + +// A CallerEncoder serializes an EntryCaller to a primitive type. +type CallerEncoder func(EntryCaller, PrimitiveArrayEncoder) + +// FullCallerEncoder serializes a caller in /full/path/to/package/file:line +// format. +func FullCallerEncoder(caller EntryCaller, enc PrimitiveArrayEncoder) { + // TODO: consider using a byte-oriented API to save an allocation. + enc.AppendString(caller.String()) +} + +// ShortCallerEncoder serializes a caller in package/file:line format, trimming +// all but the final directory from the full path. +func ShortCallerEncoder(caller EntryCaller, enc PrimitiveArrayEncoder) { + // TODO: consider using a byte-oriented API to save an allocation. + enc.AppendString(caller.TrimmedPath()) +} + +// UnmarshalText unmarshals text to a CallerEncoder. "full" is unmarshaled to +// FullCallerEncoder and anything else is unmarshaled to ShortCallerEncoder. +func (e *CallerEncoder) UnmarshalText(text []byte) error { + switch string(text) { + case "full": + *e = FullCallerEncoder + default: + *e = ShortCallerEncoder + } + return nil +} + +// A NameEncoder serializes a period-separated logger name to a primitive +// type. +type NameEncoder func(string, PrimitiveArrayEncoder) + +// FullNameEncoder serializes the logger name as-is. +func FullNameEncoder(loggerName string, enc PrimitiveArrayEncoder) { + enc.AppendString(loggerName) +} + +// UnmarshalText unmarshals text to a NameEncoder. Currently, everything is +// unmarshaled to FullNameEncoder. +func (e *NameEncoder) UnmarshalText(text []byte) error { + switch string(text) { + case "full": + *e = FullNameEncoder + default: + *e = FullNameEncoder + } + return nil +} + +// An EncoderConfig allows users to configure the concrete encoders supplied by +// zapcore. +type EncoderConfig struct { + // Set the keys used for each log entry. If any key is empty, that portion + // of the entry is omitted. + MessageKey string `json:"messageKey" yaml:"messageKey"` + LevelKey string `json:"levelKey" yaml:"levelKey"` + TimeKey string `json:"timeKey" yaml:"timeKey"` + NameKey string `json:"nameKey" yaml:"nameKey"` + CallerKey string `json:"callerKey" yaml:"callerKey"` + FunctionKey string `json:"functionKey" yaml:"functionKey"` + StacktraceKey string `json:"stacktraceKey" yaml:"stacktraceKey"` + SkipLineEnding bool `json:"skipLineEnding" yaml:"skipLineEnding"` + LineEnding string `json:"lineEnding" yaml:"lineEnding"` + // Configure the primitive representations of common complex types. For + // example, some users may want all time.Times serialized as floating-point + // seconds since epoch, while others may prefer ISO8601 strings. + EncodeLevel LevelEncoder `json:"levelEncoder" yaml:"levelEncoder"` + EncodeTime TimeEncoder `json:"timeEncoder" yaml:"timeEncoder"` + EncodeDuration DurationEncoder `json:"durationEncoder" yaml:"durationEncoder"` + EncodeCaller CallerEncoder `json:"callerEncoder" yaml:"callerEncoder"` + // Unlike the other primitive type encoders, EncodeName is optional. The + // zero value falls back to FullNameEncoder. + EncodeName NameEncoder `json:"nameEncoder" yaml:"nameEncoder"` + // Configure the encoder for interface{} type objects. + // If not provided, objects are encoded using json.Encoder + NewReflectedEncoder func(io.Writer) ReflectedEncoder `json:"-" yaml:"-"` + // Configures the field separator used by the console encoder. Defaults + // to tab. + ConsoleSeparator string `json:"consoleSeparator" yaml:"consoleSeparator"` +} + +// ObjectEncoder is a strongly-typed, encoding-agnostic interface for adding a +// map- or struct-like object to the logging context. Like maps, ObjectEncoders +// aren't safe for concurrent use (though typical use shouldn't require locks). +type ObjectEncoder interface { + // Logging-specific marshalers. + AddArray(key string, marshaler ArrayMarshaler) error + AddObject(key string, marshaler ObjectMarshaler) error + + // Built-in types. + AddBinary(key string, value []byte) // for arbitrary bytes + AddByteString(key string, value []byte) // for UTF-8 encoded bytes + AddBool(key string, value bool) + AddComplex128(key string, value complex128) + AddComplex64(key string, value complex64) + AddDuration(key string, value time.Duration) + AddFloat64(key string, value float64) + AddFloat32(key string, value float32) + AddInt(key string, value int) + AddInt64(key string, value int64) + AddInt32(key string, value int32) + AddInt16(key string, value int16) + AddInt8(key string, value int8) + AddString(key, value string) + AddTime(key string, value time.Time) + AddUint(key string, value uint) + AddUint64(key string, value uint64) + AddUint32(key string, value uint32) + AddUint16(key string, value uint16) + AddUint8(key string, value uint8) + AddUintptr(key string, value uintptr) + + // AddReflected uses reflection to serialize arbitrary objects, so it can be + // slow and allocation-heavy. + AddReflected(key string, value interface{}) error + // OpenNamespace opens an isolated namespace where all subsequent fields will + // be added. Applications can use namespaces to prevent key collisions when + // injecting loggers into sub-components or third-party libraries. + OpenNamespace(key string) +} + +// ArrayEncoder is a strongly-typed, encoding-agnostic interface for adding +// array-like objects to the logging context. Of note, it supports mixed-type +// arrays even though they aren't typical in Go. Like slices, ArrayEncoders +// aren't safe for concurrent use (though typical use shouldn't require locks). +type ArrayEncoder interface { + // Built-in types. + PrimitiveArrayEncoder + + // Time-related types. + AppendDuration(time.Duration) + AppendTime(time.Time) + + // Logging-specific marshalers. + AppendArray(ArrayMarshaler) error + AppendObject(ObjectMarshaler) error + + // AppendReflected uses reflection to serialize arbitrary objects, so it's + // slow and allocation-heavy. + AppendReflected(value interface{}) error +} + +// PrimitiveArrayEncoder is the subset of the ArrayEncoder interface that deals +// only in Go's built-in types. It's included only so that Duration- and +// TimeEncoders cannot trigger infinite recursion. +type PrimitiveArrayEncoder interface { + // Built-in types. + AppendBool(bool) + AppendByteString([]byte) // for UTF-8 encoded bytes + AppendComplex128(complex128) + AppendComplex64(complex64) + AppendFloat64(float64) + AppendFloat32(float32) + AppendInt(int) + AppendInt64(int64) + AppendInt32(int32) + AppendInt16(int16) + AppendInt8(int8) + AppendString(string) + AppendUint(uint) + AppendUint64(uint64) + AppendUint32(uint32) + AppendUint16(uint16) + AppendUint8(uint8) + AppendUintptr(uintptr) +} + +// Encoder is a format-agnostic interface for all log entry marshalers. Since +// log encoders don't need to support the same wide range of use cases as +// general-purpose marshalers, it's possible to make them faster and +// lower-allocation. +// +// Implementations of the ObjectEncoder interface's methods can, of course, +// freely modify the receiver. However, the Clone and EncodeEntry methods will +// be called concurrently and shouldn't modify the receiver. +type Encoder interface { + ObjectEncoder + + // Clone copies the encoder, ensuring that adding fields to the copy doesn't + // affect the original. + Clone() Encoder + + // EncodeEntry encodes an entry and fields, along with any accumulated + // context, into a byte buffer and returns it. Any fields that are empty, + // including fields on the `Entry` type, should be omitted. + EncodeEntry(Entry, []Field) (*buffer.Buffer, error) +} diff --git a/vendor/go.uber.org/zap/zapcore/entry.go b/vendor/go.uber.org/zap/zapcore/entry.go new file mode 100644 index 0000000000..9d326e95ea --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/entry.go @@ -0,0 +1,300 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "fmt" + "runtime" + "strings" + "sync" + "time" + + "go.uber.org/multierr" + "go.uber.org/zap/internal/bufferpool" + "go.uber.org/zap/internal/exit" +) + +var ( + _cePool = sync.Pool{New: func() interface{} { + // Pre-allocate some space for cores. + return &CheckedEntry{ + cores: make([]Core, 4), + } + }} +) + +func getCheckedEntry() *CheckedEntry { + ce := _cePool.Get().(*CheckedEntry) + ce.reset() + return ce +} + +func putCheckedEntry(ce *CheckedEntry) { + if ce == nil { + return + } + _cePool.Put(ce) +} + +// NewEntryCaller makes an EntryCaller from the return signature of +// runtime.Caller. +func NewEntryCaller(pc uintptr, file string, line int, ok bool) EntryCaller { + if !ok { + return EntryCaller{} + } + return EntryCaller{ + PC: pc, + File: file, + Line: line, + Defined: true, + } +} + +// EntryCaller represents the caller of a logging function. +type EntryCaller struct { + Defined bool + PC uintptr + File string + Line int + Function string +} + +// String returns the full path and line number of the caller. +func (ec EntryCaller) String() string { + return ec.FullPath() +} + +// FullPath returns a /full/path/to/package/file:line description of the +// caller. +func (ec EntryCaller) FullPath() string { + if !ec.Defined { + return "undefined" + } + buf := bufferpool.Get() + buf.AppendString(ec.File) + buf.AppendByte(':') + buf.AppendInt(int64(ec.Line)) + caller := buf.String() + buf.Free() + return caller +} + +// TrimmedPath returns a package/file:line description of the caller, +// preserving only the leaf directory name and file name. +func (ec EntryCaller) TrimmedPath() string { + if !ec.Defined { + return "undefined" + } + // nb. To make sure we trim the path correctly on Windows too, we + // counter-intuitively need to use '/' and *not* os.PathSeparator here, + // because the path given originates from Go stdlib, specifically + // runtime.Caller() which (as of Mar/17) returns forward slashes even on + // Windows. + // + // See https://github.com/golang/go/issues/3335 + // and https://github.com/golang/go/issues/18151 + // + // for discussion on the issue on Go side. + // + // Find the last separator. + // + idx := strings.LastIndexByte(ec.File, '/') + if idx == -1 { + return ec.FullPath() + } + // Find the penultimate separator. + idx = strings.LastIndexByte(ec.File[:idx], '/') + if idx == -1 { + return ec.FullPath() + } + buf := bufferpool.Get() + // Keep everything after the penultimate separator. + buf.AppendString(ec.File[idx+1:]) + buf.AppendByte(':') + buf.AppendInt(int64(ec.Line)) + caller := buf.String() + buf.Free() + return caller +} + +// An Entry represents a complete log message. The entry's structured context +// is already serialized, but the log level, time, message, and call site +// information are available for inspection and modification. Any fields left +// empty will be omitted when encoding. +// +// Entries are pooled, so any functions that accept them MUST be careful not to +// retain references to them. +type Entry struct { + Level Level + Time time.Time + LoggerName string + Message string + Caller EntryCaller + Stack string +} + +// CheckWriteHook is a custom action that may be executed after an entry is +// written. +// +// Register one on a CheckedEntry with the After method. +// +// if ce := logger.Check(...); ce != nil { +// ce = ce.After(hook) +// ce.Write(...) +// } +// +// You can configure the hook for Fatal log statements at the logger level with +// the zap.WithFatalHook option. +type CheckWriteHook interface { + // OnWrite is invoked with the CheckedEntry that was written and a list + // of fields added with that entry. + // + // The list of fields DOES NOT include fields that were already added + // to the logger with the With method. + OnWrite(*CheckedEntry, []Field) +} + +// CheckWriteAction indicates what action to take after a log entry is +// processed. Actions are ordered in increasing severity. +type CheckWriteAction uint8 + +const ( + // WriteThenNoop indicates that nothing special needs to be done. It's the + // default behavior. + WriteThenNoop CheckWriteAction = iota + // WriteThenGoexit runs runtime.Goexit after Write. + WriteThenGoexit + // WriteThenPanic causes a panic after Write. + WriteThenPanic + // WriteThenFatal causes an os.Exit(1) after Write. + WriteThenFatal +) + +// OnWrite implements the OnWrite method to keep CheckWriteAction compatible +// with the new CheckWriteHook interface which deprecates CheckWriteAction. +func (a CheckWriteAction) OnWrite(ce *CheckedEntry, _ []Field) { + switch a { + case WriteThenGoexit: + runtime.Goexit() + case WriteThenPanic: + panic(ce.Message) + case WriteThenFatal: + exit.With(1) + } +} + +var _ CheckWriteHook = CheckWriteAction(0) + +// CheckedEntry is an Entry together with a collection of Cores that have +// already agreed to log it. +// +// CheckedEntry references should be created by calling AddCore or After on a +// nil *CheckedEntry. References are returned to a pool after Write, and MUST +// NOT be retained after calling their Write method. +type CheckedEntry struct { + Entry + ErrorOutput WriteSyncer + dirty bool // best-effort detection of pool misuse + after CheckWriteHook + cores []Core +} + +func (ce *CheckedEntry) reset() { + ce.Entry = Entry{} + ce.ErrorOutput = nil + ce.dirty = false + ce.after = nil + for i := range ce.cores { + // don't keep references to cores + ce.cores[i] = nil + } + ce.cores = ce.cores[:0] +} + +// Write writes the entry to the stored Cores, returns any errors, and returns +// the CheckedEntry reference to a pool for immediate re-use. Finally, it +// executes any required CheckWriteAction. +func (ce *CheckedEntry) Write(fields ...Field) { + if ce == nil { + return + } + + if ce.dirty { + if ce.ErrorOutput != nil { + // Make a best effort to detect unsafe re-use of this CheckedEntry. + // If the entry is dirty, log an internal error; because the + // CheckedEntry is being used after it was returned to the pool, + // the message may be an amalgamation from multiple call sites. + fmt.Fprintf(ce.ErrorOutput, "%v Unsafe CheckedEntry re-use near Entry %+v.\n", ce.Time, ce.Entry) + ce.ErrorOutput.Sync() + } + return + } + ce.dirty = true + + var err error + for i := range ce.cores { + err = multierr.Append(err, ce.cores[i].Write(ce.Entry, fields)) + } + if err != nil && ce.ErrorOutput != nil { + fmt.Fprintf(ce.ErrorOutput, "%v write error: %v\n", ce.Time, err) + ce.ErrorOutput.Sync() + } + + hook := ce.after + if hook != nil { + hook.OnWrite(ce, fields) + } + putCheckedEntry(ce) +} + +// AddCore adds a Core that has agreed to log this CheckedEntry. It's intended to be +// used by Core.Check implementations, and is safe to call on nil CheckedEntry +// references. +func (ce *CheckedEntry) AddCore(ent Entry, core Core) *CheckedEntry { + if ce == nil { + ce = getCheckedEntry() + ce.Entry = ent + } + ce.cores = append(ce.cores, core) + return ce +} + +// Should sets this CheckedEntry's CheckWriteAction, which controls whether a +// Core will panic or fatal after writing this log entry. Like AddCore, it's +// safe to call on nil CheckedEntry references. +// +// Deprecated: Use [CheckedEntry.After] instead. +func (ce *CheckedEntry) Should(ent Entry, should CheckWriteAction) *CheckedEntry { + return ce.After(ent, should) +} + +// After sets this CheckEntry's CheckWriteHook, which will be called after this +// log entry has been written. It's safe to call this on nil CheckedEntry +// references. +func (ce *CheckedEntry) After(ent Entry, hook CheckWriteHook) *CheckedEntry { + if ce == nil { + ce = getCheckedEntry() + ce.Entry = ent + } + ce.after = hook + return ce +} diff --git a/vendor/go.uber.org/zap/zapcore/error.go b/vendor/go.uber.org/zap/zapcore/error.go new file mode 100644 index 0000000000..06359907af --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/error.go @@ -0,0 +1,132 @@ +// Copyright (c) 2017 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "fmt" + "reflect" + "sync" +) + +// Encodes the given error into fields of an object. A field with the given +// name is added for the error message. +// +// If the error implements fmt.Formatter, a field with the name ${key}Verbose +// is also added with the full verbose error message. +// +// Finally, if the error implements errorGroup (from go.uber.org/multierr) or +// causer (from github.com/pkg/errors), a ${key}Causes field is added with an +// array of objects containing the errors this error was comprised of. +// +// { +// "error": err.Error(), +// "errorVerbose": fmt.Sprintf("%+v", err), +// "errorCauses": [ +// ... +// ], +// } +func encodeError(key string, err error, enc ObjectEncoder) (retErr error) { + // Try to capture panics (from nil references or otherwise) when calling + // the Error() method + defer func() { + if rerr := recover(); rerr != nil { + // If it's a nil pointer, just say "". The likeliest causes are a + // error that fails to guard against nil or a nil pointer for a + // value receiver, and in either case, "" is a nice result. + if v := reflect.ValueOf(err); v.Kind() == reflect.Ptr && v.IsNil() { + enc.AddString(key, "") + return + } + + retErr = fmt.Errorf("PANIC=%v", rerr) + } + }() + + basic := err.Error() + enc.AddString(key, basic) + + switch e := err.(type) { + case errorGroup: + return enc.AddArray(key+"Causes", errArray(e.Errors())) + case fmt.Formatter: + verbose := fmt.Sprintf("%+v", e) + if verbose != basic { + // This is a rich error type, like those produced by + // github.com/pkg/errors. + enc.AddString(key+"Verbose", verbose) + } + } + return nil +} + +type errorGroup interface { + // Provides read-only access to the underlying list of errors, preferably + // without causing any allocs. + Errors() []error +} + +// Note that errArray and errArrayElem are very similar to the version +// implemented in the top-level error.go file. We can't re-use this because +// that would require exporting errArray as part of the zapcore API. + +// Encodes a list of errors using the standard error encoding logic. +type errArray []error + +func (errs errArray) MarshalLogArray(arr ArrayEncoder) error { + for i := range errs { + if errs[i] == nil { + continue + } + + el := newErrArrayElem(errs[i]) + arr.AppendObject(el) + el.Free() + } + return nil +} + +var _errArrayElemPool = sync.Pool{New: func() interface{} { + return &errArrayElem{} +}} + +// Encodes any error into a {"error": ...} re-using the same errors logic. +// +// May be passed in place of an array to build a single-element array. +type errArrayElem struct{ err error } + +func newErrArrayElem(err error) *errArrayElem { + e := _errArrayElemPool.Get().(*errArrayElem) + e.err = err + return e +} + +func (e *errArrayElem) MarshalLogArray(arr ArrayEncoder) error { + return arr.AppendObject(e) +} + +func (e *errArrayElem) MarshalLogObject(enc ObjectEncoder) error { + return encodeError("error", e.err, enc) +} + +func (e *errArrayElem) Free() { + e.err = nil + _errArrayElemPool.Put(e) +} diff --git a/vendor/go.uber.org/zap/zapcore/field.go b/vendor/go.uber.org/zap/zapcore/field.go new file mode 100644 index 0000000000..95bdb0a126 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/field.go @@ -0,0 +1,233 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "bytes" + "fmt" + "math" + "reflect" + "time" +) + +// A FieldType indicates which member of the Field union struct should be used +// and how it should be serialized. +type FieldType uint8 + +const ( + // UnknownType is the default field type. Attempting to add it to an encoder will panic. + UnknownType FieldType = iota + // ArrayMarshalerType indicates that the field carries an ArrayMarshaler. + ArrayMarshalerType + // ObjectMarshalerType indicates that the field carries an ObjectMarshaler. + ObjectMarshalerType + // BinaryType indicates that the field carries an opaque binary blob. + BinaryType + // BoolType indicates that the field carries a bool. + BoolType + // ByteStringType indicates that the field carries UTF-8 encoded bytes. + ByteStringType + // Complex128Type indicates that the field carries a complex128. + Complex128Type + // Complex64Type indicates that the field carries a complex128. + Complex64Type + // DurationType indicates that the field carries a time.Duration. + DurationType + // Float64Type indicates that the field carries a float64. + Float64Type + // Float32Type indicates that the field carries a float32. + Float32Type + // Int64Type indicates that the field carries an int64. + Int64Type + // Int32Type indicates that the field carries an int32. + Int32Type + // Int16Type indicates that the field carries an int16. + Int16Type + // Int8Type indicates that the field carries an int8. + Int8Type + // StringType indicates that the field carries a string. + StringType + // TimeType indicates that the field carries a time.Time that is + // representable by a UnixNano() stored as an int64. + TimeType + // TimeFullType indicates that the field carries a time.Time stored as-is. + TimeFullType + // Uint64Type indicates that the field carries a uint64. + Uint64Type + // Uint32Type indicates that the field carries a uint32. + Uint32Type + // Uint16Type indicates that the field carries a uint16. + Uint16Type + // Uint8Type indicates that the field carries a uint8. + Uint8Type + // UintptrType indicates that the field carries a uintptr. + UintptrType + // ReflectType indicates that the field carries an interface{}, which should + // be serialized using reflection. + ReflectType + // NamespaceType signals the beginning of an isolated namespace. All + // subsequent fields should be added to the new namespace. + NamespaceType + // StringerType indicates that the field carries a fmt.Stringer. + StringerType + // ErrorType indicates that the field carries an error. + ErrorType + // SkipType indicates that the field is a no-op. + SkipType + + // InlineMarshalerType indicates that the field carries an ObjectMarshaler + // that should be inlined. + InlineMarshalerType +) + +// A Field is a marshaling operation used to add a key-value pair to a logger's +// context. Most fields are lazily marshaled, so it's inexpensive to add fields +// to disabled debug-level log statements. +type Field struct { + Key string + Type FieldType + Integer int64 + String string + Interface interface{} +} + +// AddTo exports a field through the ObjectEncoder interface. It's primarily +// useful to library authors, and shouldn't be necessary in most applications. +func (f Field) AddTo(enc ObjectEncoder) { + var err error + + switch f.Type { + case ArrayMarshalerType: + err = enc.AddArray(f.Key, f.Interface.(ArrayMarshaler)) + case ObjectMarshalerType: + err = enc.AddObject(f.Key, f.Interface.(ObjectMarshaler)) + case InlineMarshalerType: + err = f.Interface.(ObjectMarshaler).MarshalLogObject(enc) + case BinaryType: + enc.AddBinary(f.Key, f.Interface.([]byte)) + case BoolType: + enc.AddBool(f.Key, f.Integer == 1) + case ByteStringType: + enc.AddByteString(f.Key, f.Interface.([]byte)) + case Complex128Type: + enc.AddComplex128(f.Key, f.Interface.(complex128)) + case Complex64Type: + enc.AddComplex64(f.Key, f.Interface.(complex64)) + case DurationType: + enc.AddDuration(f.Key, time.Duration(f.Integer)) + case Float64Type: + enc.AddFloat64(f.Key, math.Float64frombits(uint64(f.Integer))) + case Float32Type: + enc.AddFloat32(f.Key, math.Float32frombits(uint32(f.Integer))) + case Int64Type: + enc.AddInt64(f.Key, f.Integer) + case Int32Type: + enc.AddInt32(f.Key, int32(f.Integer)) + case Int16Type: + enc.AddInt16(f.Key, int16(f.Integer)) + case Int8Type: + enc.AddInt8(f.Key, int8(f.Integer)) + case StringType: + enc.AddString(f.Key, f.String) + case TimeType: + if f.Interface != nil { + enc.AddTime(f.Key, time.Unix(0, f.Integer).In(f.Interface.(*time.Location))) + } else { + // Fall back to UTC if location is nil. + enc.AddTime(f.Key, time.Unix(0, f.Integer)) + } + case TimeFullType: + enc.AddTime(f.Key, f.Interface.(time.Time)) + case Uint64Type: + enc.AddUint64(f.Key, uint64(f.Integer)) + case Uint32Type: + enc.AddUint32(f.Key, uint32(f.Integer)) + case Uint16Type: + enc.AddUint16(f.Key, uint16(f.Integer)) + case Uint8Type: + enc.AddUint8(f.Key, uint8(f.Integer)) + case UintptrType: + enc.AddUintptr(f.Key, uintptr(f.Integer)) + case ReflectType: + err = enc.AddReflected(f.Key, f.Interface) + case NamespaceType: + enc.OpenNamespace(f.Key) + case StringerType: + err = encodeStringer(f.Key, f.Interface, enc) + case ErrorType: + err = encodeError(f.Key, f.Interface.(error), enc) + case SkipType: + break + default: + panic(fmt.Sprintf("unknown field type: %v", f)) + } + + if err != nil { + enc.AddString(fmt.Sprintf("%sError", f.Key), err.Error()) + } +} + +// Equals returns whether two fields are equal. For non-primitive types such as +// errors, marshalers, or reflect types, it uses reflect.DeepEqual. +func (f Field) Equals(other Field) bool { + if f.Type != other.Type { + return false + } + if f.Key != other.Key { + return false + } + + switch f.Type { + case BinaryType, ByteStringType: + return bytes.Equal(f.Interface.([]byte), other.Interface.([]byte)) + case ArrayMarshalerType, ObjectMarshalerType, ErrorType, ReflectType: + return reflect.DeepEqual(f.Interface, other.Interface) + default: + return f == other + } +} + +func addFields(enc ObjectEncoder, fields []Field) { + for i := range fields { + fields[i].AddTo(enc) + } +} + +func encodeStringer(key string, stringer interface{}, enc ObjectEncoder) (retErr error) { + // Try to capture panics (from nil references or otherwise) when calling + // the String() method, similar to https://golang.org/src/fmt/print.go#L540 + defer func() { + if err := recover(); err != nil { + // If it's a nil pointer, just say "". The likeliest causes are a + // Stringer that fails to guard against nil or a nil pointer for a + // value receiver, and in either case, "" is a nice result. + if v := reflect.ValueOf(stringer); v.Kind() == reflect.Ptr && v.IsNil() { + enc.AddString(key, "") + return + } + + retErr = fmt.Errorf("PANIC=%v", err) + } + }() + + enc.AddString(key, stringer.(fmt.Stringer).String()) + return nil +} diff --git a/vendor/go.uber.org/zap/zapcore/hook.go b/vendor/go.uber.org/zap/zapcore/hook.go new file mode 100644 index 0000000000..198def9917 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/hook.go @@ -0,0 +1,77 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import "go.uber.org/multierr" + +type hooked struct { + Core + funcs []func(Entry) error +} + +var ( + _ Core = (*hooked)(nil) + _ leveledEnabler = (*hooked)(nil) +) + +// RegisterHooks wraps a Core and runs a collection of user-defined callback +// hooks each time a message is logged. Execution of the callbacks is blocking. +// +// This offers users an easy way to register simple callbacks (e.g., metrics +// collection) without implementing the full Core interface. +func RegisterHooks(core Core, hooks ...func(Entry) error) Core { + funcs := append([]func(Entry) error{}, hooks...) + return &hooked{ + Core: core, + funcs: funcs, + } +} + +func (h *hooked) Level() Level { + return LevelOf(h.Core) +} + +func (h *hooked) Check(ent Entry, ce *CheckedEntry) *CheckedEntry { + // Let the wrapped Core decide whether to log this message or not. This + // also gives the downstream a chance to register itself directly with the + // CheckedEntry. + if downstream := h.Core.Check(ent, ce); downstream != nil { + return downstream.AddCore(ent, h) + } + return ce +} + +func (h *hooked) With(fields []Field) Core { + return &hooked{ + Core: h.Core.With(fields), + funcs: h.funcs, + } +} + +func (h *hooked) Write(ent Entry, _ []Field) error { + // Since our downstream had a chance to register itself directly with the + // CheckedMessage, we don't need to call it here. + var err error + for i := range h.funcs { + err = multierr.Append(err, h.funcs[i](ent)) + } + return err +} diff --git a/vendor/go.uber.org/zap/zapcore/increase_level.go b/vendor/go.uber.org/zap/zapcore/increase_level.go new file mode 100644 index 0000000000..7a11237ae9 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/increase_level.go @@ -0,0 +1,75 @@ +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import "fmt" + +type levelFilterCore struct { + core Core + level LevelEnabler +} + +var ( + _ Core = (*levelFilterCore)(nil) + _ leveledEnabler = (*levelFilterCore)(nil) +) + +// NewIncreaseLevelCore creates a core that can be used to increase the level of +// an existing Core. It cannot be used to decrease the logging level, as it acts +// as a filter before calling the underlying core. If level decreases the log level, +// an error is returned. +func NewIncreaseLevelCore(core Core, level LevelEnabler) (Core, error) { + for l := _maxLevel; l >= _minLevel; l-- { + if !core.Enabled(l) && level.Enabled(l) { + return nil, fmt.Errorf("invalid increase level, as level %q is allowed by increased level, but not by existing core", l) + } + } + + return &levelFilterCore{core, level}, nil +} + +func (c *levelFilterCore) Enabled(lvl Level) bool { + return c.level.Enabled(lvl) +} + +func (c *levelFilterCore) Level() Level { + return LevelOf(c.level) +} + +func (c *levelFilterCore) With(fields []Field) Core { + return &levelFilterCore{c.core.With(fields), c.level} +} + +func (c *levelFilterCore) Check(ent Entry, ce *CheckedEntry) *CheckedEntry { + if !c.Enabled(ent.Level) { + return ce + } + + return c.core.Check(ent, ce) +} + +func (c *levelFilterCore) Write(ent Entry, fields []Field) error { + return c.core.Write(ent, fields) +} + +func (c *levelFilterCore) Sync() error { + return c.core.Sync() +} diff --git a/vendor/go.uber.org/zap/zapcore/json_encoder.go b/vendor/go.uber.org/zap/zapcore/json_encoder.go new file mode 100644 index 0000000000..3921c5cd33 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/json_encoder.go @@ -0,0 +1,562 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "encoding/base64" + "math" + "sync" + "time" + "unicode/utf8" + + "go.uber.org/zap/buffer" + "go.uber.org/zap/internal/bufferpool" +) + +// For JSON-escaping; see jsonEncoder.safeAddString below. +const _hex = "0123456789abcdef" + +var _jsonPool = sync.Pool{New: func() interface{} { + return &jsonEncoder{} +}} + +func getJSONEncoder() *jsonEncoder { + return _jsonPool.Get().(*jsonEncoder) +} + +func putJSONEncoder(enc *jsonEncoder) { + if enc.reflectBuf != nil { + enc.reflectBuf.Free() + } + enc.EncoderConfig = nil + enc.buf = nil + enc.spaced = false + enc.openNamespaces = 0 + enc.reflectBuf = nil + enc.reflectEnc = nil + _jsonPool.Put(enc) +} + +type jsonEncoder struct { + *EncoderConfig + buf *buffer.Buffer + spaced bool // include spaces after colons and commas + openNamespaces int + + // for encoding generic values by reflection + reflectBuf *buffer.Buffer + reflectEnc ReflectedEncoder +} + +// NewJSONEncoder creates a fast, low-allocation JSON encoder. The encoder +// appropriately escapes all field keys and values. +// +// Note that the encoder doesn't deduplicate keys, so it's possible to produce +// a message like +// +// {"foo":"bar","foo":"baz"} +// +// This is permitted by the JSON specification, but not encouraged. Many +// libraries will ignore duplicate key-value pairs (typically keeping the last +// pair) when unmarshaling, but users should attempt to avoid adding duplicate +// keys. +func NewJSONEncoder(cfg EncoderConfig) Encoder { + return newJSONEncoder(cfg, false) +} + +func newJSONEncoder(cfg EncoderConfig, spaced bool) *jsonEncoder { + if cfg.SkipLineEnding { + cfg.LineEnding = "" + } else if cfg.LineEnding == "" { + cfg.LineEnding = DefaultLineEnding + } + + // If no EncoderConfig.NewReflectedEncoder is provided by the user, then use default + if cfg.NewReflectedEncoder == nil { + cfg.NewReflectedEncoder = defaultReflectedEncoder + } + + return &jsonEncoder{ + EncoderConfig: &cfg, + buf: bufferpool.Get(), + spaced: spaced, + } +} + +func (enc *jsonEncoder) AddArray(key string, arr ArrayMarshaler) error { + enc.addKey(key) + return enc.AppendArray(arr) +} + +func (enc *jsonEncoder) AddObject(key string, obj ObjectMarshaler) error { + enc.addKey(key) + return enc.AppendObject(obj) +} + +func (enc *jsonEncoder) AddBinary(key string, val []byte) { + enc.AddString(key, base64.StdEncoding.EncodeToString(val)) +} + +func (enc *jsonEncoder) AddByteString(key string, val []byte) { + enc.addKey(key) + enc.AppendByteString(val) +} + +func (enc *jsonEncoder) AddBool(key string, val bool) { + enc.addKey(key) + enc.AppendBool(val) +} + +func (enc *jsonEncoder) AddComplex128(key string, val complex128) { + enc.addKey(key) + enc.AppendComplex128(val) +} + +func (enc *jsonEncoder) AddComplex64(key string, val complex64) { + enc.addKey(key) + enc.AppendComplex64(val) +} + +func (enc *jsonEncoder) AddDuration(key string, val time.Duration) { + enc.addKey(key) + enc.AppendDuration(val) +} + +func (enc *jsonEncoder) AddFloat64(key string, val float64) { + enc.addKey(key) + enc.AppendFloat64(val) +} + +func (enc *jsonEncoder) AddFloat32(key string, val float32) { + enc.addKey(key) + enc.AppendFloat32(val) +} + +func (enc *jsonEncoder) AddInt64(key string, val int64) { + enc.addKey(key) + enc.AppendInt64(val) +} + +func (enc *jsonEncoder) resetReflectBuf() { + if enc.reflectBuf == nil { + enc.reflectBuf = bufferpool.Get() + enc.reflectEnc = enc.NewReflectedEncoder(enc.reflectBuf) + } else { + enc.reflectBuf.Reset() + } +} + +var nullLiteralBytes = []byte("null") + +// Only invoke the standard JSON encoder if there is actually something to +// encode; otherwise write JSON null literal directly. +func (enc *jsonEncoder) encodeReflected(obj interface{}) ([]byte, error) { + if obj == nil { + return nullLiteralBytes, nil + } + enc.resetReflectBuf() + if err := enc.reflectEnc.Encode(obj); err != nil { + return nil, err + } + enc.reflectBuf.TrimNewline() + return enc.reflectBuf.Bytes(), nil +} + +func (enc *jsonEncoder) AddReflected(key string, obj interface{}) error { + valueBytes, err := enc.encodeReflected(obj) + if err != nil { + return err + } + enc.addKey(key) + _, err = enc.buf.Write(valueBytes) + return err +} + +func (enc *jsonEncoder) OpenNamespace(key string) { + enc.addKey(key) + enc.buf.AppendByte('{') + enc.openNamespaces++ +} + +func (enc *jsonEncoder) AddString(key, val string) { + enc.addKey(key) + enc.AppendString(val) +} + +func (enc *jsonEncoder) AddTime(key string, val time.Time) { + enc.addKey(key) + enc.AppendTime(val) +} + +func (enc *jsonEncoder) AddUint64(key string, val uint64) { + enc.addKey(key) + enc.AppendUint64(val) +} + +func (enc *jsonEncoder) AppendArray(arr ArrayMarshaler) error { + enc.addElementSeparator() + enc.buf.AppendByte('[') + err := arr.MarshalLogArray(enc) + enc.buf.AppendByte(']') + return err +} + +func (enc *jsonEncoder) AppendObject(obj ObjectMarshaler) error { + // Close ONLY new openNamespaces that are created during + // AppendObject(). + old := enc.openNamespaces + enc.openNamespaces = 0 + enc.addElementSeparator() + enc.buf.AppendByte('{') + err := obj.MarshalLogObject(enc) + enc.buf.AppendByte('}') + enc.closeOpenNamespaces() + enc.openNamespaces = old + return err +} + +func (enc *jsonEncoder) AppendBool(val bool) { + enc.addElementSeparator() + enc.buf.AppendBool(val) +} + +func (enc *jsonEncoder) AppendByteString(val []byte) { + enc.addElementSeparator() + enc.buf.AppendByte('"') + enc.safeAddByteString(val) + enc.buf.AppendByte('"') +} + +// appendComplex appends the encoded form of the provided complex128 value. +// precision specifies the encoding precision for the real and imaginary +// components of the complex number. +func (enc *jsonEncoder) appendComplex(val complex128, precision int) { + enc.addElementSeparator() + // Cast to a platform-independent, fixed-size type. + r, i := float64(real(val)), float64(imag(val)) + enc.buf.AppendByte('"') + // Because we're always in a quoted string, we can use strconv without + // special-casing NaN and +/-Inf. + enc.buf.AppendFloat(r, precision) + // If imaginary part is less than 0, minus (-) sign is added by default + // by AppendFloat. + if i >= 0 { + enc.buf.AppendByte('+') + } + enc.buf.AppendFloat(i, precision) + enc.buf.AppendByte('i') + enc.buf.AppendByte('"') +} + +func (enc *jsonEncoder) AppendDuration(val time.Duration) { + cur := enc.buf.Len() + if e := enc.EncodeDuration; e != nil { + e(val, enc) + } + if cur == enc.buf.Len() { + // User-supplied EncodeDuration is a no-op. Fall back to nanoseconds to keep + // JSON valid. + enc.AppendInt64(int64(val)) + } +} + +func (enc *jsonEncoder) AppendInt64(val int64) { + enc.addElementSeparator() + enc.buf.AppendInt(val) +} + +func (enc *jsonEncoder) AppendReflected(val interface{}) error { + valueBytes, err := enc.encodeReflected(val) + if err != nil { + return err + } + enc.addElementSeparator() + _, err = enc.buf.Write(valueBytes) + return err +} + +func (enc *jsonEncoder) AppendString(val string) { + enc.addElementSeparator() + enc.buf.AppendByte('"') + enc.safeAddString(val) + enc.buf.AppendByte('"') +} + +func (enc *jsonEncoder) AppendTimeLayout(time time.Time, layout string) { + enc.addElementSeparator() + enc.buf.AppendByte('"') + enc.buf.AppendTime(time, layout) + enc.buf.AppendByte('"') +} + +func (enc *jsonEncoder) AppendTime(val time.Time) { + cur := enc.buf.Len() + if e := enc.EncodeTime; e != nil { + e(val, enc) + } + if cur == enc.buf.Len() { + // User-supplied EncodeTime is a no-op. Fall back to nanos since epoch to keep + // output JSON valid. + enc.AppendInt64(val.UnixNano()) + } +} + +func (enc *jsonEncoder) AppendUint64(val uint64) { + enc.addElementSeparator() + enc.buf.AppendUint(val) +} + +func (enc *jsonEncoder) AddInt(k string, v int) { enc.AddInt64(k, int64(v)) } +func (enc *jsonEncoder) AddInt32(k string, v int32) { enc.AddInt64(k, int64(v)) } +func (enc *jsonEncoder) AddInt16(k string, v int16) { enc.AddInt64(k, int64(v)) } +func (enc *jsonEncoder) AddInt8(k string, v int8) { enc.AddInt64(k, int64(v)) } +func (enc *jsonEncoder) AddUint(k string, v uint) { enc.AddUint64(k, uint64(v)) } +func (enc *jsonEncoder) AddUint32(k string, v uint32) { enc.AddUint64(k, uint64(v)) } +func (enc *jsonEncoder) AddUint16(k string, v uint16) { enc.AddUint64(k, uint64(v)) } +func (enc *jsonEncoder) AddUint8(k string, v uint8) { enc.AddUint64(k, uint64(v)) } +func (enc *jsonEncoder) AddUintptr(k string, v uintptr) { enc.AddUint64(k, uint64(v)) } +func (enc *jsonEncoder) AppendComplex64(v complex64) { enc.appendComplex(complex128(v), 32) } +func (enc *jsonEncoder) AppendComplex128(v complex128) { enc.appendComplex(complex128(v), 64) } +func (enc *jsonEncoder) AppendFloat64(v float64) { enc.appendFloat(v, 64) } +func (enc *jsonEncoder) AppendFloat32(v float32) { enc.appendFloat(float64(v), 32) } +func (enc *jsonEncoder) AppendInt(v int) { enc.AppendInt64(int64(v)) } +func (enc *jsonEncoder) AppendInt32(v int32) { enc.AppendInt64(int64(v)) } +func (enc *jsonEncoder) AppendInt16(v int16) { enc.AppendInt64(int64(v)) } +func (enc *jsonEncoder) AppendInt8(v int8) { enc.AppendInt64(int64(v)) } +func (enc *jsonEncoder) AppendUint(v uint) { enc.AppendUint64(uint64(v)) } +func (enc *jsonEncoder) AppendUint32(v uint32) { enc.AppendUint64(uint64(v)) } +func (enc *jsonEncoder) AppendUint16(v uint16) { enc.AppendUint64(uint64(v)) } +func (enc *jsonEncoder) AppendUint8(v uint8) { enc.AppendUint64(uint64(v)) } +func (enc *jsonEncoder) AppendUintptr(v uintptr) { enc.AppendUint64(uint64(v)) } + +func (enc *jsonEncoder) Clone() Encoder { + clone := enc.clone() + clone.buf.Write(enc.buf.Bytes()) + return clone +} + +func (enc *jsonEncoder) clone() *jsonEncoder { + clone := getJSONEncoder() + clone.EncoderConfig = enc.EncoderConfig + clone.spaced = enc.spaced + clone.openNamespaces = enc.openNamespaces + clone.buf = bufferpool.Get() + return clone +} + +func (enc *jsonEncoder) EncodeEntry(ent Entry, fields []Field) (*buffer.Buffer, error) { + final := enc.clone() + final.buf.AppendByte('{') + + if final.LevelKey != "" && final.EncodeLevel != nil { + final.addKey(final.LevelKey) + cur := final.buf.Len() + final.EncodeLevel(ent.Level, final) + if cur == final.buf.Len() { + // User-supplied EncodeLevel was a no-op. Fall back to strings to keep + // output JSON valid. + final.AppendString(ent.Level.String()) + } + } + if final.TimeKey != "" { + final.AddTime(final.TimeKey, ent.Time) + } + if ent.LoggerName != "" && final.NameKey != "" { + final.addKey(final.NameKey) + cur := final.buf.Len() + nameEncoder := final.EncodeName + + // if no name encoder provided, fall back to FullNameEncoder for backwards + // compatibility + if nameEncoder == nil { + nameEncoder = FullNameEncoder + } + + nameEncoder(ent.LoggerName, final) + if cur == final.buf.Len() { + // User-supplied EncodeName was a no-op. Fall back to strings to + // keep output JSON valid. + final.AppendString(ent.LoggerName) + } + } + if ent.Caller.Defined { + if final.CallerKey != "" { + final.addKey(final.CallerKey) + cur := final.buf.Len() + final.EncodeCaller(ent.Caller, final) + if cur == final.buf.Len() { + // User-supplied EncodeCaller was a no-op. Fall back to strings to + // keep output JSON valid. + final.AppendString(ent.Caller.String()) + } + } + if final.FunctionKey != "" { + final.addKey(final.FunctionKey) + final.AppendString(ent.Caller.Function) + } + } + if final.MessageKey != "" { + final.addKey(enc.MessageKey) + final.AppendString(ent.Message) + } + if enc.buf.Len() > 0 { + final.addElementSeparator() + final.buf.Write(enc.buf.Bytes()) + } + addFields(final, fields) + final.closeOpenNamespaces() + if ent.Stack != "" && final.StacktraceKey != "" { + final.AddString(final.StacktraceKey, ent.Stack) + } + final.buf.AppendByte('}') + final.buf.AppendString(final.LineEnding) + + ret := final.buf + putJSONEncoder(final) + return ret, nil +} + +func (enc *jsonEncoder) truncate() { + enc.buf.Reset() +} + +func (enc *jsonEncoder) closeOpenNamespaces() { + for i := 0; i < enc.openNamespaces; i++ { + enc.buf.AppendByte('}') + } + enc.openNamespaces = 0 +} + +func (enc *jsonEncoder) addKey(key string) { + enc.addElementSeparator() + enc.buf.AppendByte('"') + enc.safeAddString(key) + enc.buf.AppendByte('"') + enc.buf.AppendByte(':') + if enc.spaced { + enc.buf.AppendByte(' ') + } +} + +func (enc *jsonEncoder) addElementSeparator() { + last := enc.buf.Len() - 1 + if last < 0 { + return + } + switch enc.buf.Bytes()[last] { + case '{', '[', ':', ',', ' ': + return + default: + enc.buf.AppendByte(',') + if enc.spaced { + enc.buf.AppendByte(' ') + } + } +} + +func (enc *jsonEncoder) appendFloat(val float64, bitSize int) { + enc.addElementSeparator() + switch { + case math.IsNaN(val): + enc.buf.AppendString(`"NaN"`) + case math.IsInf(val, 1): + enc.buf.AppendString(`"+Inf"`) + case math.IsInf(val, -1): + enc.buf.AppendString(`"-Inf"`) + default: + enc.buf.AppendFloat(val, bitSize) + } +} + +// safeAddString JSON-escapes a string and appends it to the internal buffer. +// Unlike the standard library's encoder, it doesn't attempt to protect the +// user from browser vulnerabilities or JSONP-related problems. +func (enc *jsonEncoder) safeAddString(s string) { + for i := 0; i < len(s); { + if enc.tryAddRuneSelf(s[i]) { + i++ + continue + } + r, size := utf8.DecodeRuneInString(s[i:]) + if enc.tryAddRuneError(r, size) { + i++ + continue + } + enc.buf.AppendString(s[i : i+size]) + i += size + } +} + +// safeAddByteString is no-alloc equivalent of safeAddString(string(s)) for s []byte. +func (enc *jsonEncoder) safeAddByteString(s []byte) { + for i := 0; i < len(s); { + if enc.tryAddRuneSelf(s[i]) { + i++ + continue + } + r, size := utf8.DecodeRune(s[i:]) + if enc.tryAddRuneError(r, size) { + i++ + continue + } + enc.buf.Write(s[i : i+size]) + i += size + } +} + +// tryAddRuneSelf appends b if it is valid UTF-8 character represented in a single byte. +func (enc *jsonEncoder) tryAddRuneSelf(b byte) bool { + if b >= utf8.RuneSelf { + return false + } + if 0x20 <= b && b != '\\' && b != '"' { + enc.buf.AppendByte(b) + return true + } + switch b { + case '\\', '"': + enc.buf.AppendByte('\\') + enc.buf.AppendByte(b) + case '\n': + enc.buf.AppendByte('\\') + enc.buf.AppendByte('n') + case '\r': + enc.buf.AppendByte('\\') + enc.buf.AppendByte('r') + case '\t': + enc.buf.AppendByte('\\') + enc.buf.AppendByte('t') + default: + // Encode bytes < 0x20, except for the escape sequences above. + enc.buf.AppendString(`\u00`) + enc.buf.AppendByte(_hex[b>>4]) + enc.buf.AppendByte(_hex[b&0xF]) + } + return true +} + +func (enc *jsonEncoder) tryAddRuneError(r rune, size int) bool { + if r == utf8.RuneError && size == 1 { + enc.buf.AppendString(`\ufffd`) + return true + } + return false +} diff --git a/vendor/go.uber.org/zap/zapcore/level.go b/vendor/go.uber.org/zap/zapcore/level.go new file mode 100644 index 0000000000..e01a241316 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/level.go @@ -0,0 +1,229 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "bytes" + "errors" + "fmt" +) + +var errUnmarshalNilLevel = errors.New("can't unmarshal a nil *Level") + +// A Level is a logging priority. Higher levels are more important. +type Level int8 + +const ( + // DebugLevel logs are typically voluminous, and are usually disabled in + // production. + DebugLevel Level = iota - 1 + // InfoLevel is the default logging priority. + InfoLevel + // WarnLevel logs are more important than Info, but don't need individual + // human review. + WarnLevel + // ErrorLevel logs are high-priority. If an application is running smoothly, + // it shouldn't generate any error-level logs. + ErrorLevel + // DPanicLevel logs are particularly important errors. In development the + // logger panics after writing the message. + DPanicLevel + // PanicLevel logs a message, then panics. + PanicLevel + // FatalLevel logs a message, then calls os.Exit(1). + FatalLevel + + _minLevel = DebugLevel + _maxLevel = FatalLevel + + // InvalidLevel is an invalid value for Level. + // + // Core implementations may panic if they see messages of this level. + InvalidLevel = _maxLevel + 1 +) + +// ParseLevel parses a level based on the lower-case or all-caps ASCII +// representation of the log level. If the provided ASCII representation is +// invalid an error is returned. +// +// This is particularly useful when dealing with text input to configure log +// levels. +func ParseLevel(text string) (Level, error) { + var level Level + err := level.UnmarshalText([]byte(text)) + return level, err +} + +type leveledEnabler interface { + LevelEnabler + + Level() Level +} + +// LevelOf reports the minimum enabled log level for the given LevelEnabler +// from Zap's supported log levels, or [InvalidLevel] if none of them are +// enabled. +// +// A LevelEnabler may implement a 'Level() Level' method to override the +// behavior of this function. +// +// func (c *core) Level() Level { +// return c.currentLevel +// } +// +// It is recommended that [Core] implementations that wrap other cores use +// LevelOf to retrieve the level of the wrapped core. For example, +// +// func (c *coreWrapper) Level() Level { +// return zapcore.LevelOf(c.wrappedCore) +// } +func LevelOf(enab LevelEnabler) Level { + if lvler, ok := enab.(leveledEnabler); ok { + return lvler.Level() + } + + for lvl := _minLevel; lvl <= _maxLevel; lvl++ { + if enab.Enabled(lvl) { + return lvl + } + } + + return InvalidLevel +} + +// String returns a lower-case ASCII representation of the log level. +func (l Level) String() string { + switch l { + case DebugLevel: + return "debug" + case InfoLevel: + return "info" + case WarnLevel: + return "warn" + case ErrorLevel: + return "error" + case DPanicLevel: + return "dpanic" + case PanicLevel: + return "panic" + case FatalLevel: + return "fatal" + default: + return fmt.Sprintf("Level(%d)", l) + } +} + +// CapitalString returns an all-caps ASCII representation of the log level. +func (l Level) CapitalString() string { + // Printing levels in all-caps is common enough that we should export this + // functionality. + switch l { + case DebugLevel: + return "DEBUG" + case InfoLevel: + return "INFO" + case WarnLevel: + return "WARN" + case ErrorLevel: + return "ERROR" + case DPanicLevel: + return "DPANIC" + case PanicLevel: + return "PANIC" + case FatalLevel: + return "FATAL" + default: + return fmt.Sprintf("LEVEL(%d)", l) + } +} + +// MarshalText marshals the Level to text. Note that the text representation +// drops the -Level suffix (see example). +func (l Level) MarshalText() ([]byte, error) { + return []byte(l.String()), nil +} + +// UnmarshalText unmarshals text to a level. Like MarshalText, UnmarshalText +// expects the text representation of a Level to drop the -Level suffix (see +// example). +// +// In particular, this makes it easy to configure logging levels using YAML, +// TOML, or JSON files. +func (l *Level) UnmarshalText(text []byte) error { + if l == nil { + return errUnmarshalNilLevel + } + if !l.unmarshalText(text) && !l.unmarshalText(bytes.ToLower(text)) { + return fmt.Errorf("unrecognized level: %q", text) + } + return nil +} + +func (l *Level) unmarshalText(text []byte) bool { + switch string(text) { + case "debug", "DEBUG": + *l = DebugLevel + case "info", "INFO", "": // make the zero value useful + *l = InfoLevel + case "warn", "WARN": + *l = WarnLevel + case "error", "ERROR": + *l = ErrorLevel + case "dpanic", "DPANIC": + *l = DPanicLevel + case "panic", "PANIC": + *l = PanicLevel + case "fatal", "FATAL": + *l = FatalLevel + default: + return false + } + return true +} + +// Set sets the level for the flag.Value interface. +func (l *Level) Set(s string) error { + return l.UnmarshalText([]byte(s)) +} + +// Get gets the level for the flag.Getter interface. +func (l *Level) Get() interface{} { + return *l +} + +// Enabled returns true if the given level is at or above this level. +func (l Level) Enabled(lvl Level) bool { + return lvl >= l +} + +// LevelEnabler decides whether a given logging level is enabled when logging a +// message. +// +// Enablers are intended to be used to implement deterministic filters; +// concerns like sampling are better implemented as a Core. +// +// Each concrete Level value implements a static LevelEnabler which returns +// true for itself and all higher logging levels. For example WarnLevel.Enabled() +// will return true for WarnLevel, ErrorLevel, DPanicLevel, PanicLevel, and +// FatalLevel, but return false for InfoLevel and DebugLevel. +type LevelEnabler interface { + Enabled(Level) bool +} diff --git a/vendor/go.uber.org/zap/zapcore/level_strings.go b/vendor/go.uber.org/zap/zapcore/level_strings.go new file mode 100644 index 0000000000..7af8dadcb3 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/level_strings.go @@ -0,0 +1,46 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import "go.uber.org/zap/internal/color" + +var ( + _levelToColor = map[Level]color.Color{ + DebugLevel: color.Magenta, + InfoLevel: color.Blue, + WarnLevel: color.Yellow, + ErrorLevel: color.Red, + DPanicLevel: color.Red, + PanicLevel: color.Red, + FatalLevel: color.Red, + } + _unknownLevelColor = color.Red + + _levelToLowercaseColorString = make(map[Level]string, len(_levelToColor)) + _levelToCapitalColorString = make(map[Level]string, len(_levelToColor)) +) + +func init() { + for level, color := range _levelToColor { + _levelToLowercaseColorString[level] = color.Add(level.String()) + _levelToCapitalColorString[level] = color.Add(level.CapitalString()) + } +} diff --git a/vendor/go.uber.org/zap/zapcore/marshaler.go b/vendor/go.uber.org/zap/zapcore/marshaler.go new file mode 100644 index 0000000000..c3c55ba0d9 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/marshaler.go @@ -0,0 +1,61 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +// ObjectMarshaler allows user-defined types to efficiently add themselves to the +// logging context, and to selectively omit information which shouldn't be +// included in logs (e.g., passwords). +// +// Note: ObjectMarshaler is only used when zap.Object is used or when +// passed directly to zap.Any. It is not used when reflection-based +// encoding is used. +type ObjectMarshaler interface { + MarshalLogObject(ObjectEncoder) error +} + +// ObjectMarshalerFunc is a type adapter that turns a function into an +// ObjectMarshaler. +type ObjectMarshalerFunc func(ObjectEncoder) error + +// MarshalLogObject calls the underlying function. +func (f ObjectMarshalerFunc) MarshalLogObject(enc ObjectEncoder) error { + return f(enc) +} + +// ArrayMarshaler allows user-defined types to efficiently add themselves to the +// logging context, and to selectively omit information which shouldn't be +// included in logs (e.g., passwords). +// +// Note: ArrayMarshaler is only used when zap.Array is used or when +// passed directly to zap.Any. It is not used when reflection-based +// encoding is used. +type ArrayMarshaler interface { + MarshalLogArray(ArrayEncoder) error +} + +// ArrayMarshalerFunc is a type adapter that turns a function into an +// ArrayMarshaler. +type ArrayMarshalerFunc func(ArrayEncoder) error + +// MarshalLogArray calls the underlying function. +func (f ArrayMarshalerFunc) MarshalLogArray(enc ArrayEncoder) error { + return f(enc) +} diff --git a/vendor/go.uber.org/zap/zapcore/memory_encoder.go b/vendor/go.uber.org/zap/zapcore/memory_encoder.go new file mode 100644 index 0000000000..dfead0829d --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/memory_encoder.go @@ -0,0 +1,179 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import "time" + +// MapObjectEncoder is an ObjectEncoder backed by a simple +// map[string]interface{}. It's not fast enough for production use, but it's +// helpful in tests. +type MapObjectEncoder struct { + // Fields contains the entire encoded log context. + Fields map[string]interface{} + // cur is a pointer to the namespace we're currently writing to. + cur map[string]interface{} +} + +// NewMapObjectEncoder creates a new map-backed ObjectEncoder. +func NewMapObjectEncoder() *MapObjectEncoder { + m := make(map[string]interface{}) + return &MapObjectEncoder{ + Fields: m, + cur: m, + } +} + +// AddArray implements ObjectEncoder. +func (m *MapObjectEncoder) AddArray(key string, v ArrayMarshaler) error { + arr := &sliceArrayEncoder{elems: make([]interface{}, 0)} + err := v.MarshalLogArray(arr) + m.cur[key] = arr.elems + return err +} + +// AddObject implements ObjectEncoder. +func (m *MapObjectEncoder) AddObject(k string, v ObjectMarshaler) error { + newMap := NewMapObjectEncoder() + m.cur[k] = newMap.Fields + return v.MarshalLogObject(newMap) +} + +// AddBinary implements ObjectEncoder. +func (m *MapObjectEncoder) AddBinary(k string, v []byte) { m.cur[k] = v } + +// AddByteString implements ObjectEncoder. +func (m *MapObjectEncoder) AddByteString(k string, v []byte) { m.cur[k] = string(v) } + +// AddBool implements ObjectEncoder. +func (m *MapObjectEncoder) AddBool(k string, v bool) { m.cur[k] = v } + +// AddDuration implements ObjectEncoder. +func (m MapObjectEncoder) AddDuration(k string, v time.Duration) { m.cur[k] = v } + +// AddComplex128 implements ObjectEncoder. +func (m *MapObjectEncoder) AddComplex128(k string, v complex128) { m.cur[k] = v } + +// AddComplex64 implements ObjectEncoder. +func (m *MapObjectEncoder) AddComplex64(k string, v complex64) { m.cur[k] = v } + +// AddFloat64 implements ObjectEncoder. +func (m *MapObjectEncoder) AddFloat64(k string, v float64) { m.cur[k] = v } + +// AddFloat32 implements ObjectEncoder. +func (m *MapObjectEncoder) AddFloat32(k string, v float32) { m.cur[k] = v } + +// AddInt implements ObjectEncoder. +func (m *MapObjectEncoder) AddInt(k string, v int) { m.cur[k] = v } + +// AddInt64 implements ObjectEncoder. +func (m *MapObjectEncoder) AddInt64(k string, v int64) { m.cur[k] = v } + +// AddInt32 implements ObjectEncoder. +func (m *MapObjectEncoder) AddInt32(k string, v int32) { m.cur[k] = v } + +// AddInt16 implements ObjectEncoder. +func (m *MapObjectEncoder) AddInt16(k string, v int16) { m.cur[k] = v } + +// AddInt8 implements ObjectEncoder. +func (m *MapObjectEncoder) AddInt8(k string, v int8) { m.cur[k] = v } + +// AddString implements ObjectEncoder. +func (m *MapObjectEncoder) AddString(k string, v string) { m.cur[k] = v } + +// AddTime implements ObjectEncoder. +func (m MapObjectEncoder) AddTime(k string, v time.Time) { m.cur[k] = v } + +// AddUint implements ObjectEncoder. +func (m *MapObjectEncoder) AddUint(k string, v uint) { m.cur[k] = v } + +// AddUint64 implements ObjectEncoder. +func (m *MapObjectEncoder) AddUint64(k string, v uint64) { m.cur[k] = v } + +// AddUint32 implements ObjectEncoder. +func (m *MapObjectEncoder) AddUint32(k string, v uint32) { m.cur[k] = v } + +// AddUint16 implements ObjectEncoder. +func (m *MapObjectEncoder) AddUint16(k string, v uint16) { m.cur[k] = v } + +// AddUint8 implements ObjectEncoder. +func (m *MapObjectEncoder) AddUint8(k string, v uint8) { m.cur[k] = v } + +// AddUintptr implements ObjectEncoder. +func (m *MapObjectEncoder) AddUintptr(k string, v uintptr) { m.cur[k] = v } + +// AddReflected implements ObjectEncoder. +func (m *MapObjectEncoder) AddReflected(k string, v interface{}) error { + m.cur[k] = v + return nil +} + +// OpenNamespace implements ObjectEncoder. +func (m *MapObjectEncoder) OpenNamespace(k string) { + ns := make(map[string]interface{}) + m.cur[k] = ns + m.cur = ns +} + +// sliceArrayEncoder is an ArrayEncoder backed by a simple []interface{}. Like +// the MapObjectEncoder, it's not designed for production use. +type sliceArrayEncoder struct { + elems []interface{} +} + +func (s *sliceArrayEncoder) AppendArray(v ArrayMarshaler) error { + enc := &sliceArrayEncoder{} + err := v.MarshalLogArray(enc) + s.elems = append(s.elems, enc.elems) + return err +} + +func (s *sliceArrayEncoder) AppendObject(v ObjectMarshaler) error { + m := NewMapObjectEncoder() + err := v.MarshalLogObject(m) + s.elems = append(s.elems, m.Fields) + return err +} + +func (s *sliceArrayEncoder) AppendReflected(v interface{}) error { + s.elems = append(s.elems, v) + return nil +} + +func (s *sliceArrayEncoder) AppendBool(v bool) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendByteString(v []byte) { s.elems = append(s.elems, string(v)) } +func (s *sliceArrayEncoder) AppendComplex128(v complex128) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendComplex64(v complex64) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendDuration(v time.Duration) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendFloat64(v float64) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendFloat32(v float32) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendInt(v int) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendInt64(v int64) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendInt32(v int32) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendInt16(v int16) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendInt8(v int8) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendString(v string) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendTime(v time.Time) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendUint(v uint) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendUint64(v uint64) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendUint32(v uint32) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendUint16(v uint16) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendUint8(v uint8) { s.elems = append(s.elems, v) } +func (s *sliceArrayEncoder) AppendUintptr(v uintptr) { s.elems = append(s.elems, v) } diff --git a/vendor/go.uber.org/zap/zapcore/reflected_encoder.go b/vendor/go.uber.org/zap/zapcore/reflected_encoder.go new file mode 100644 index 0000000000..8746360eca --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/reflected_encoder.go @@ -0,0 +1,41 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "encoding/json" + "io" +) + +// ReflectedEncoder serializes log fields that can't be serialized with Zap's +// JSON encoder. These have the ReflectType field type. +// Use EncoderConfig.NewReflectedEncoder to set this. +type ReflectedEncoder interface { + // Encode encodes and writes to the underlying data stream. + Encode(interface{}) error +} + +func defaultReflectedEncoder(w io.Writer) ReflectedEncoder { + enc := json.NewEncoder(w) + // For consistency with our custom JSON encoder. + enc.SetEscapeHTML(false) + return enc +} diff --git a/vendor/go.uber.org/zap/zapcore/sampler.go b/vendor/go.uber.org/zap/zapcore/sampler.go new file mode 100644 index 0000000000..dc518055a4 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/sampler.go @@ -0,0 +1,230 @@ +// Copyright (c) 2016-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "time" + + "go.uber.org/atomic" +) + +const ( + _numLevels = _maxLevel - _minLevel + 1 + _countersPerLevel = 4096 +) + +type counter struct { + resetAt atomic.Int64 + counter atomic.Uint64 +} + +type counters [_numLevels][_countersPerLevel]counter + +func newCounters() *counters { + return &counters{} +} + +func (cs *counters) get(lvl Level, key string) *counter { + i := lvl - _minLevel + j := fnv32a(key) % _countersPerLevel + return &cs[i][j] +} + +// fnv32a, adapted from "hash/fnv", but without a []byte(string) alloc +func fnv32a(s string) uint32 { + const ( + offset32 = 2166136261 + prime32 = 16777619 + ) + hash := uint32(offset32) + for i := 0; i < len(s); i++ { + hash ^= uint32(s[i]) + hash *= prime32 + } + return hash +} + +func (c *counter) IncCheckReset(t time.Time, tick time.Duration) uint64 { + tn := t.UnixNano() + resetAfter := c.resetAt.Load() + if resetAfter > tn { + return c.counter.Inc() + } + + c.counter.Store(1) + + newResetAfter := tn + tick.Nanoseconds() + if !c.resetAt.CAS(resetAfter, newResetAfter) { + // We raced with another goroutine trying to reset, and it also reset + // the counter to 1, so we need to reincrement the counter. + return c.counter.Inc() + } + + return 1 +} + +// SamplingDecision is a decision represented as a bit field made by sampler. +// More decisions may be added in the future. +type SamplingDecision uint32 + +const ( + // LogDropped indicates that the Sampler dropped a log entry. + LogDropped SamplingDecision = 1 << iota + // LogSampled indicates that the Sampler sampled a log entry. + LogSampled +) + +// optionFunc wraps a func so it satisfies the SamplerOption interface. +type optionFunc func(*sampler) + +func (f optionFunc) apply(s *sampler) { + f(s) +} + +// SamplerOption configures a Sampler. +type SamplerOption interface { + apply(*sampler) +} + +// nopSamplingHook is the default hook used by sampler. +func nopSamplingHook(Entry, SamplingDecision) {} + +// SamplerHook registers a function which will be called when Sampler makes a +// decision. +// +// This hook may be used to get visibility into the performance of the sampler. +// For example, use it to track metrics of dropped versus sampled logs. +// +// var dropped atomic.Int64 +// zapcore.SamplerHook(func(ent zapcore.Entry, dec zapcore.SamplingDecision) { +// if dec&zapcore.LogDropped > 0 { +// dropped.Inc() +// } +// }) +func SamplerHook(hook func(entry Entry, dec SamplingDecision)) SamplerOption { + return optionFunc(func(s *sampler) { + s.hook = hook + }) +} + +// NewSamplerWithOptions creates a Core that samples incoming entries, which +// caps the CPU and I/O load of logging while attempting to preserve a +// representative subset of your logs. +// +// Zap samples by logging the first N entries with a given level and message +// each tick. If more Entries with the same level and message are seen during +// the same interval, every Mth message is logged and the rest are dropped. +// +// For example, +// +// core = NewSamplerWithOptions(core, time.Second, 10, 5) +// +// This will log the first 10 log entries with the same level and message +// in a one second interval as-is. Following that, it will allow through +// every 5th log entry with the same level and message in that interval. +// +// If thereafter is zero, the Core will drop all log entries after the first N +// in that interval. +// +// Sampler can be configured to report sampling decisions with the SamplerHook +// option. +// +// Keep in mind that Zap's sampling implementation is optimized for speed over +// absolute precision; under load, each tick may be slightly over- or +// under-sampled. +func NewSamplerWithOptions(core Core, tick time.Duration, first, thereafter int, opts ...SamplerOption) Core { + s := &sampler{ + Core: core, + tick: tick, + counts: newCounters(), + first: uint64(first), + thereafter: uint64(thereafter), + hook: nopSamplingHook, + } + for _, opt := range opts { + opt.apply(s) + } + + return s +} + +type sampler struct { + Core + + counts *counters + tick time.Duration + first, thereafter uint64 + hook func(Entry, SamplingDecision) +} + +var ( + _ Core = (*sampler)(nil) + _ leveledEnabler = (*sampler)(nil) +) + +// NewSampler creates a Core that samples incoming entries, which +// caps the CPU and I/O load of logging while attempting to preserve a +// representative subset of your logs. +// +// Zap samples by logging the first N entries with a given level and message +// each tick. If more Entries with the same level and message are seen during +// the same interval, every Mth message is logged and the rest are dropped. +// +// Keep in mind that zap's sampling implementation is optimized for speed over +// absolute precision; under load, each tick may be slightly over- or +// under-sampled. +// +// Deprecated: use NewSamplerWithOptions. +func NewSampler(core Core, tick time.Duration, first, thereafter int) Core { + return NewSamplerWithOptions(core, tick, first, thereafter) +} + +func (s *sampler) Level() Level { + return LevelOf(s.Core) +} + +func (s *sampler) With(fields []Field) Core { + return &sampler{ + Core: s.Core.With(fields), + tick: s.tick, + counts: s.counts, + first: s.first, + thereafter: s.thereafter, + hook: s.hook, + } +} + +func (s *sampler) Check(ent Entry, ce *CheckedEntry) *CheckedEntry { + if !s.Enabled(ent.Level) { + return ce + } + + if ent.Level >= _minLevel && ent.Level <= _maxLevel { + counter := s.counts.get(ent.Level, ent.Message) + n := counter.IncCheckReset(ent.Time, s.tick) + if n > s.first && (s.thereafter == 0 || (n-s.first)%s.thereafter != 0) { + s.hook(ent, LogDropped) + return ce + } + s.hook(ent, LogSampled) + } + return s.Core.Check(ent, ce) +} diff --git a/vendor/go.uber.org/zap/zapcore/tee.go b/vendor/go.uber.org/zap/zapcore/tee.go new file mode 100644 index 0000000000..9bb32f0557 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/tee.go @@ -0,0 +1,96 @@ +// Copyright (c) 2016-2022 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import "go.uber.org/multierr" + +type multiCore []Core + +var ( + _ leveledEnabler = multiCore(nil) + _ Core = multiCore(nil) +) + +// NewTee creates a Core that duplicates log entries into two or more +// underlying Cores. +// +// Calling it with a single Core returns the input unchanged, and calling +// it with no input returns a no-op Core. +func NewTee(cores ...Core) Core { + switch len(cores) { + case 0: + return NewNopCore() + case 1: + return cores[0] + default: + return multiCore(cores) + } +} + +func (mc multiCore) With(fields []Field) Core { + clone := make(multiCore, len(mc)) + for i := range mc { + clone[i] = mc[i].With(fields) + } + return clone +} + +func (mc multiCore) Level() Level { + minLvl := _maxLevel // mc is never empty + for i := range mc { + if lvl := LevelOf(mc[i]); lvl < minLvl { + minLvl = lvl + } + } + return minLvl +} + +func (mc multiCore) Enabled(lvl Level) bool { + for i := range mc { + if mc[i].Enabled(lvl) { + return true + } + } + return false +} + +func (mc multiCore) Check(ent Entry, ce *CheckedEntry) *CheckedEntry { + for i := range mc { + ce = mc[i].Check(ent, ce) + } + return ce +} + +func (mc multiCore) Write(ent Entry, fields []Field) error { + var err error + for i := range mc { + err = multierr.Append(err, mc[i].Write(ent, fields)) + } + return err +} + +func (mc multiCore) Sync() error { + var err error + for i := range mc { + err = multierr.Append(err, mc[i].Sync()) + } + return err +} diff --git a/vendor/go.uber.org/zap/zapcore/write_syncer.go b/vendor/go.uber.org/zap/zapcore/write_syncer.go new file mode 100644 index 0000000000..d4a1af3d07 --- /dev/null +++ b/vendor/go.uber.org/zap/zapcore/write_syncer.go @@ -0,0 +1,122 @@ +// Copyright (c) 2016 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package zapcore + +import ( + "io" + "sync" + + "go.uber.org/multierr" +) + +// A WriteSyncer is an io.Writer that can also flush any buffered data. Note +// that *os.File (and thus, os.Stderr and os.Stdout) implement WriteSyncer. +type WriteSyncer interface { + io.Writer + Sync() error +} + +// AddSync converts an io.Writer to a WriteSyncer. It attempts to be +// intelligent: if the concrete type of the io.Writer implements WriteSyncer, +// we'll use the existing Sync method. If it doesn't, we'll add a no-op Sync. +func AddSync(w io.Writer) WriteSyncer { + switch w := w.(type) { + case WriteSyncer: + return w + default: + return writerWrapper{w} + } +} + +type lockedWriteSyncer struct { + sync.Mutex + ws WriteSyncer +} + +// Lock wraps a WriteSyncer in a mutex to make it safe for concurrent use. In +// particular, *os.Files must be locked before use. +func Lock(ws WriteSyncer) WriteSyncer { + if _, ok := ws.(*lockedWriteSyncer); ok { + // no need to layer on another lock + return ws + } + return &lockedWriteSyncer{ws: ws} +} + +func (s *lockedWriteSyncer) Write(bs []byte) (int, error) { + s.Lock() + n, err := s.ws.Write(bs) + s.Unlock() + return n, err +} + +func (s *lockedWriteSyncer) Sync() error { + s.Lock() + err := s.ws.Sync() + s.Unlock() + return err +} + +type writerWrapper struct { + io.Writer +} + +func (w writerWrapper) Sync() error { + return nil +} + +type multiWriteSyncer []WriteSyncer + +// NewMultiWriteSyncer creates a WriteSyncer that duplicates its writes +// and sync calls, much like io.MultiWriter. +func NewMultiWriteSyncer(ws ...WriteSyncer) WriteSyncer { + if len(ws) == 1 { + return ws[0] + } + return multiWriteSyncer(ws) +} + +// See https://golang.org/src/io/multi.go +// When not all underlying syncers write the same number of bytes, +// the smallest number is returned even though Write() is called on +// all of them. +func (ws multiWriteSyncer) Write(p []byte) (int, error) { + var writeErr error + nWritten := 0 + for _, w := range ws { + n, err := w.Write(p) + writeErr = multierr.Append(writeErr, err) + if nWritten == 0 && n != 0 { + nWritten = n + } else if n < nWritten { + nWritten = n + } + } + return nWritten, writeErr +} + +func (ws multiWriteSyncer) Sync() error { + var err error + for _, w := range ws { + err = multierr.Append(err, w.Sync()) + } + return err +} diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b.go b/vendor/golang.org/x/crypto/blake2b/blake2b.go new file mode 100644 index 0000000000..d2e98d4295 --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2b.go @@ -0,0 +1,291 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 +// and the extendable output function (XOF) BLAKE2Xb. +// +// BLAKE2b is optimized for 64-bit platforms—including NEON-enabled ARMs—and +// produces digests of any size between 1 and 64 bytes. +// For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf +// and for BLAKE2Xb see https://blake2.net/blake2x.pdf +// +// If you aren't sure which function you need, use BLAKE2b (Sum512 or New512). +// If you need a secret-key MAC (message authentication code), use the New512 +// function with a non-nil key. +// +// BLAKE2X is a construction to compute hash values larger than 64 bytes. It +// can produce hash values between 0 and 4 GiB. +package blake2b + +import ( + "encoding/binary" + "errors" + "hash" +) + +const ( + // The blocksize of BLAKE2b in bytes. + BlockSize = 128 + // The hash size of BLAKE2b-512 in bytes. + Size = 64 + // The hash size of BLAKE2b-384 in bytes. + Size384 = 48 + // The hash size of BLAKE2b-256 in bytes. + Size256 = 32 +) + +var ( + useAVX2 bool + useAVX bool + useSSE4 bool +) + +var ( + errKeySize = errors.New("blake2b: invalid key size") + errHashSize = errors.New("blake2b: invalid hash size") +) + +var iv = [8]uint64{ + 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, + 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179, +} + +// Sum512 returns the BLAKE2b-512 checksum of the data. +func Sum512(data []byte) [Size]byte { + var sum [Size]byte + checkSum(&sum, Size, data) + return sum +} + +// Sum384 returns the BLAKE2b-384 checksum of the data. +func Sum384(data []byte) [Size384]byte { + var sum [Size]byte + var sum384 [Size384]byte + checkSum(&sum, Size384, data) + copy(sum384[:], sum[:Size384]) + return sum384 +} + +// Sum256 returns the BLAKE2b-256 checksum of the data. +func Sum256(data []byte) [Size256]byte { + var sum [Size]byte + var sum256 [Size256]byte + checkSum(&sum, Size256, data) + copy(sum256[:], sum[:Size256]) + return sum256 +} + +// New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil +// key turns the hash into a MAC. The key must be between zero and 64 bytes long. +func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) } + +// New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil +// key turns the hash into a MAC. The key must be between zero and 64 bytes long. +func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) } + +// New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil +// key turns the hash into a MAC. The key must be between zero and 64 bytes long. +func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) } + +// New returns a new hash.Hash computing the BLAKE2b checksum with a custom length. +// A non-nil key turns the hash into a MAC. The key must be between zero and 64 bytes long. +// The hash size can be a value between 1 and 64 but it is highly recommended to use +// values equal or greater than: +// - 32 if BLAKE2b is used as a hash function (The key is zero bytes long). +// - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long). +// When the key is nil, the returned hash.Hash implements BinaryMarshaler +// and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash. +func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) } + +func newDigest(hashSize int, key []byte) (*digest, error) { + if hashSize < 1 || hashSize > Size { + return nil, errHashSize + } + if len(key) > Size { + return nil, errKeySize + } + d := &digest{ + size: hashSize, + keyLen: len(key), + } + copy(d.key[:], key) + d.Reset() + return d, nil +} + +func checkSum(sum *[Size]byte, hashSize int, data []byte) { + h := iv + h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24) + var c [2]uint64 + + if length := len(data); length > BlockSize { + n := length &^ (BlockSize - 1) + if length == n { + n -= BlockSize + } + hashBlocks(&h, &c, 0, data[:n]) + data = data[n:] + } + + var block [BlockSize]byte + offset := copy(block[:], data) + remaining := uint64(BlockSize - offset) + if c[0] < remaining { + c[1]-- + } + c[0] -= remaining + + hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:]) + + for i, v := range h[:(hashSize+7)/8] { + binary.LittleEndian.PutUint64(sum[8*i:], v) + } +} + +type digest struct { + h [8]uint64 + c [2]uint64 + size int + block [BlockSize]byte + offset int + + key [BlockSize]byte + keyLen int +} + +const ( + magic = "b2b" + marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1 +) + +func (d *digest) MarshalBinary() ([]byte, error) { + if d.keyLen != 0 { + return nil, errors.New("crypto/blake2b: cannot marshal MACs") + } + b := make([]byte, 0, marshaledSize) + b = append(b, magic...) + for i := 0; i < 8; i++ { + b = appendUint64(b, d.h[i]) + } + b = appendUint64(b, d.c[0]) + b = appendUint64(b, d.c[1]) + // Maximum value for size is 64 + b = append(b, byte(d.size)) + b = append(b, d.block[:]...) + b = append(b, byte(d.offset)) + return b, nil +} + +func (d *digest) UnmarshalBinary(b []byte) error { + if len(b) < len(magic) || string(b[:len(magic)]) != magic { + return errors.New("crypto/blake2b: invalid hash state identifier") + } + if len(b) != marshaledSize { + return errors.New("crypto/blake2b: invalid hash state size") + } + b = b[len(magic):] + for i := 0; i < 8; i++ { + b, d.h[i] = consumeUint64(b) + } + b, d.c[0] = consumeUint64(b) + b, d.c[1] = consumeUint64(b) + d.size = int(b[0]) + b = b[1:] + copy(d.block[:], b[:BlockSize]) + b = b[BlockSize:] + d.offset = int(b[0]) + return nil +} + +func (d *digest) BlockSize() int { return BlockSize } + +func (d *digest) Size() int { return d.size } + +func (d *digest) Reset() { + d.h = iv + d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24) + d.offset, d.c[0], d.c[1] = 0, 0, 0 + if d.keyLen > 0 { + d.block = d.key + d.offset = BlockSize + } +} + +func (d *digest) Write(p []byte) (n int, err error) { + n = len(p) + + if d.offset > 0 { + remaining := BlockSize - d.offset + if n <= remaining { + d.offset += copy(d.block[d.offset:], p) + return + } + copy(d.block[d.offset:], p[:remaining]) + hashBlocks(&d.h, &d.c, 0, d.block[:]) + d.offset = 0 + p = p[remaining:] + } + + if length := len(p); length > BlockSize { + nn := length &^ (BlockSize - 1) + if length == nn { + nn -= BlockSize + } + hashBlocks(&d.h, &d.c, 0, p[:nn]) + p = p[nn:] + } + + if len(p) > 0 { + d.offset += copy(d.block[:], p) + } + + return +} + +func (d *digest) Sum(sum []byte) []byte { + var hash [Size]byte + d.finalize(&hash) + return append(sum, hash[:d.size]...) +} + +func (d *digest) finalize(hash *[Size]byte) { + var block [BlockSize]byte + copy(block[:], d.block[:d.offset]) + remaining := uint64(BlockSize - d.offset) + + c := d.c + if c[0] < remaining { + c[1]-- + } + c[0] -= remaining + + h := d.h + hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:]) + + for i, v := range h { + binary.LittleEndian.PutUint64(hash[8*i:], v) + } +} + +func appendUint64(b []byte, x uint64) []byte { + var a [8]byte + binary.BigEndian.PutUint64(a[:], x) + return append(b, a[:]...) +} + +func appendUint32(b []byte, x uint32) []byte { + var a [4]byte + binary.BigEndian.PutUint32(a[:], x) + return append(b, a[:]...) +} + +func consumeUint64(b []byte) ([]byte, uint64) { + x := binary.BigEndian.Uint64(b) + return b[8:], x +} + +func consumeUint32(b []byte) ([]byte, uint32) { + x := binary.BigEndian.Uint32(b) + return b[4:], x +} diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go new file mode 100644 index 0000000000..56bfaaa17d --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go @@ -0,0 +1,38 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.7 && amd64 && gc && !purego +// +build go1.7,amd64,gc,!purego + +package blake2b + +import "golang.org/x/sys/cpu" + +func init() { + useAVX2 = cpu.X86.HasAVX2 + useAVX = cpu.X86.HasAVX + useSSE4 = cpu.X86.HasSSE41 +} + +//go:noescape +func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) + +//go:noescape +func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) + +//go:noescape +func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) + +func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { + switch { + case useAVX2: + hashBlocksAVX2(h, c, flag, blocks) + case useAVX: + hashBlocksAVX(h, c, flag, blocks) + case useSSE4: + hashBlocksSSE4(h, c, flag, blocks) + default: + hashBlocksGeneric(h, c, flag, blocks) + } +} diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s new file mode 100644 index 0000000000..4b9daa18d9 --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s @@ -0,0 +1,745 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.7 && amd64 && gc && !purego +// +build go1.7,amd64,gc,!purego + +#include "textflag.h" + +DATA ·AVX2_iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908 +DATA ·AVX2_iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b +DATA ·AVX2_iv0<>+0x10(SB)/8, $0x3c6ef372fe94f82b +DATA ·AVX2_iv0<>+0x18(SB)/8, $0xa54ff53a5f1d36f1 +GLOBL ·AVX2_iv0<>(SB), (NOPTR+RODATA), $32 + +DATA ·AVX2_iv1<>+0x00(SB)/8, $0x510e527fade682d1 +DATA ·AVX2_iv1<>+0x08(SB)/8, $0x9b05688c2b3e6c1f +DATA ·AVX2_iv1<>+0x10(SB)/8, $0x1f83d9abfb41bd6b +DATA ·AVX2_iv1<>+0x18(SB)/8, $0x5be0cd19137e2179 +GLOBL ·AVX2_iv1<>(SB), (NOPTR+RODATA), $32 + +DATA ·AVX2_c40<>+0x00(SB)/8, $0x0201000706050403 +DATA ·AVX2_c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b +DATA ·AVX2_c40<>+0x10(SB)/8, $0x0201000706050403 +DATA ·AVX2_c40<>+0x18(SB)/8, $0x0a09080f0e0d0c0b +GLOBL ·AVX2_c40<>(SB), (NOPTR+RODATA), $32 + +DATA ·AVX2_c48<>+0x00(SB)/8, $0x0100070605040302 +DATA ·AVX2_c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a +DATA ·AVX2_c48<>+0x10(SB)/8, $0x0100070605040302 +DATA ·AVX2_c48<>+0x18(SB)/8, $0x09080f0e0d0c0b0a +GLOBL ·AVX2_c48<>(SB), (NOPTR+RODATA), $32 + +DATA ·AVX_iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908 +DATA ·AVX_iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b +GLOBL ·AVX_iv0<>(SB), (NOPTR+RODATA), $16 + +DATA ·AVX_iv1<>+0x00(SB)/8, $0x3c6ef372fe94f82b +DATA ·AVX_iv1<>+0x08(SB)/8, $0xa54ff53a5f1d36f1 +GLOBL ·AVX_iv1<>(SB), (NOPTR+RODATA), $16 + +DATA ·AVX_iv2<>+0x00(SB)/8, $0x510e527fade682d1 +DATA ·AVX_iv2<>+0x08(SB)/8, $0x9b05688c2b3e6c1f +GLOBL ·AVX_iv2<>(SB), (NOPTR+RODATA), $16 + +DATA ·AVX_iv3<>+0x00(SB)/8, $0x1f83d9abfb41bd6b +DATA ·AVX_iv3<>+0x08(SB)/8, $0x5be0cd19137e2179 +GLOBL ·AVX_iv3<>(SB), (NOPTR+RODATA), $16 + +DATA ·AVX_c40<>+0x00(SB)/8, $0x0201000706050403 +DATA ·AVX_c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b +GLOBL ·AVX_c40<>(SB), (NOPTR+RODATA), $16 + +DATA ·AVX_c48<>+0x00(SB)/8, $0x0100070605040302 +DATA ·AVX_c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a +GLOBL ·AVX_c48<>(SB), (NOPTR+RODATA), $16 + +#define VPERMQ_0x39_Y1_Y1 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xc9; BYTE $0x39 +#define VPERMQ_0x93_Y1_Y1 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xc9; BYTE $0x93 +#define VPERMQ_0x4E_Y2_Y2 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xd2; BYTE $0x4e +#define VPERMQ_0x93_Y3_Y3 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xdb; BYTE $0x93 +#define VPERMQ_0x39_Y3_Y3 BYTE $0xc4; BYTE $0xe3; BYTE $0xfd; BYTE $0x00; BYTE $0xdb; BYTE $0x39 + +#define ROUND_AVX2(m0, m1, m2, m3, t, c40, c48) \ + VPADDQ m0, Y0, Y0; \ + VPADDQ Y1, Y0, Y0; \ + VPXOR Y0, Y3, Y3; \ + VPSHUFD $-79, Y3, Y3; \ + VPADDQ Y3, Y2, Y2; \ + VPXOR Y2, Y1, Y1; \ + VPSHUFB c40, Y1, Y1; \ + VPADDQ m1, Y0, Y0; \ + VPADDQ Y1, Y0, Y0; \ + VPXOR Y0, Y3, Y3; \ + VPSHUFB c48, Y3, Y3; \ + VPADDQ Y3, Y2, Y2; \ + VPXOR Y2, Y1, Y1; \ + VPADDQ Y1, Y1, t; \ + VPSRLQ $63, Y1, Y1; \ + VPXOR t, Y1, Y1; \ + VPERMQ_0x39_Y1_Y1; \ + VPERMQ_0x4E_Y2_Y2; \ + VPERMQ_0x93_Y3_Y3; \ + VPADDQ m2, Y0, Y0; \ + VPADDQ Y1, Y0, Y0; \ + VPXOR Y0, Y3, Y3; \ + VPSHUFD $-79, Y3, Y3; \ + VPADDQ Y3, Y2, Y2; \ + VPXOR Y2, Y1, Y1; \ + VPSHUFB c40, Y1, Y1; \ + VPADDQ m3, Y0, Y0; \ + VPADDQ Y1, Y0, Y0; \ + VPXOR Y0, Y3, Y3; \ + VPSHUFB c48, Y3, Y3; \ + VPADDQ Y3, Y2, Y2; \ + VPXOR Y2, Y1, Y1; \ + VPADDQ Y1, Y1, t; \ + VPSRLQ $63, Y1, Y1; \ + VPXOR t, Y1, Y1; \ + VPERMQ_0x39_Y3_Y3; \ + VPERMQ_0x4E_Y2_Y2; \ + VPERMQ_0x93_Y1_Y1 + +#define VMOVQ_SI_X11_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x1E +#define VMOVQ_SI_X12_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x26 +#define VMOVQ_SI_X13_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x2E +#define VMOVQ_SI_X14_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x36 +#define VMOVQ_SI_X15_0 BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x3E + +#define VMOVQ_SI_X11(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x5E; BYTE $n +#define VMOVQ_SI_X12(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x66; BYTE $n +#define VMOVQ_SI_X13(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x6E; BYTE $n +#define VMOVQ_SI_X14(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x76; BYTE $n +#define VMOVQ_SI_X15(n) BYTE $0xC5; BYTE $0x7A; BYTE $0x7E; BYTE $0x7E; BYTE $n + +#define VPINSRQ_1_SI_X11_0 BYTE $0xC4; BYTE $0x63; BYTE $0xA1; BYTE $0x22; BYTE $0x1E; BYTE $0x01 +#define VPINSRQ_1_SI_X12_0 BYTE $0xC4; BYTE $0x63; BYTE $0x99; BYTE $0x22; BYTE $0x26; BYTE $0x01 +#define VPINSRQ_1_SI_X13_0 BYTE $0xC4; BYTE $0x63; BYTE $0x91; BYTE $0x22; BYTE $0x2E; BYTE $0x01 +#define VPINSRQ_1_SI_X14_0 BYTE $0xC4; BYTE $0x63; BYTE $0x89; BYTE $0x22; BYTE $0x36; BYTE $0x01 +#define VPINSRQ_1_SI_X15_0 BYTE $0xC4; BYTE $0x63; BYTE $0x81; BYTE $0x22; BYTE $0x3E; BYTE $0x01 + +#define VPINSRQ_1_SI_X11(n) BYTE $0xC4; BYTE $0x63; BYTE $0xA1; BYTE $0x22; BYTE $0x5E; BYTE $n; BYTE $0x01 +#define VPINSRQ_1_SI_X12(n) BYTE $0xC4; BYTE $0x63; BYTE $0x99; BYTE $0x22; BYTE $0x66; BYTE $n; BYTE $0x01 +#define VPINSRQ_1_SI_X13(n) BYTE $0xC4; BYTE $0x63; BYTE $0x91; BYTE $0x22; BYTE $0x6E; BYTE $n; BYTE $0x01 +#define VPINSRQ_1_SI_X14(n) BYTE $0xC4; BYTE $0x63; BYTE $0x89; BYTE $0x22; BYTE $0x76; BYTE $n; BYTE $0x01 +#define VPINSRQ_1_SI_X15(n) BYTE $0xC4; BYTE $0x63; BYTE $0x81; BYTE $0x22; BYTE $0x7E; BYTE $n; BYTE $0x01 + +#define VMOVQ_R8_X15 BYTE $0xC4; BYTE $0x41; BYTE $0xF9; BYTE $0x6E; BYTE $0xF8 +#define VPINSRQ_1_R9_X15 BYTE $0xC4; BYTE $0x43; BYTE $0x81; BYTE $0x22; BYTE $0xF9; BYTE $0x01 + +// load msg: Y12 = (i0, i1, i2, i3) +// i0, i1, i2, i3 must not be 0 +#define LOAD_MSG_AVX2_Y12(i0, i1, i2, i3) \ + VMOVQ_SI_X12(i0*8); \ + VMOVQ_SI_X11(i2*8); \ + VPINSRQ_1_SI_X12(i1*8); \ + VPINSRQ_1_SI_X11(i3*8); \ + VINSERTI128 $1, X11, Y12, Y12 + +// load msg: Y13 = (i0, i1, i2, i3) +// i0, i1, i2, i3 must not be 0 +#define LOAD_MSG_AVX2_Y13(i0, i1, i2, i3) \ + VMOVQ_SI_X13(i0*8); \ + VMOVQ_SI_X11(i2*8); \ + VPINSRQ_1_SI_X13(i1*8); \ + VPINSRQ_1_SI_X11(i3*8); \ + VINSERTI128 $1, X11, Y13, Y13 + +// load msg: Y14 = (i0, i1, i2, i3) +// i0, i1, i2, i3 must not be 0 +#define LOAD_MSG_AVX2_Y14(i0, i1, i2, i3) \ + VMOVQ_SI_X14(i0*8); \ + VMOVQ_SI_X11(i2*8); \ + VPINSRQ_1_SI_X14(i1*8); \ + VPINSRQ_1_SI_X11(i3*8); \ + VINSERTI128 $1, X11, Y14, Y14 + +// load msg: Y15 = (i0, i1, i2, i3) +// i0, i1, i2, i3 must not be 0 +#define LOAD_MSG_AVX2_Y15(i0, i1, i2, i3) \ + VMOVQ_SI_X15(i0*8); \ + VMOVQ_SI_X11(i2*8); \ + VPINSRQ_1_SI_X15(i1*8); \ + VPINSRQ_1_SI_X11(i3*8); \ + VINSERTI128 $1, X11, Y15, Y15 + +#define LOAD_MSG_AVX2_0_2_4_6_1_3_5_7_8_10_12_14_9_11_13_15() \ + VMOVQ_SI_X12_0; \ + VMOVQ_SI_X11(4*8); \ + VPINSRQ_1_SI_X12(2*8); \ + VPINSRQ_1_SI_X11(6*8); \ + VINSERTI128 $1, X11, Y12, Y12; \ + LOAD_MSG_AVX2_Y13(1, 3, 5, 7); \ + LOAD_MSG_AVX2_Y14(8, 10, 12, 14); \ + LOAD_MSG_AVX2_Y15(9, 11, 13, 15) + +#define LOAD_MSG_AVX2_14_4_9_13_10_8_15_6_1_0_11_5_12_2_7_3() \ + LOAD_MSG_AVX2_Y12(14, 4, 9, 13); \ + LOAD_MSG_AVX2_Y13(10, 8, 15, 6); \ + VMOVQ_SI_X11(11*8); \ + VPSHUFD $0x4E, 0*8(SI), X14; \ + VPINSRQ_1_SI_X11(5*8); \ + VINSERTI128 $1, X11, Y14, Y14; \ + LOAD_MSG_AVX2_Y15(12, 2, 7, 3) + +#define LOAD_MSG_AVX2_11_12_5_15_8_0_2_13_10_3_7_9_14_6_1_4() \ + VMOVQ_SI_X11(5*8); \ + VMOVDQU 11*8(SI), X12; \ + VPINSRQ_1_SI_X11(15*8); \ + VINSERTI128 $1, X11, Y12, Y12; \ + VMOVQ_SI_X13(8*8); \ + VMOVQ_SI_X11(2*8); \ + VPINSRQ_1_SI_X13_0; \ + VPINSRQ_1_SI_X11(13*8); \ + VINSERTI128 $1, X11, Y13, Y13; \ + LOAD_MSG_AVX2_Y14(10, 3, 7, 9); \ + LOAD_MSG_AVX2_Y15(14, 6, 1, 4) + +#define LOAD_MSG_AVX2_7_3_13_11_9_1_12_14_2_5_4_15_6_10_0_8() \ + LOAD_MSG_AVX2_Y12(7, 3, 13, 11); \ + LOAD_MSG_AVX2_Y13(9, 1, 12, 14); \ + LOAD_MSG_AVX2_Y14(2, 5, 4, 15); \ + VMOVQ_SI_X15(6*8); \ + VMOVQ_SI_X11_0; \ + VPINSRQ_1_SI_X15(10*8); \ + VPINSRQ_1_SI_X11(8*8); \ + VINSERTI128 $1, X11, Y15, Y15 + +#define LOAD_MSG_AVX2_9_5_2_10_0_7_4_15_14_11_6_3_1_12_8_13() \ + LOAD_MSG_AVX2_Y12(9, 5, 2, 10); \ + VMOVQ_SI_X13_0; \ + VMOVQ_SI_X11(4*8); \ + VPINSRQ_1_SI_X13(7*8); \ + VPINSRQ_1_SI_X11(15*8); \ + VINSERTI128 $1, X11, Y13, Y13; \ + LOAD_MSG_AVX2_Y14(14, 11, 6, 3); \ + LOAD_MSG_AVX2_Y15(1, 12, 8, 13) + +#define LOAD_MSG_AVX2_2_6_0_8_12_10_11_3_4_7_15_1_13_5_14_9() \ + VMOVQ_SI_X12(2*8); \ + VMOVQ_SI_X11_0; \ + VPINSRQ_1_SI_X12(6*8); \ + VPINSRQ_1_SI_X11(8*8); \ + VINSERTI128 $1, X11, Y12, Y12; \ + LOAD_MSG_AVX2_Y13(12, 10, 11, 3); \ + LOAD_MSG_AVX2_Y14(4, 7, 15, 1); \ + LOAD_MSG_AVX2_Y15(13, 5, 14, 9) + +#define LOAD_MSG_AVX2_12_1_14_4_5_15_13_10_0_6_9_8_7_3_2_11() \ + LOAD_MSG_AVX2_Y12(12, 1, 14, 4); \ + LOAD_MSG_AVX2_Y13(5, 15, 13, 10); \ + VMOVQ_SI_X14_0; \ + VPSHUFD $0x4E, 8*8(SI), X11; \ + VPINSRQ_1_SI_X14(6*8); \ + VINSERTI128 $1, X11, Y14, Y14; \ + LOAD_MSG_AVX2_Y15(7, 3, 2, 11) + +#define LOAD_MSG_AVX2_13_7_12_3_11_14_1_9_5_15_8_2_0_4_6_10() \ + LOAD_MSG_AVX2_Y12(13, 7, 12, 3); \ + LOAD_MSG_AVX2_Y13(11, 14, 1, 9); \ + LOAD_MSG_AVX2_Y14(5, 15, 8, 2); \ + VMOVQ_SI_X15_0; \ + VMOVQ_SI_X11(6*8); \ + VPINSRQ_1_SI_X15(4*8); \ + VPINSRQ_1_SI_X11(10*8); \ + VINSERTI128 $1, X11, Y15, Y15 + +#define LOAD_MSG_AVX2_6_14_11_0_15_9_3_8_12_13_1_10_2_7_4_5() \ + VMOVQ_SI_X12(6*8); \ + VMOVQ_SI_X11(11*8); \ + VPINSRQ_1_SI_X12(14*8); \ + VPINSRQ_1_SI_X11_0; \ + VINSERTI128 $1, X11, Y12, Y12; \ + LOAD_MSG_AVX2_Y13(15, 9, 3, 8); \ + VMOVQ_SI_X11(1*8); \ + VMOVDQU 12*8(SI), X14; \ + VPINSRQ_1_SI_X11(10*8); \ + VINSERTI128 $1, X11, Y14, Y14; \ + VMOVQ_SI_X15(2*8); \ + VMOVDQU 4*8(SI), X11; \ + VPINSRQ_1_SI_X15(7*8); \ + VINSERTI128 $1, X11, Y15, Y15 + +#define LOAD_MSG_AVX2_10_8_7_1_2_4_6_5_15_9_3_13_11_14_12_0() \ + LOAD_MSG_AVX2_Y12(10, 8, 7, 1); \ + VMOVQ_SI_X13(2*8); \ + VPSHUFD $0x4E, 5*8(SI), X11; \ + VPINSRQ_1_SI_X13(4*8); \ + VINSERTI128 $1, X11, Y13, Y13; \ + LOAD_MSG_AVX2_Y14(15, 9, 3, 13); \ + VMOVQ_SI_X15(11*8); \ + VMOVQ_SI_X11(12*8); \ + VPINSRQ_1_SI_X15(14*8); \ + VPINSRQ_1_SI_X11_0; \ + VINSERTI128 $1, X11, Y15, Y15 + +// func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) +TEXT ·hashBlocksAVX2(SB), 4, $320-48 // frame size = 288 + 32 byte alignment + MOVQ h+0(FP), AX + MOVQ c+8(FP), BX + MOVQ flag+16(FP), CX + MOVQ blocks_base+24(FP), SI + MOVQ blocks_len+32(FP), DI + + MOVQ SP, DX + ADDQ $31, DX + ANDQ $~31, DX + + MOVQ CX, 16(DX) + XORQ CX, CX + MOVQ CX, 24(DX) + + VMOVDQU ·AVX2_c40<>(SB), Y4 + VMOVDQU ·AVX2_c48<>(SB), Y5 + + VMOVDQU 0(AX), Y8 + VMOVDQU 32(AX), Y9 + VMOVDQU ·AVX2_iv0<>(SB), Y6 + VMOVDQU ·AVX2_iv1<>(SB), Y7 + + MOVQ 0(BX), R8 + MOVQ 8(BX), R9 + MOVQ R9, 8(DX) + +loop: + ADDQ $128, R8 + MOVQ R8, 0(DX) + CMPQ R8, $128 + JGE noinc + INCQ R9 + MOVQ R9, 8(DX) + +noinc: + VMOVDQA Y8, Y0 + VMOVDQA Y9, Y1 + VMOVDQA Y6, Y2 + VPXOR 0(DX), Y7, Y3 + + LOAD_MSG_AVX2_0_2_4_6_1_3_5_7_8_10_12_14_9_11_13_15() + VMOVDQA Y12, 32(DX) + VMOVDQA Y13, 64(DX) + VMOVDQA Y14, 96(DX) + VMOVDQA Y15, 128(DX) + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_14_4_9_13_10_8_15_6_1_0_11_5_12_2_7_3() + VMOVDQA Y12, 160(DX) + VMOVDQA Y13, 192(DX) + VMOVDQA Y14, 224(DX) + VMOVDQA Y15, 256(DX) + + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_11_12_5_15_8_0_2_13_10_3_7_9_14_6_1_4() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_7_3_13_11_9_1_12_14_2_5_4_15_6_10_0_8() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_9_5_2_10_0_7_4_15_14_11_6_3_1_12_8_13() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_2_6_0_8_12_10_11_3_4_7_15_1_13_5_14_9() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_12_1_14_4_5_15_13_10_0_6_9_8_7_3_2_11() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_13_7_12_3_11_14_1_9_5_15_8_2_0_4_6_10() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_6_14_11_0_15_9_3_8_12_13_1_10_2_7_4_5() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + LOAD_MSG_AVX2_10_8_7_1_2_4_6_5_15_9_3_13_11_14_12_0() + ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5) + + ROUND_AVX2(32(DX), 64(DX), 96(DX), 128(DX), Y10, Y4, Y5) + ROUND_AVX2(160(DX), 192(DX), 224(DX), 256(DX), Y10, Y4, Y5) + + VPXOR Y0, Y8, Y8 + VPXOR Y1, Y9, Y9 + VPXOR Y2, Y8, Y8 + VPXOR Y3, Y9, Y9 + + LEAQ 128(SI), SI + SUBQ $128, DI + JNE loop + + MOVQ R8, 0(BX) + MOVQ R9, 8(BX) + + VMOVDQU Y8, 0(AX) + VMOVDQU Y9, 32(AX) + VZEROUPPER + + RET + +#define VPUNPCKLQDQ_X2_X2_X15 BYTE $0xC5; BYTE $0x69; BYTE $0x6C; BYTE $0xFA +#define VPUNPCKLQDQ_X3_X3_X15 BYTE $0xC5; BYTE $0x61; BYTE $0x6C; BYTE $0xFB +#define VPUNPCKLQDQ_X7_X7_X15 BYTE $0xC5; BYTE $0x41; BYTE $0x6C; BYTE $0xFF +#define VPUNPCKLQDQ_X13_X13_X15 BYTE $0xC4; BYTE $0x41; BYTE $0x11; BYTE $0x6C; BYTE $0xFD +#define VPUNPCKLQDQ_X14_X14_X15 BYTE $0xC4; BYTE $0x41; BYTE $0x09; BYTE $0x6C; BYTE $0xFE + +#define VPUNPCKHQDQ_X15_X2_X2 BYTE $0xC4; BYTE $0xC1; BYTE $0x69; BYTE $0x6D; BYTE $0xD7 +#define VPUNPCKHQDQ_X15_X3_X3 BYTE $0xC4; BYTE $0xC1; BYTE $0x61; BYTE $0x6D; BYTE $0xDF +#define VPUNPCKHQDQ_X15_X6_X6 BYTE $0xC4; BYTE $0xC1; BYTE $0x49; BYTE $0x6D; BYTE $0xF7 +#define VPUNPCKHQDQ_X15_X7_X7 BYTE $0xC4; BYTE $0xC1; BYTE $0x41; BYTE $0x6D; BYTE $0xFF +#define VPUNPCKHQDQ_X15_X3_X2 BYTE $0xC4; BYTE $0xC1; BYTE $0x61; BYTE $0x6D; BYTE $0xD7 +#define VPUNPCKHQDQ_X15_X7_X6 BYTE $0xC4; BYTE $0xC1; BYTE $0x41; BYTE $0x6D; BYTE $0xF7 +#define VPUNPCKHQDQ_X15_X13_X3 BYTE $0xC4; BYTE $0xC1; BYTE $0x11; BYTE $0x6D; BYTE $0xDF +#define VPUNPCKHQDQ_X15_X13_X7 BYTE $0xC4; BYTE $0xC1; BYTE $0x11; BYTE $0x6D; BYTE $0xFF + +#define SHUFFLE_AVX() \ + VMOVDQA X6, X13; \ + VMOVDQA X2, X14; \ + VMOVDQA X4, X6; \ + VPUNPCKLQDQ_X13_X13_X15; \ + VMOVDQA X5, X4; \ + VMOVDQA X6, X5; \ + VPUNPCKHQDQ_X15_X7_X6; \ + VPUNPCKLQDQ_X7_X7_X15; \ + VPUNPCKHQDQ_X15_X13_X7; \ + VPUNPCKLQDQ_X3_X3_X15; \ + VPUNPCKHQDQ_X15_X2_X2; \ + VPUNPCKLQDQ_X14_X14_X15; \ + VPUNPCKHQDQ_X15_X3_X3; \ + +#define SHUFFLE_AVX_INV() \ + VMOVDQA X2, X13; \ + VMOVDQA X4, X14; \ + VPUNPCKLQDQ_X2_X2_X15; \ + VMOVDQA X5, X4; \ + VPUNPCKHQDQ_X15_X3_X2; \ + VMOVDQA X14, X5; \ + VPUNPCKLQDQ_X3_X3_X15; \ + VMOVDQA X6, X14; \ + VPUNPCKHQDQ_X15_X13_X3; \ + VPUNPCKLQDQ_X7_X7_X15; \ + VPUNPCKHQDQ_X15_X6_X6; \ + VPUNPCKLQDQ_X14_X14_X15; \ + VPUNPCKHQDQ_X15_X7_X7; \ + +#define HALF_ROUND_AVX(v0, v1, v2, v3, v4, v5, v6, v7, m0, m1, m2, m3, t0, c40, c48) \ + VPADDQ m0, v0, v0; \ + VPADDQ v2, v0, v0; \ + VPADDQ m1, v1, v1; \ + VPADDQ v3, v1, v1; \ + VPXOR v0, v6, v6; \ + VPXOR v1, v7, v7; \ + VPSHUFD $-79, v6, v6; \ + VPSHUFD $-79, v7, v7; \ + VPADDQ v6, v4, v4; \ + VPADDQ v7, v5, v5; \ + VPXOR v4, v2, v2; \ + VPXOR v5, v3, v3; \ + VPSHUFB c40, v2, v2; \ + VPSHUFB c40, v3, v3; \ + VPADDQ m2, v0, v0; \ + VPADDQ v2, v0, v0; \ + VPADDQ m3, v1, v1; \ + VPADDQ v3, v1, v1; \ + VPXOR v0, v6, v6; \ + VPXOR v1, v7, v7; \ + VPSHUFB c48, v6, v6; \ + VPSHUFB c48, v7, v7; \ + VPADDQ v6, v4, v4; \ + VPADDQ v7, v5, v5; \ + VPXOR v4, v2, v2; \ + VPXOR v5, v3, v3; \ + VPADDQ v2, v2, t0; \ + VPSRLQ $63, v2, v2; \ + VPXOR t0, v2, v2; \ + VPADDQ v3, v3, t0; \ + VPSRLQ $63, v3, v3; \ + VPXOR t0, v3, v3 + +// load msg: X12 = (i0, i1), X13 = (i2, i3), X14 = (i4, i5), X15 = (i6, i7) +// i0, i1, i2, i3, i4, i5, i6, i7 must not be 0 +#define LOAD_MSG_AVX(i0, i1, i2, i3, i4, i5, i6, i7) \ + VMOVQ_SI_X12(i0*8); \ + VMOVQ_SI_X13(i2*8); \ + VMOVQ_SI_X14(i4*8); \ + VMOVQ_SI_X15(i6*8); \ + VPINSRQ_1_SI_X12(i1*8); \ + VPINSRQ_1_SI_X13(i3*8); \ + VPINSRQ_1_SI_X14(i5*8); \ + VPINSRQ_1_SI_X15(i7*8) + +// load msg: X12 = (0, 2), X13 = (4, 6), X14 = (1, 3), X15 = (5, 7) +#define LOAD_MSG_AVX_0_2_4_6_1_3_5_7() \ + VMOVQ_SI_X12_0; \ + VMOVQ_SI_X13(4*8); \ + VMOVQ_SI_X14(1*8); \ + VMOVQ_SI_X15(5*8); \ + VPINSRQ_1_SI_X12(2*8); \ + VPINSRQ_1_SI_X13(6*8); \ + VPINSRQ_1_SI_X14(3*8); \ + VPINSRQ_1_SI_X15(7*8) + +// load msg: X12 = (1, 0), X13 = (11, 5), X14 = (12, 2), X15 = (7, 3) +#define LOAD_MSG_AVX_1_0_11_5_12_2_7_3() \ + VPSHUFD $0x4E, 0*8(SI), X12; \ + VMOVQ_SI_X13(11*8); \ + VMOVQ_SI_X14(12*8); \ + VMOVQ_SI_X15(7*8); \ + VPINSRQ_1_SI_X13(5*8); \ + VPINSRQ_1_SI_X14(2*8); \ + VPINSRQ_1_SI_X15(3*8) + +// load msg: X12 = (11, 12), X13 = (5, 15), X14 = (8, 0), X15 = (2, 13) +#define LOAD_MSG_AVX_11_12_5_15_8_0_2_13() \ + VMOVDQU 11*8(SI), X12; \ + VMOVQ_SI_X13(5*8); \ + VMOVQ_SI_X14(8*8); \ + VMOVQ_SI_X15(2*8); \ + VPINSRQ_1_SI_X13(15*8); \ + VPINSRQ_1_SI_X14_0; \ + VPINSRQ_1_SI_X15(13*8) + +// load msg: X12 = (2, 5), X13 = (4, 15), X14 = (6, 10), X15 = (0, 8) +#define LOAD_MSG_AVX_2_5_4_15_6_10_0_8() \ + VMOVQ_SI_X12(2*8); \ + VMOVQ_SI_X13(4*8); \ + VMOVQ_SI_X14(6*8); \ + VMOVQ_SI_X15_0; \ + VPINSRQ_1_SI_X12(5*8); \ + VPINSRQ_1_SI_X13(15*8); \ + VPINSRQ_1_SI_X14(10*8); \ + VPINSRQ_1_SI_X15(8*8) + +// load msg: X12 = (9, 5), X13 = (2, 10), X14 = (0, 7), X15 = (4, 15) +#define LOAD_MSG_AVX_9_5_2_10_0_7_4_15() \ + VMOVQ_SI_X12(9*8); \ + VMOVQ_SI_X13(2*8); \ + VMOVQ_SI_X14_0; \ + VMOVQ_SI_X15(4*8); \ + VPINSRQ_1_SI_X12(5*8); \ + VPINSRQ_1_SI_X13(10*8); \ + VPINSRQ_1_SI_X14(7*8); \ + VPINSRQ_1_SI_X15(15*8) + +// load msg: X12 = (2, 6), X13 = (0, 8), X14 = (12, 10), X15 = (11, 3) +#define LOAD_MSG_AVX_2_6_0_8_12_10_11_3() \ + VMOVQ_SI_X12(2*8); \ + VMOVQ_SI_X13_0; \ + VMOVQ_SI_X14(12*8); \ + VMOVQ_SI_X15(11*8); \ + VPINSRQ_1_SI_X12(6*8); \ + VPINSRQ_1_SI_X13(8*8); \ + VPINSRQ_1_SI_X14(10*8); \ + VPINSRQ_1_SI_X15(3*8) + +// load msg: X12 = (0, 6), X13 = (9, 8), X14 = (7, 3), X15 = (2, 11) +#define LOAD_MSG_AVX_0_6_9_8_7_3_2_11() \ + MOVQ 0*8(SI), X12; \ + VPSHUFD $0x4E, 8*8(SI), X13; \ + MOVQ 7*8(SI), X14; \ + MOVQ 2*8(SI), X15; \ + VPINSRQ_1_SI_X12(6*8); \ + VPINSRQ_1_SI_X14(3*8); \ + VPINSRQ_1_SI_X15(11*8) + +// load msg: X12 = (6, 14), X13 = (11, 0), X14 = (15, 9), X15 = (3, 8) +#define LOAD_MSG_AVX_6_14_11_0_15_9_3_8() \ + MOVQ 6*8(SI), X12; \ + MOVQ 11*8(SI), X13; \ + MOVQ 15*8(SI), X14; \ + MOVQ 3*8(SI), X15; \ + VPINSRQ_1_SI_X12(14*8); \ + VPINSRQ_1_SI_X13_0; \ + VPINSRQ_1_SI_X14(9*8); \ + VPINSRQ_1_SI_X15(8*8) + +// load msg: X12 = (5, 15), X13 = (8, 2), X14 = (0, 4), X15 = (6, 10) +#define LOAD_MSG_AVX_5_15_8_2_0_4_6_10() \ + MOVQ 5*8(SI), X12; \ + MOVQ 8*8(SI), X13; \ + MOVQ 0*8(SI), X14; \ + MOVQ 6*8(SI), X15; \ + VPINSRQ_1_SI_X12(15*8); \ + VPINSRQ_1_SI_X13(2*8); \ + VPINSRQ_1_SI_X14(4*8); \ + VPINSRQ_1_SI_X15(10*8) + +// load msg: X12 = (12, 13), X13 = (1, 10), X14 = (2, 7), X15 = (4, 5) +#define LOAD_MSG_AVX_12_13_1_10_2_7_4_5() \ + VMOVDQU 12*8(SI), X12; \ + MOVQ 1*8(SI), X13; \ + MOVQ 2*8(SI), X14; \ + VPINSRQ_1_SI_X13(10*8); \ + VPINSRQ_1_SI_X14(7*8); \ + VMOVDQU 4*8(SI), X15 + +// load msg: X12 = (15, 9), X13 = (3, 13), X14 = (11, 14), X15 = (12, 0) +#define LOAD_MSG_AVX_15_9_3_13_11_14_12_0() \ + MOVQ 15*8(SI), X12; \ + MOVQ 3*8(SI), X13; \ + MOVQ 11*8(SI), X14; \ + MOVQ 12*8(SI), X15; \ + VPINSRQ_1_SI_X12(9*8); \ + VPINSRQ_1_SI_X13(13*8); \ + VPINSRQ_1_SI_X14(14*8); \ + VPINSRQ_1_SI_X15_0 + +// func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) +TEXT ·hashBlocksAVX(SB), 4, $288-48 // frame size = 272 + 16 byte alignment + MOVQ h+0(FP), AX + MOVQ c+8(FP), BX + MOVQ flag+16(FP), CX + MOVQ blocks_base+24(FP), SI + MOVQ blocks_len+32(FP), DI + + MOVQ SP, R10 + ADDQ $15, R10 + ANDQ $~15, R10 + + VMOVDQU ·AVX_c40<>(SB), X0 + VMOVDQU ·AVX_c48<>(SB), X1 + VMOVDQA X0, X8 + VMOVDQA X1, X9 + + VMOVDQU ·AVX_iv3<>(SB), X0 + VMOVDQA X0, 0(R10) + XORQ CX, 0(R10) // 0(R10) = ·AVX_iv3 ^ (CX || 0) + + VMOVDQU 0(AX), X10 + VMOVDQU 16(AX), X11 + VMOVDQU 32(AX), X2 + VMOVDQU 48(AX), X3 + + MOVQ 0(BX), R8 + MOVQ 8(BX), R9 + +loop: + ADDQ $128, R8 + CMPQ R8, $128 + JGE noinc + INCQ R9 + +noinc: + VMOVQ_R8_X15 + VPINSRQ_1_R9_X15 + + VMOVDQA X10, X0 + VMOVDQA X11, X1 + VMOVDQU ·AVX_iv0<>(SB), X4 + VMOVDQU ·AVX_iv1<>(SB), X5 + VMOVDQU ·AVX_iv2<>(SB), X6 + + VPXOR X15, X6, X6 + VMOVDQA 0(R10), X7 + + LOAD_MSG_AVX_0_2_4_6_1_3_5_7() + VMOVDQA X12, 16(R10) + VMOVDQA X13, 32(R10) + VMOVDQA X14, 48(R10) + VMOVDQA X15, 64(R10) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX(8, 10, 12, 14, 9, 11, 13, 15) + VMOVDQA X12, 80(R10) + VMOVDQA X13, 96(R10) + VMOVDQA X14, 112(R10) + VMOVDQA X15, 128(R10) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX(14, 4, 9, 13, 10, 8, 15, 6) + VMOVDQA X12, 144(R10) + VMOVDQA X13, 160(R10) + VMOVDQA X14, 176(R10) + VMOVDQA X15, 192(R10) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX_1_0_11_5_12_2_7_3() + VMOVDQA X12, 208(R10) + VMOVDQA X13, 224(R10) + VMOVDQA X14, 240(R10) + VMOVDQA X15, 256(R10) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX_11_12_5_15_8_0_2_13() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX(10, 3, 7, 9, 14, 6, 1, 4) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX(7, 3, 13, 11, 9, 1, 12, 14) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX_2_5_4_15_6_10_0_8() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX_9_5_2_10_0_7_4_15() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX(14, 11, 6, 3, 1, 12, 8, 13) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX_2_6_0_8_12_10_11_3() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX(4, 7, 15, 1, 13, 5, 14, 9) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX(12, 1, 14, 4, 5, 15, 13, 10) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX_0_6_9_8_7_3_2_11() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX(13, 7, 12, 3, 11, 14, 1, 9) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX_5_15_8_2_0_4_6_10() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX_6_14_11_0_15_9_3_8() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX_12_13_1_10_2_7_4_5() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + LOAD_MSG_AVX(10, 8, 7, 1, 2, 4, 6, 5) + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX() + LOAD_MSG_AVX_15_9_3_13_11_14_12_0() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9) + SHUFFLE_AVX_INV() + + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 16(R10), 32(R10), 48(R10), 64(R10), X15, X8, X9) + SHUFFLE_AVX() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 80(R10), 96(R10), 112(R10), 128(R10), X15, X8, X9) + SHUFFLE_AVX_INV() + + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 144(R10), 160(R10), 176(R10), 192(R10), X15, X8, X9) + SHUFFLE_AVX() + HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 208(R10), 224(R10), 240(R10), 256(R10), X15, X8, X9) + SHUFFLE_AVX_INV() + + VMOVDQU 32(AX), X14 + VMOVDQU 48(AX), X15 + VPXOR X0, X10, X10 + VPXOR X1, X11, X11 + VPXOR X2, X14, X14 + VPXOR X3, X15, X15 + VPXOR X4, X10, X10 + VPXOR X5, X11, X11 + VPXOR X6, X14, X2 + VPXOR X7, X15, X3 + VMOVDQU X2, 32(AX) + VMOVDQU X3, 48(AX) + + LEAQ 128(SI), SI + SUBQ $128, DI + JNE loop + + VMOVDQU X10, 0(AX) + VMOVDQU X11, 16(AX) + + MOVQ R8, 0(BX) + MOVQ R9, 8(BX) + VZEROUPPER + + RET diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go new file mode 100644 index 0000000000..5fa1b32841 --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go @@ -0,0 +1,25 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.7 && amd64 && gc && !purego +// +build !go1.7,amd64,gc,!purego + +package blake2b + +import "golang.org/x/sys/cpu" + +func init() { + useSSE4 = cpu.X86.HasSSE41 +} + +//go:noescape +func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) + +func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { + if useSSE4 { + hashBlocksSSE4(h, c, flag, blocks) + } else { + hashBlocksGeneric(h, c, flag, blocks) + } +} diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s new file mode 100644 index 0000000000..ae75eb9afc --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s @@ -0,0 +1,279 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build amd64 && gc && !purego +// +build amd64,gc,!purego + +#include "textflag.h" + +DATA ·iv0<>+0x00(SB)/8, $0x6a09e667f3bcc908 +DATA ·iv0<>+0x08(SB)/8, $0xbb67ae8584caa73b +GLOBL ·iv0<>(SB), (NOPTR+RODATA), $16 + +DATA ·iv1<>+0x00(SB)/8, $0x3c6ef372fe94f82b +DATA ·iv1<>+0x08(SB)/8, $0xa54ff53a5f1d36f1 +GLOBL ·iv1<>(SB), (NOPTR+RODATA), $16 + +DATA ·iv2<>+0x00(SB)/8, $0x510e527fade682d1 +DATA ·iv2<>+0x08(SB)/8, $0x9b05688c2b3e6c1f +GLOBL ·iv2<>(SB), (NOPTR+RODATA), $16 + +DATA ·iv3<>+0x00(SB)/8, $0x1f83d9abfb41bd6b +DATA ·iv3<>+0x08(SB)/8, $0x5be0cd19137e2179 +GLOBL ·iv3<>(SB), (NOPTR+RODATA), $16 + +DATA ·c40<>+0x00(SB)/8, $0x0201000706050403 +DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b +GLOBL ·c40<>(SB), (NOPTR+RODATA), $16 + +DATA ·c48<>+0x00(SB)/8, $0x0100070605040302 +DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a +GLOBL ·c48<>(SB), (NOPTR+RODATA), $16 + +#define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \ + MOVO v4, t1; \ + MOVO v5, v4; \ + MOVO t1, v5; \ + MOVO v6, t1; \ + PUNPCKLQDQ v6, t2; \ + PUNPCKHQDQ v7, v6; \ + PUNPCKHQDQ t2, v6; \ + PUNPCKLQDQ v7, t2; \ + MOVO t1, v7; \ + MOVO v2, t1; \ + PUNPCKHQDQ t2, v7; \ + PUNPCKLQDQ v3, t2; \ + PUNPCKHQDQ t2, v2; \ + PUNPCKLQDQ t1, t2; \ + PUNPCKHQDQ t2, v3 + +#define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \ + MOVO v4, t1; \ + MOVO v5, v4; \ + MOVO t1, v5; \ + MOVO v2, t1; \ + PUNPCKLQDQ v2, t2; \ + PUNPCKHQDQ v3, v2; \ + PUNPCKHQDQ t2, v2; \ + PUNPCKLQDQ v3, t2; \ + MOVO t1, v3; \ + MOVO v6, t1; \ + PUNPCKHQDQ t2, v3; \ + PUNPCKLQDQ v7, t2; \ + PUNPCKHQDQ t2, v6; \ + PUNPCKLQDQ t1, t2; \ + PUNPCKHQDQ t2, v7 + +#define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, m0, m1, m2, m3, t0, c40, c48) \ + PADDQ m0, v0; \ + PADDQ m1, v1; \ + PADDQ v2, v0; \ + PADDQ v3, v1; \ + PXOR v0, v6; \ + PXOR v1, v7; \ + PSHUFD $0xB1, v6, v6; \ + PSHUFD $0xB1, v7, v7; \ + PADDQ v6, v4; \ + PADDQ v7, v5; \ + PXOR v4, v2; \ + PXOR v5, v3; \ + PSHUFB c40, v2; \ + PSHUFB c40, v3; \ + PADDQ m2, v0; \ + PADDQ m3, v1; \ + PADDQ v2, v0; \ + PADDQ v3, v1; \ + PXOR v0, v6; \ + PXOR v1, v7; \ + PSHUFB c48, v6; \ + PSHUFB c48, v7; \ + PADDQ v6, v4; \ + PADDQ v7, v5; \ + PXOR v4, v2; \ + PXOR v5, v3; \ + MOVOU v2, t0; \ + PADDQ v2, t0; \ + PSRLQ $63, v2; \ + PXOR t0, v2; \ + MOVOU v3, t0; \ + PADDQ v3, t0; \ + PSRLQ $63, v3; \ + PXOR t0, v3 + +#define LOAD_MSG(m0, m1, m2, m3, src, i0, i1, i2, i3, i4, i5, i6, i7) \ + MOVQ i0*8(src), m0; \ + PINSRQ $1, i1*8(src), m0; \ + MOVQ i2*8(src), m1; \ + PINSRQ $1, i3*8(src), m1; \ + MOVQ i4*8(src), m2; \ + PINSRQ $1, i5*8(src), m2; \ + MOVQ i6*8(src), m3; \ + PINSRQ $1, i7*8(src), m3 + +// func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) +TEXT ·hashBlocksSSE4(SB), 4, $288-48 // frame size = 272 + 16 byte alignment + MOVQ h+0(FP), AX + MOVQ c+8(FP), BX + MOVQ flag+16(FP), CX + MOVQ blocks_base+24(FP), SI + MOVQ blocks_len+32(FP), DI + + MOVQ SP, R10 + ADDQ $15, R10 + ANDQ $~15, R10 + + MOVOU ·iv3<>(SB), X0 + MOVO X0, 0(R10) + XORQ CX, 0(R10) // 0(R10) = ·iv3 ^ (CX || 0) + + MOVOU ·c40<>(SB), X13 + MOVOU ·c48<>(SB), X14 + + MOVOU 0(AX), X12 + MOVOU 16(AX), X15 + + MOVQ 0(BX), R8 + MOVQ 8(BX), R9 + +loop: + ADDQ $128, R8 + CMPQ R8, $128 + JGE noinc + INCQ R9 + +noinc: + MOVQ R8, X8 + PINSRQ $1, R9, X8 + + MOVO X12, X0 + MOVO X15, X1 + MOVOU 32(AX), X2 + MOVOU 48(AX), X3 + MOVOU ·iv0<>(SB), X4 + MOVOU ·iv1<>(SB), X5 + MOVOU ·iv2<>(SB), X6 + + PXOR X8, X6 + MOVO 0(R10), X7 + + LOAD_MSG(X8, X9, X10, X11, SI, 0, 2, 4, 6, 1, 3, 5, 7) + MOVO X8, 16(R10) + MOVO X9, 32(R10) + MOVO X10, 48(R10) + MOVO X11, 64(R10) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 8, 10, 12, 14, 9, 11, 13, 15) + MOVO X8, 80(R10) + MOVO X9, 96(R10) + MOVO X10, 112(R10) + MOVO X11, 128(R10) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 14, 4, 9, 13, 10, 8, 15, 6) + MOVO X8, 144(R10) + MOVO X9, 160(R10) + MOVO X10, 176(R10) + MOVO X11, 192(R10) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 1, 0, 11, 5, 12, 2, 7, 3) + MOVO X8, 208(R10) + MOVO X9, 224(R10) + MOVO X10, 240(R10) + MOVO X11, 256(R10) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 11, 12, 5, 15, 8, 0, 2, 13) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 10, 3, 7, 9, 14, 6, 1, 4) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 7, 3, 13, 11, 9, 1, 12, 14) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 2, 5, 4, 15, 6, 10, 0, 8) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 9, 5, 2, 10, 0, 7, 4, 15) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 14, 11, 6, 3, 1, 12, 8, 13) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 2, 6, 0, 8, 12, 10, 11, 3) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 4, 7, 15, 1, 13, 5, 14, 9) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 12, 1, 14, 4, 5, 15, 13, 10) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 0, 6, 9, 8, 7, 3, 2, 11) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 13, 7, 12, 3, 11, 14, 1, 9) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 5, 15, 8, 2, 0, 4, 6, 10) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 6, 14, 11, 0, 15, 9, 3, 8) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 12, 13, 1, 10, 2, 7, 4, 5) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + LOAD_MSG(X8, X9, X10, X11, SI, 10, 8, 7, 1, 2, 4, 6, 5) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + LOAD_MSG(X8, X9, X10, X11, SI, 15, 9, 3, 13, 11, 14, 12, 0) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 16(R10), 32(R10), 48(R10), 64(R10), X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 80(R10), 96(R10), 112(R10), 128(R10), X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 144(R10), 160(R10), 176(R10), 192(R10), X11, X13, X14) + SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9) + HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 208(R10), 224(R10), 240(R10), 256(R10), X11, X13, X14) + SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9) + + MOVOU 32(AX), X10 + MOVOU 48(AX), X11 + PXOR X0, X12 + PXOR X1, X15 + PXOR X2, X10 + PXOR X3, X11 + PXOR X4, X12 + PXOR X5, X15 + PXOR X6, X10 + PXOR X7, X11 + MOVOU X10, 32(AX) + MOVOU X11, 48(AX) + + LEAQ 128(SI), SI + SUBQ $128, DI + JNE loop + + MOVOU X12, 0(AX) + MOVOU X15, 16(AX) + + MOVQ R8, 0(BX) + MOVQ R9, 8(BX) + + RET diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go new file mode 100644 index 0000000000..3168a8aa3c --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go @@ -0,0 +1,182 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package blake2b + +import ( + "encoding/binary" + "math/bits" +) + +// the precomputed values for BLAKE2b +// there are 12 16-byte arrays - one for each round +// the entries are calculated from the sigma constants. +var precomputed = [12][16]byte{ + {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, + {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, + {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4}, + {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8}, + {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13}, + {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9}, + {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11}, + {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10}, + {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5}, + {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0}, + {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, // equal to the first + {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, // equal to the second +} + +func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { + var m [16]uint64 + c0, c1 := c[0], c[1] + + for i := 0; i < len(blocks); { + c0 += BlockSize + if c0 < BlockSize { + c1++ + } + + v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7] + v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7] + v12 ^= c0 + v13 ^= c1 + v14 ^= flag + + for j := range m { + m[j] = binary.LittleEndian.Uint64(blocks[i:]) + i += 8 + } + + for j := range precomputed { + s := &(precomputed[j]) + + v0 += m[s[0]] + v0 += v4 + v12 ^= v0 + v12 = bits.RotateLeft64(v12, -32) + v8 += v12 + v4 ^= v8 + v4 = bits.RotateLeft64(v4, -24) + v1 += m[s[1]] + v1 += v5 + v13 ^= v1 + v13 = bits.RotateLeft64(v13, -32) + v9 += v13 + v5 ^= v9 + v5 = bits.RotateLeft64(v5, -24) + v2 += m[s[2]] + v2 += v6 + v14 ^= v2 + v14 = bits.RotateLeft64(v14, -32) + v10 += v14 + v6 ^= v10 + v6 = bits.RotateLeft64(v6, -24) + v3 += m[s[3]] + v3 += v7 + v15 ^= v3 + v15 = bits.RotateLeft64(v15, -32) + v11 += v15 + v7 ^= v11 + v7 = bits.RotateLeft64(v7, -24) + + v0 += m[s[4]] + v0 += v4 + v12 ^= v0 + v12 = bits.RotateLeft64(v12, -16) + v8 += v12 + v4 ^= v8 + v4 = bits.RotateLeft64(v4, -63) + v1 += m[s[5]] + v1 += v5 + v13 ^= v1 + v13 = bits.RotateLeft64(v13, -16) + v9 += v13 + v5 ^= v9 + v5 = bits.RotateLeft64(v5, -63) + v2 += m[s[6]] + v2 += v6 + v14 ^= v2 + v14 = bits.RotateLeft64(v14, -16) + v10 += v14 + v6 ^= v10 + v6 = bits.RotateLeft64(v6, -63) + v3 += m[s[7]] + v3 += v7 + v15 ^= v3 + v15 = bits.RotateLeft64(v15, -16) + v11 += v15 + v7 ^= v11 + v7 = bits.RotateLeft64(v7, -63) + + v0 += m[s[8]] + v0 += v5 + v15 ^= v0 + v15 = bits.RotateLeft64(v15, -32) + v10 += v15 + v5 ^= v10 + v5 = bits.RotateLeft64(v5, -24) + v1 += m[s[9]] + v1 += v6 + v12 ^= v1 + v12 = bits.RotateLeft64(v12, -32) + v11 += v12 + v6 ^= v11 + v6 = bits.RotateLeft64(v6, -24) + v2 += m[s[10]] + v2 += v7 + v13 ^= v2 + v13 = bits.RotateLeft64(v13, -32) + v8 += v13 + v7 ^= v8 + v7 = bits.RotateLeft64(v7, -24) + v3 += m[s[11]] + v3 += v4 + v14 ^= v3 + v14 = bits.RotateLeft64(v14, -32) + v9 += v14 + v4 ^= v9 + v4 = bits.RotateLeft64(v4, -24) + + v0 += m[s[12]] + v0 += v5 + v15 ^= v0 + v15 = bits.RotateLeft64(v15, -16) + v10 += v15 + v5 ^= v10 + v5 = bits.RotateLeft64(v5, -63) + v1 += m[s[13]] + v1 += v6 + v12 ^= v1 + v12 = bits.RotateLeft64(v12, -16) + v11 += v12 + v6 ^= v11 + v6 = bits.RotateLeft64(v6, -63) + v2 += m[s[14]] + v2 += v7 + v13 ^= v2 + v13 = bits.RotateLeft64(v13, -16) + v8 += v13 + v7 ^= v8 + v7 = bits.RotateLeft64(v7, -63) + v3 += m[s[15]] + v3 += v4 + v14 ^= v3 + v14 = bits.RotateLeft64(v14, -16) + v9 += v14 + v4 ^= v9 + v4 = bits.RotateLeft64(v4, -63) + + } + + h[0] ^= v0 ^ v8 + h[1] ^= v1 ^ v9 + h[2] ^= v2 ^ v10 + h[3] ^= v3 ^ v11 + h[4] ^= v4 ^ v12 + h[5] ^= v5 ^ v13 + h[6] ^= v6 ^ v14 + h[7] ^= v7 ^ v15 + } + c[0], c[1] = c0, c1 +} diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go new file mode 100644 index 0000000000..b0137cdf02 --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go @@ -0,0 +1,12 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !amd64 || purego || !gc +// +build !amd64 purego !gc + +package blake2b + +func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) { + hashBlocksGeneric(h, c, flag, blocks) +} diff --git a/vendor/golang.org/x/crypto/blake2b/blake2x.go b/vendor/golang.org/x/crypto/blake2b/blake2x.go new file mode 100644 index 0000000000..52c414db0e --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/blake2x.go @@ -0,0 +1,177 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package blake2b + +import ( + "encoding/binary" + "errors" + "io" +) + +// XOF defines the interface to hash functions that +// support arbitrary-length output. +type XOF interface { + // Write absorbs more data into the hash's state. It panics if called + // after Read. + io.Writer + + // Read reads more output from the hash. It returns io.EOF if the limit + // has been reached. + io.Reader + + // Clone returns a copy of the XOF in its current state. + Clone() XOF + + // Reset resets the XOF to its initial state. + Reset() +} + +// OutputLengthUnknown can be used as the size argument to NewXOF to indicate +// the length of the output is not known in advance. +const OutputLengthUnknown = 0 + +// magicUnknownOutputLength is a magic value for the output size that indicates +// an unknown number of output bytes. +const magicUnknownOutputLength = (1 << 32) - 1 + +// maxOutputLength is the absolute maximum number of bytes to produce when the +// number of output bytes is unknown. +const maxOutputLength = (1 << 32) * 64 + +// NewXOF creates a new variable-output-length hash. The hash either produce a +// known number of bytes (1 <= size < 2**32-1), or an unknown number of bytes +// (size == OutputLengthUnknown). In the latter case, an absolute limit of +// 256GiB applies. +// +// A non-nil key turns the hash into a MAC. The key must between +// zero and 32 bytes long. +func NewXOF(size uint32, key []byte) (XOF, error) { + if len(key) > Size { + return nil, errKeySize + } + if size == magicUnknownOutputLength { + // 2^32-1 indicates an unknown number of bytes and thus isn't a + // valid length. + return nil, errors.New("blake2b: XOF length too large") + } + if size == OutputLengthUnknown { + size = magicUnknownOutputLength + } + x := &xof{ + d: digest{ + size: Size, + keyLen: len(key), + }, + length: size, + } + copy(x.d.key[:], key) + x.Reset() + return x, nil +} + +type xof struct { + d digest + length uint32 + remaining uint64 + cfg, root, block [Size]byte + offset int + nodeOffset uint32 + readMode bool +} + +func (x *xof) Write(p []byte) (n int, err error) { + if x.readMode { + panic("blake2b: write to XOF after read") + } + return x.d.Write(p) +} + +func (x *xof) Clone() XOF { + clone := *x + return &clone +} + +func (x *xof) Reset() { + x.cfg[0] = byte(Size) + binary.LittleEndian.PutUint32(x.cfg[4:], uint32(Size)) // leaf length + binary.LittleEndian.PutUint32(x.cfg[12:], x.length) // XOF length + x.cfg[17] = byte(Size) // inner hash size + + x.d.Reset() + x.d.h[1] ^= uint64(x.length) << 32 + + x.remaining = uint64(x.length) + if x.remaining == magicUnknownOutputLength { + x.remaining = maxOutputLength + } + x.offset, x.nodeOffset = 0, 0 + x.readMode = false +} + +func (x *xof) Read(p []byte) (n int, err error) { + if !x.readMode { + x.d.finalize(&x.root) + x.readMode = true + } + + if x.remaining == 0 { + return 0, io.EOF + } + + n = len(p) + if uint64(n) > x.remaining { + n = int(x.remaining) + p = p[:n] + } + + if x.offset > 0 { + blockRemaining := Size - x.offset + if n < blockRemaining { + x.offset += copy(p, x.block[x.offset:]) + x.remaining -= uint64(n) + return + } + copy(p, x.block[x.offset:]) + p = p[blockRemaining:] + x.offset = 0 + x.remaining -= uint64(blockRemaining) + } + + for len(p) >= Size { + binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset) + x.nodeOffset++ + + x.d.initConfig(&x.cfg) + x.d.Write(x.root[:]) + x.d.finalize(&x.block) + + copy(p, x.block[:]) + p = p[Size:] + x.remaining -= uint64(Size) + } + + if todo := len(p); todo > 0 { + if x.remaining < uint64(Size) { + x.cfg[0] = byte(x.remaining) + } + binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset) + x.nodeOffset++ + + x.d.initConfig(&x.cfg) + x.d.Write(x.root[:]) + x.d.finalize(&x.block) + + x.offset = copy(p, x.block[:todo]) + x.remaining -= uint64(todo) + } + return +} + +func (d *digest) initConfig(cfg *[Size]byte) { + d.offset, d.c[0], d.c[1] = 0, 0, 0 + for i := range d.h { + d.h[i] = iv[i] ^ binary.LittleEndian.Uint64(cfg[i*8:]) + } +} diff --git a/vendor/golang.org/x/crypto/blake2b/register.go b/vendor/golang.org/x/crypto/blake2b/register.go new file mode 100644 index 0000000000..9d8633963c --- /dev/null +++ b/vendor/golang.org/x/crypto/blake2b/register.go @@ -0,0 +1,33 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.9 +// +build go1.9 + +package blake2b + +import ( + "crypto" + "hash" +) + +func init() { + newHash256 := func() hash.Hash { + h, _ := New256(nil) + return h + } + newHash384 := func() hash.Hash { + h, _ := New384(nil) + return h + } + + newHash512 := func() hash.Hash { + h, _ := New512(nil) + return h + } + + crypto.RegisterHash(crypto.BLAKE2b_256, newHash256) + crypto.RegisterHash(crypto.BLAKE2b_384, newHash384) + crypto.RegisterHash(crypto.BLAKE2b_512, newHash512) +} diff --git a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go new file mode 100644 index 0000000000..a4d1919a9e --- /dev/null +++ b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go @@ -0,0 +1,76 @@ +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package terminal provides support functions for dealing with terminals, as +// commonly found on UNIX systems. +// +// Deprecated: this package moved to golang.org/x/term. +package terminal + +import ( + "io" + + "golang.org/x/term" +) + +// EscapeCodes contains escape sequences that can be written to the terminal in +// order to achieve different styles of text. +type EscapeCodes = term.EscapeCodes + +// Terminal contains the state for running a VT100 terminal that is capable of +// reading lines of input. +type Terminal = term.Terminal + +// NewTerminal runs a VT100 terminal on the given ReadWriter. If the ReadWriter is +// a local terminal, that terminal must first have been put into raw mode. +// prompt is a string that is written at the start of each input line (i.e. +// "> "). +func NewTerminal(c io.ReadWriter, prompt string) *Terminal { + return term.NewTerminal(c, prompt) +} + +// ErrPasteIndicator may be returned from ReadLine as the error, in addition +// to valid line data. It indicates that bracketed paste mode is enabled and +// that the returned line consists only of pasted data. Programs may wish to +// interpret pasted data more literally than typed data. +var ErrPasteIndicator = term.ErrPasteIndicator + +// State contains the state of a terminal. +type State = term.State + +// IsTerminal returns whether the given file descriptor is a terminal. +func IsTerminal(fd int) bool { + return term.IsTerminal(fd) +} + +// ReadPassword reads a line of input from a terminal without local echo. This +// is commonly used for inputting passwords and other sensitive data. The slice +// returned does not include the \n. +func ReadPassword(fd int) ([]byte, error) { + return term.ReadPassword(fd) +} + +// MakeRaw puts the terminal connected to the given file descriptor into raw +// mode and returns the previous state of the terminal so that it can be +// restored. +func MakeRaw(fd int) (*State, error) { + return term.MakeRaw(fd) +} + +// Restore restores the terminal connected to the given file descriptor to a +// previous state. +func Restore(fd int, oldState *State) error { + return term.Restore(fd, oldState) +} + +// GetState returns the current state of a terminal which may be useful to +// restore the terminal after a signal. +func GetState(fd int) (*State, error) { + return term.GetState(fd) +} + +// GetSize returns the dimensions of the given terminal. +func GetSize(fd int) (width, height int, err error) { + return term.GetSize(fd) +} diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go new file mode 100644 index 0000000000..191bea48c8 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go @@ -0,0 +1,119 @@ +// Copyright 2015 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.12.2 +// source: google/api/annotations.proto + +package annotations + +import ( + reflect "reflect" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +var file_google_api_annotations_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.MethodOptions)(nil), + ExtensionType: (*HttpRule)(nil), + Field: 72295728, + Name: "google.api.http", + Tag: "bytes,72295728,opt,name=http", + Filename: "google/api/annotations.proto", + }, +} + +// Extension fields to descriptorpb.MethodOptions. +var ( + // See `HttpRule`. + // + // optional google.api.HttpRule http = 72295728; + E_Http = &file_google_api_annotations_proto_extTypes[0] +) + +var File_google_api_annotations_proto protoreflect.FileDescriptor + +var file_google_api_annotations_proto_rawDesc = []byte{ + 0x0a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x15, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x3a, 0x4b, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x1e, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xb0, 0xca, 0xbc, 0x22, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, + 0x42, 0x6e, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x42, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, + 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, + 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_google_api_annotations_proto_goTypes = []interface{}{ + (*descriptorpb.MethodOptions)(nil), // 0: google.protobuf.MethodOptions + (*HttpRule)(nil), // 1: google.api.HttpRule +} +var file_google_api_annotations_proto_depIdxs = []int32{ + 0, // 0: google.api.http:extendee -> google.protobuf.MethodOptions + 1, // 1: google.api.http:type_name -> google.api.HttpRule + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 1, // [1:2] is the sub-list for extension type_name + 0, // [0:1] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_google_api_annotations_proto_init() } +func file_google_api_annotations_proto_init() { + if File_google_api_annotations_proto != nil { + return + } + file_google_api_http_proto_init() + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_annotations_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 1, + NumServices: 0, + }, + GoTypes: file_google_api_annotations_proto_goTypes, + DependencyIndexes: file_google_api_annotations_proto_depIdxs, + ExtensionInfos: file_google_api_annotations_proto_extTypes, + }.Build() + File_google_api_annotations_proto = out.File + file_google_api_annotations_proto_rawDesc = nil + file_google_api_annotations_proto_goTypes = nil + file_google_api_annotations_proto_depIdxs = nil +} diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go new file mode 100644 index 0000000000..bb9d948931 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go @@ -0,0 +1,1766 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.21.9 +// source: google/api/client.proto + +package annotations + +import ( + reflect "reflect" + sync "sync" + + api "google.golang.org/genproto/googleapis/api" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" + durationpb "google.golang.org/protobuf/types/known/durationpb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// The organization for which the client libraries are being published. +// Affects the url where generated docs are published, etc. +type ClientLibraryOrganization int32 + +const ( + // Not useful. + ClientLibraryOrganization_CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED ClientLibraryOrganization = 0 + // Google Cloud Platform Org. + ClientLibraryOrganization_CLOUD ClientLibraryOrganization = 1 + // Ads (Advertising) Org. + ClientLibraryOrganization_ADS ClientLibraryOrganization = 2 + // Photos Org. + ClientLibraryOrganization_PHOTOS ClientLibraryOrganization = 3 + // Street View Org. + ClientLibraryOrganization_STREET_VIEW ClientLibraryOrganization = 4 +) + +// Enum value maps for ClientLibraryOrganization. +var ( + ClientLibraryOrganization_name = map[int32]string{ + 0: "CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED", + 1: "CLOUD", + 2: "ADS", + 3: "PHOTOS", + 4: "STREET_VIEW", + } + ClientLibraryOrganization_value = map[string]int32{ + "CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED": 0, + "CLOUD": 1, + "ADS": 2, + "PHOTOS": 3, + "STREET_VIEW": 4, + } +) + +func (x ClientLibraryOrganization) Enum() *ClientLibraryOrganization { + p := new(ClientLibraryOrganization) + *p = x + return p +} + +func (x ClientLibraryOrganization) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ClientLibraryOrganization) Descriptor() protoreflect.EnumDescriptor { + return file_google_api_client_proto_enumTypes[0].Descriptor() +} + +func (ClientLibraryOrganization) Type() protoreflect.EnumType { + return &file_google_api_client_proto_enumTypes[0] +} + +func (x ClientLibraryOrganization) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ClientLibraryOrganization.Descriptor instead. +func (ClientLibraryOrganization) EnumDescriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{0} +} + +// To where should client libraries be published? +type ClientLibraryDestination int32 + +const ( + // Client libraries will neither be generated nor published to package + // managers. + ClientLibraryDestination_CLIENT_LIBRARY_DESTINATION_UNSPECIFIED ClientLibraryDestination = 0 + // Generate the client library in a repo under github.com/googleapis, + // but don't publish it to package managers. + ClientLibraryDestination_GITHUB ClientLibraryDestination = 10 + // Publish the library to package managers like nuget.org and npmjs.com. + ClientLibraryDestination_PACKAGE_MANAGER ClientLibraryDestination = 20 +) + +// Enum value maps for ClientLibraryDestination. +var ( + ClientLibraryDestination_name = map[int32]string{ + 0: "CLIENT_LIBRARY_DESTINATION_UNSPECIFIED", + 10: "GITHUB", + 20: "PACKAGE_MANAGER", + } + ClientLibraryDestination_value = map[string]int32{ + "CLIENT_LIBRARY_DESTINATION_UNSPECIFIED": 0, + "GITHUB": 10, + "PACKAGE_MANAGER": 20, + } +) + +func (x ClientLibraryDestination) Enum() *ClientLibraryDestination { + p := new(ClientLibraryDestination) + *p = x + return p +} + +func (x ClientLibraryDestination) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ClientLibraryDestination) Descriptor() protoreflect.EnumDescriptor { + return file_google_api_client_proto_enumTypes[1].Descriptor() +} + +func (ClientLibraryDestination) Type() protoreflect.EnumType { + return &file_google_api_client_proto_enumTypes[1] +} + +func (x ClientLibraryDestination) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ClientLibraryDestination.Descriptor instead. +func (ClientLibraryDestination) EnumDescriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{1} +} + +// Required information for every language. +type CommonLanguageSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Link to automatically generated reference documentation. Example: + // https://cloud.google.com/nodejs/docs/reference/asset/latest + // + // Deprecated: Do not use. + ReferenceDocsUri string `protobuf:"bytes,1,opt,name=reference_docs_uri,json=referenceDocsUri,proto3" json:"reference_docs_uri,omitempty"` + // The destination where API teams want this client library to be published. + Destinations []ClientLibraryDestination `protobuf:"varint,2,rep,packed,name=destinations,proto3,enum=google.api.ClientLibraryDestination" json:"destinations,omitempty"` +} + +func (x *CommonLanguageSettings) Reset() { + *x = CommonLanguageSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CommonLanguageSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CommonLanguageSettings) ProtoMessage() {} + +func (x *CommonLanguageSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CommonLanguageSettings.ProtoReflect.Descriptor instead. +func (*CommonLanguageSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{0} +} + +// Deprecated: Do not use. +func (x *CommonLanguageSettings) GetReferenceDocsUri() string { + if x != nil { + return x.ReferenceDocsUri + } + return "" +} + +func (x *CommonLanguageSettings) GetDestinations() []ClientLibraryDestination { + if x != nil { + return x.Destinations + } + return nil +} + +// Details about how and where to publish client libraries. +type ClientLibrarySettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Version of the API to apply these settings to. This is the full protobuf + // package for the API, ending in the version element. + // Examples: "google.cloud.speech.v1" and "google.spanner.admin.database.v1". + Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` + // Launch stage of this version of the API. + LaunchStage api.LaunchStage `protobuf:"varint,2,opt,name=launch_stage,json=launchStage,proto3,enum=google.api.LaunchStage" json:"launch_stage,omitempty"` + // When using transport=rest, the client request will encode enums as + // numbers rather than strings. + RestNumericEnums bool `protobuf:"varint,3,opt,name=rest_numeric_enums,json=restNumericEnums,proto3" json:"rest_numeric_enums,omitempty"` + // Settings for legacy Java features, supported in the Service YAML. + JavaSettings *JavaSettings `protobuf:"bytes,21,opt,name=java_settings,json=javaSettings,proto3" json:"java_settings,omitempty"` + // Settings for C++ client libraries. + CppSettings *CppSettings `protobuf:"bytes,22,opt,name=cpp_settings,json=cppSettings,proto3" json:"cpp_settings,omitempty"` + // Settings for PHP client libraries. + PhpSettings *PhpSettings `protobuf:"bytes,23,opt,name=php_settings,json=phpSettings,proto3" json:"php_settings,omitempty"` + // Settings for Python client libraries. + PythonSettings *PythonSettings `protobuf:"bytes,24,opt,name=python_settings,json=pythonSettings,proto3" json:"python_settings,omitempty"` + // Settings for Node client libraries. + NodeSettings *NodeSettings `protobuf:"bytes,25,opt,name=node_settings,json=nodeSettings,proto3" json:"node_settings,omitempty"` + // Settings for .NET client libraries. + DotnetSettings *DotnetSettings `protobuf:"bytes,26,opt,name=dotnet_settings,json=dotnetSettings,proto3" json:"dotnet_settings,omitempty"` + // Settings for Ruby client libraries. + RubySettings *RubySettings `protobuf:"bytes,27,opt,name=ruby_settings,json=rubySettings,proto3" json:"ruby_settings,omitempty"` + // Settings for Go client libraries. + GoSettings *GoSettings `protobuf:"bytes,28,opt,name=go_settings,json=goSettings,proto3" json:"go_settings,omitempty"` +} + +func (x *ClientLibrarySettings) Reset() { + *x = ClientLibrarySettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ClientLibrarySettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ClientLibrarySettings) ProtoMessage() {} + +func (x *ClientLibrarySettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ClientLibrarySettings.ProtoReflect.Descriptor instead. +func (*ClientLibrarySettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{1} +} + +func (x *ClientLibrarySettings) GetVersion() string { + if x != nil { + return x.Version + } + return "" +} + +func (x *ClientLibrarySettings) GetLaunchStage() api.LaunchStage { + if x != nil { + return x.LaunchStage + } + return api.LaunchStage_LAUNCH_STAGE_UNSPECIFIED +} + +func (x *ClientLibrarySettings) GetRestNumericEnums() bool { + if x != nil { + return x.RestNumericEnums + } + return false +} + +func (x *ClientLibrarySettings) GetJavaSettings() *JavaSettings { + if x != nil { + return x.JavaSettings + } + return nil +} + +func (x *ClientLibrarySettings) GetCppSettings() *CppSettings { + if x != nil { + return x.CppSettings + } + return nil +} + +func (x *ClientLibrarySettings) GetPhpSettings() *PhpSettings { + if x != nil { + return x.PhpSettings + } + return nil +} + +func (x *ClientLibrarySettings) GetPythonSettings() *PythonSettings { + if x != nil { + return x.PythonSettings + } + return nil +} + +func (x *ClientLibrarySettings) GetNodeSettings() *NodeSettings { + if x != nil { + return x.NodeSettings + } + return nil +} + +func (x *ClientLibrarySettings) GetDotnetSettings() *DotnetSettings { + if x != nil { + return x.DotnetSettings + } + return nil +} + +func (x *ClientLibrarySettings) GetRubySettings() *RubySettings { + if x != nil { + return x.RubySettings + } + return nil +} + +func (x *ClientLibrarySettings) GetGoSettings() *GoSettings { + if x != nil { + return x.GoSettings + } + return nil +} + +// This message configures the settings for publishing [Google Cloud Client +// libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) +// generated from the service config. +type Publishing struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A list of API method settings, e.g. the behavior for methods that use the + // long-running operation pattern. + MethodSettings []*MethodSettings `protobuf:"bytes,2,rep,name=method_settings,json=methodSettings,proto3" json:"method_settings,omitempty"` + // Link to a place that API users can report issues. Example: + // https://issuetracker.google.com/issues/new?component=190865&template=1161103 + NewIssueUri string `protobuf:"bytes,101,opt,name=new_issue_uri,json=newIssueUri,proto3" json:"new_issue_uri,omitempty"` + // Link to product home page. Example: + // https://cloud.google.com/asset-inventory/docs/overview + DocumentationUri string `protobuf:"bytes,102,opt,name=documentation_uri,json=documentationUri,proto3" json:"documentation_uri,omitempty"` + // Used as a tracking tag when collecting data about the APIs developer + // relations artifacts like docs, packages delivered to package managers, + // etc. Example: "speech". + ApiShortName string `protobuf:"bytes,103,opt,name=api_short_name,json=apiShortName,proto3" json:"api_short_name,omitempty"` + // GitHub label to apply to issues and pull requests opened for this API. + GithubLabel string `protobuf:"bytes,104,opt,name=github_label,json=githubLabel,proto3" json:"github_label,omitempty"` + // GitHub teams to be added to CODEOWNERS in the directory in GitHub + // containing source code for the client libraries for this API. + CodeownerGithubTeams []string `protobuf:"bytes,105,rep,name=codeowner_github_teams,json=codeownerGithubTeams,proto3" json:"codeowner_github_teams,omitempty"` + // A prefix used in sample code when demarking regions to be included in + // documentation. + DocTagPrefix string `protobuf:"bytes,106,opt,name=doc_tag_prefix,json=docTagPrefix,proto3" json:"doc_tag_prefix,omitempty"` + // For whom the client library is being published. + Organization ClientLibraryOrganization `protobuf:"varint,107,opt,name=organization,proto3,enum=google.api.ClientLibraryOrganization" json:"organization,omitempty"` + // Client library settings. If the same version string appears multiple + // times in this list, then the last one wins. Settings from earlier + // settings with the same version string are discarded. + LibrarySettings []*ClientLibrarySettings `protobuf:"bytes,109,rep,name=library_settings,json=librarySettings,proto3" json:"library_settings,omitempty"` + // Optional link to proto reference documentation. Example: + // https://cloud.google.com/pubsub/lite/docs/reference/rpc + ProtoReferenceDocumentationUri string `protobuf:"bytes,110,opt,name=proto_reference_documentation_uri,json=protoReferenceDocumentationUri,proto3" json:"proto_reference_documentation_uri,omitempty"` +} + +func (x *Publishing) Reset() { + *x = Publishing{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Publishing) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Publishing) ProtoMessage() {} + +func (x *Publishing) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Publishing.ProtoReflect.Descriptor instead. +func (*Publishing) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{2} +} + +func (x *Publishing) GetMethodSettings() []*MethodSettings { + if x != nil { + return x.MethodSettings + } + return nil +} + +func (x *Publishing) GetNewIssueUri() string { + if x != nil { + return x.NewIssueUri + } + return "" +} + +func (x *Publishing) GetDocumentationUri() string { + if x != nil { + return x.DocumentationUri + } + return "" +} + +func (x *Publishing) GetApiShortName() string { + if x != nil { + return x.ApiShortName + } + return "" +} + +func (x *Publishing) GetGithubLabel() string { + if x != nil { + return x.GithubLabel + } + return "" +} + +func (x *Publishing) GetCodeownerGithubTeams() []string { + if x != nil { + return x.CodeownerGithubTeams + } + return nil +} + +func (x *Publishing) GetDocTagPrefix() string { + if x != nil { + return x.DocTagPrefix + } + return "" +} + +func (x *Publishing) GetOrganization() ClientLibraryOrganization { + if x != nil { + return x.Organization + } + return ClientLibraryOrganization_CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED +} + +func (x *Publishing) GetLibrarySettings() []*ClientLibrarySettings { + if x != nil { + return x.LibrarySettings + } + return nil +} + +func (x *Publishing) GetProtoReferenceDocumentationUri() string { + if x != nil { + return x.ProtoReferenceDocumentationUri + } + return "" +} + +// Settings for Java client libraries. +type JavaSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The package name to use in Java. Clobbers the java_package option + // set in the protobuf. This should be used **only** by APIs + // who have already set the language_settings.java.package_name" field + // in gapic.yaml. API teams should use the protobuf java_package option + // where possible. + // + // Example of a YAML configuration:: + // + // publishing: + // java_settings: + // library_package: com.google.cloud.pubsub.v1 + LibraryPackage string `protobuf:"bytes,1,opt,name=library_package,json=libraryPackage,proto3" json:"library_package,omitempty"` + // Configure the Java class name to use instead of the service's for its + // corresponding generated GAPIC client. Keys are fully-qualified + // service names as they appear in the protobuf (including the full + // the language_settings.java.interface_names" field in gapic.yaml. API + // teams should otherwise use the service name as it appears in the + // protobuf. + // + // Example of a YAML configuration:: + // + // publishing: + // java_settings: + // service_class_names: + // - google.pubsub.v1.Publisher: TopicAdmin + // - google.pubsub.v1.Subscriber: SubscriptionAdmin + ServiceClassNames map[string]string `protobuf:"bytes,2,rep,name=service_class_names,json=serviceClassNames,proto3" json:"service_class_names,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,3,opt,name=common,proto3" json:"common,omitempty"` +} + +func (x *JavaSettings) Reset() { + *x = JavaSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *JavaSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*JavaSettings) ProtoMessage() {} + +func (x *JavaSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use JavaSettings.ProtoReflect.Descriptor instead. +func (*JavaSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{3} +} + +func (x *JavaSettings) GetLibraryPackage() string { + if x != nil { + return x.LibraryPackage + } + return "" +} + +func (x *JavaSettings) GetServiceClassNames() map[string]string { + if x != nil { + return x.ServiceClassNames + } + return nil +} + +func (x *JavaSettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +// Settings for C++ client libraries. +type CppSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` +} + +func (x *CppSettings) Reset() { + *x = CppSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CppSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CppSettings) ProtoMessage() {} + +func (x *CppSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CppSettings.ProtoReflect.Descriptor instead. +func (*CppSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{4} +} + +func (x *CppSettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +// Settings for Php client libraries. +type PhpSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` +} + +func (x *PhpSettings) Reset() { + *x = PhpSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PhpSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PhpSettings) ProtoMessage() {} + +func (x *PhpSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PhpSettings.ProtoReflect.Descriptor instead. +func (*PhpSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{5} +} + +func (x *PhpSettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +// Settings for Python client libraries. +type PythonSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` +} + +func (x *PythonSettings) Reset() { + *x = PythonSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PythonSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PythonSettings) ProtoMessage() {} + +func (x *PythonSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PythonSettings.ProtoReflect.Descriptor instead. +func (*PythonSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{6} +} + +func (x *PythonSettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +// Settings for Node client libraries. +type NodeSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` +} + +func (x *NodeSettings) Reset() { + *x = NodeSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NodeSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NodeSettings) ProtoMessage() {} + +func (x *NodeSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NodeSettings.ProtoReflect.Descriptor instead. +func (*NodeSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{7} +} + +func (x *NodeSettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +// Settings for Dotnet client libraries. +type DotnetSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + // Map from original service names to renamed versions. + // This is used when the default generated types + // would cause a naming conflict. (Neither name is + // fully-qualified.) + // Example: Subscriber to SubscriberServiceApi. + RenamedServices map[string]string `protobuf:"bytes,2,rep,name=renamed_services,json=renamedServices,proto3" json:"renamed_services,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Map from full resource types to the effective short name + // for the resource. This is used when otherwise resource + // named from different services would cause naming collisions. + // Example entry: + // "datalabeling.googleapis.com/Dataset": "DataLabelingDataset" + RenamedResources map[string]string `protobuf:"bytes,3,rep,name=renamed_resources,json=renamedResources,proto3" json:"renamed_resources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // List of full resource types to ignore during generation. + // This is typically used for API-specific Location resources, + // which should be handled by the generator as if they were actually + // the common Location resources. + // Example entry: "documentai.googleapis.com/Location" + IgnoredResources []string `protobuf:"bytes,4,rep,name=ignored_resources,json=ignoredResources,proto3" json:"ignored_resources,omitempty"` + // Namespaces which must be aliased in snippets due to + // a known (but non-generator-predictable) naming collision + ForcedNamespaceAliases []string `protobuf:"bytes,5,rep,name=forced_namespace_aliases,json=forcedNamespaceAliases,proto3" json:"forced_namespace_aliases,omitempty"` + // Method signatures (in the form "service.method(signature)") + // which are provided separately, so shouldn't be generated. + // Snippets *calling* these methods are still generated, however. + HandwrittenSignatures []string `protobuf:"bytes,6,rep,name=handwritten_signatures,json=handwrittenSignatures,proto3" json:"handwritten_signatures,omitempty"` +} + +func (x *DotnetSettings) Reset() { + *x = DotnetSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DotnetSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DotnetSettings) ProtoMessage() {} + +func (x *DotnetSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DotnetSettings.ProtoReflect.Descriptor instead. +func (*DotnetSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{8} +} + +func (x *DotnetSettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +func (x *DotnetSettings) GetRenamedServices() map[string]string { + if x != nil { + return x.RenamedServices + } + return nil +} + +func (x *DotnetSettings) GetRenamedResources() map[string]string { + if x != nil { + return x.RenamedResources + } + return nil +} + +func (x *DotnetSettings) GetIgnoredResources() []string { + if x != nil { + return x.IgnoredResources + } + return nil +} + +func (x *DotnetSettings) GetForcedNamespaceAliases() []string { + if x != nil { + return x.ForcedNamespaceAliases + } + return nil +} + +func (x *DotnetSettings) GetHandwrittenSignatures() []string { + if x != nil { + return x.HandwrittenSignatures + } + return nil +} + +// Settings for Ruby client libraries. +type RubySettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` +} + +func (x *RubySettings) Reset() { + *x = RubySettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RubySettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RubySettings) ProtoMessage() {} + +func (x *RubySettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RubySettings.ProtoReflect.Descriptor instead. +func (*RubySettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{9} +} + +func (x *RubySettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +// Settings for Go client libraries. +type GoSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Some settings. + Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` +} + +func (x *GoSettings) Reset() { + *x = GoSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GoSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GoSettings) ProtoMessage() {} + +func (x *GoSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GoSettings.ProtoReflect.Descriptor instead. +func (*GoSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{10} +} + +func (x *GoSettings) GetCommon() *CommonLanguageSettings { + if x != nil { + return x.Common + } + return nil +} + +// Describes the generator configuration for a method. +type MethodSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The fully qualified name of the method, for which the options below apply. + // This is used to find the method to apply the options. + Selector string `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"` + // Describes settings to use for long-running operations when generating + // API methods for RPCs. Complements RPCs that use the annotations in + // google/longrunning/operations.proto. + // + // Example of a YAML configuration:: + // + // publishing: + // method_settings: + // - selector: google.cloud.speech.v2.Speech.BatchRecognize + // long_running: + // initial_poll_delay: + // seconds: 60 # 1 minute + // poll_delay_multiplier: 1.5 + // max_poll_delay: + // seconds: 360 # 6 minutes + // total_poll_timeout: + // seconds: 54000 # 90 minutes + LongRunning *MethodSettings_LongRunning `protobuf:"bytes,2,opt,name=long_running,json=longRunning,proto3" json:"long_running,omitempty"` +} + +func (x *MethodSettings) Reset() { + *x = MethodSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MethodSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MethodSettings) ProtoMessage() {} + +func (x *MethodSettings) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MethodSettings.ProtoReflect.Descriptor instead. +func (*MethodSettings) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{11} +} + +func (x *MethodSettings) GetSelector() string { + if x != nil { + return x.Selector + } + return "" +} + +func (x *MethodSettings) GetLongRunning() *MethodSettings_LongRunning { + if x != nil { + return x.LongRunning + } + return nil +} + +// Describes settings to use when generating API methods that use the +// long-running operation pattern. +// All default values below are from those used in the client library +// generators (e.g. +// [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)). +type MethodSettings_LongRunning struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Initial delay after which the first poll request will be made. + // Default value: 5 seconds. + InitialPollDelay *durationpb.Duration `protobuf:"bytes,1,opt,name=initial_poll_delay,json=initialPollDelay,proto3" json:"initial_poll_delay,omitempty"` + // Multiplier to gradually increase delay between subsequent polls until it + // reaches max_poll_delay. + // Default value: 1.5. + PollDelayMultiplier float32 `protobuf:"fixed32,2,opt,name=poll_delay_multiplier,json=pollDelayMultiplier,proto3" json:"poll_delay_multiplier,omitempty"` + // Maximum time between two subsequent poll requests. + // Default value: 45 seconds. + MaxPollDelay *durationpb.Duration `protobuf:"bytes,3,opt,name=max_poll_delay,json=maxPollDelay,proto3" json:"max_poll_delay,omitempty"` + // Total polling timeout. + // Default value: 5 minutes. + TotalPollTimeout *durationpb.Duration `protobuf:"bytes,4,opt,name=total_poll_timeout,json=totalPollTimeout,proto3" json:"total_poll_timeout,omitempty"` +} + +func (x *MethodSettings_LongRunning) Reset() { + *x = MethodSettings_LongRunning{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MethodSettings_LongRunning) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MethodSettings_LongRunning) ProtoMessage() {} + +func (x *MethodSettings_LongRunning) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[15] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MethodSettings_LongRunning.ProtoReflect.Descriptor instead. +func (*MethodSettings_LongRunning) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{11, 0} +} + +func (x *MethodSettings_LongRunning) GetInitialPollDelay() *durationpb.Duration { + if x != nil { + return x.InitialPollDelay + } + return nil +} + +func (x *MethodSettings_LongRunning) GetPollDelayMultiplier() float32 { + if x != nil { + return x.PollDelayMultiplier + } + return 0 +} + +func (x *MethodSettings_LongRunning) GetMaxPollDelay() *durationpb.Duration { + if x != nil { + return x.MaxPollDelay + } + return nil +} + +func (x *MethodSettings_LongRunning) GetTotalPollTimeout() *durationpb.Duration { + if x != nil { + return x.TotalPollTimeout + } + return nil +} + +var file_google_api_client_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.MethodOptions)(nil), + ExtensionType: ([]string)(nil), + Field: 1051, + Name: "google.api.method_signature", + Tag: "bytes,1051,rep,name=method_signature", + Filename: "google/api/client.proto", + }, + { + ExtendedType: (*descriptorpb.ServiceOptions)(nil), + ExtensionType: (*string)(nil), + Field: 1049, + Name: "google.api.default_host", + Tag: "bytes,1049,opt,name=default_host", + Filename: "google/api/client.proto", + }, + { + ExtendedType: (*descriptorpb.ServiceOptions)(nil), + ExtensionType: (*string)(nil), + Field: 1050, + Name: "google.api.oauth_scopes", + Tag: "bytes,1050,opt,name=oauth_scopes", + Filename: "google/api/client.proto", + }, +} + +// Extension fields to descriptorpb.MethodOptions. +var ( + // A definition of a client library method signature. + // + // In client libraries, each proto RPC corresponds to one or more methods + // which the end user is able to call, and calls the underlying RPC. + // Normally, this method receives a single argument (a struct or instance + // corresponding to the RPC request object). Defining this field will + // add one or more overloads providing flattened or simpler method signatures + // in some languages. + // + // The fields on the method signature are provided as a comma-separated + // string. + // + // For example, the proto RPC and annotation: + // + // rpc CreateSubscription(CreateSubscriptionRequest) + // returns (Subscription) { + // option (google.api.method_signature) = "name,topic"; + // } + // + // Would add the following Java overload (in addition to the method accepting + // the request object): + // + // public final Subscription createSubscription(String name, String topic) + // + // The following backwards-compatibility guidelines apply: + // + // - Adding this annotation to an unannotated method is backwards + // compatible. + // - Adding this annotation to a method which already has existing + // method signature annotations is backwards compatible if and only if + // the new method signature annotation is last in the sequence. + // - Modifying or removing an existing method signature annotation is + // a breaking change. + // - Re-ordering existing method signature annotations is a breaking + // change. + // + // repeated string method_signature = 1051; + E_MethodSignature = &file_google_api_client_proto_extTypes[0] +) + +// Extension fields to descriptorpb.ServiceOptions. +var ( + // The hostname for this service. + // This should be specified with no prefix or protocol. + // + // Example: + // + // service Foo { + // option (google.api.default_host) = "foo.googleapi.com"; + // ... + // } + // + // optional string default_host = 1049; + E_DefaultHost = &file_google_api_client_proto_extTypes[1] + // OAuth scopes needed for the client. + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform"; + // ... + // } + // + // If there is more than one scope, use a comma-separated string: + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform," + // "https://www.googleapis.com/auth/monitoring"; + // ... + // } + // + // optional string oauth_scopes = 1050; + E_OauthScopes = &file_google_api_client_proto_extTypes[2] +) + +var File_google_api_client_proto protoreflect.FileDescriptor + +var file_google_api_client_proto_rawDesc = []byte{ + 0x0a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x1d, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x01, 0x0a, 0x16, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x12, 0x30, 0x0a, 0x12, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, + 0x6f, 0x63, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, + 0x01, 0x52, 0x10, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x73, + 0x55, 0x72, 0x69, 0x12, 0x48, 0x0a, 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, + 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x93, 0x05, + 0x0a, 0x15, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x12, 0x3a, 0x0a, 0x0c, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x67, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, 0x65, + 0x52, 0x0b, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, + 0x12, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x65, 0x6e, + 0x75, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, 0x65, 0x73, 0x74, 0x4e, + 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x45, 0x6e, 0x75, 0x6d, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x6a, + 0x61, 0x76, 0x61, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x15, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6a, 0x61, + 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x0c, 0x63, 0x70, + 0x70, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x70, + 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x63, 0x70, 0x70, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x0c, 0x70, 0x68, 0x70, 0x5f, 0x73, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x70, 0x68, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x70, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x70, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x6e, 0x6f, 0x64, 0x65, 0x5f, + 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4e, 0x6f, 0x64, 0x65, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6e, 0x6f, 0x64, 0x65, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x64, 0x6f, 0x74, 0x6e, 0x65, 0x74, + 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, + 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x64, 0x6f, 0x74, + 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x72, + 0x75, 0x62, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1b, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x72, 0x75, + 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x37, 0x0a, 0x0b, 0x67, 0x6f, + 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x6f, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0a, 0x67, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x22, 0xab, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69, + 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x6e, 0x65, 0x77, 0x5f, 0x69, + 0x73, 0x73, 0x75, 0x65, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x6e, 0x65, 0x77, 0x49, 0x73, 0x73, 0x75, 0x65, 0x55, 0x72, 0x69, 0x12, 0x2b, 0x0a, 0x11, 0x64, + 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, + 0x18, 0x66, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x24, 0x0a, 0x0e, 0x61, 0x70, 0x69, 0x5f, + 0x73, 0x68, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x67, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x61, 0x70, 0x69, 0x53, 0x68, 0x6f, 0x72, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x21, + 0x0a, 0x0c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x68, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x4c, 0x61, 0x62, 0x65, + 0x6c, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x74, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x69, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x14, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x47, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x54, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x64, 0x6f, 0x63, 0x5f, 0x74, + 0x61, 0x67, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x6a, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x64, 0x6f, 0x63, 0x54, 0x61, 0x67, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x49, 0x0a, + 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x6b, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, + 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x6f, 0x72, 0x67, 0x61, + 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x10, 0x6c, 0x69, 0x62, 0x72, + 0x61, 0x72, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x6d, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x5f, + 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6e, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x1e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, + 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, + 0x69, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, + 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, + 0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, + 0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, + 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, + 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, + 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae, + 0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a, + 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, + 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e, + 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f, + 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65, + 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12, + 0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73, + 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e, + 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, + 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65, + 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, + 0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, + 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x47, + 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, + 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x8e, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e, + 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, + 0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x1a, + 0x94, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, + 0x47, 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, + 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50, + 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c, + 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, + 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, + 0x61, 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e, + 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x0c, 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a, + 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2a, 0x79, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, + 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54, 0x49, + 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, + 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, + 0x44, 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10, 0x03, + 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x10, + 0x04, 0x2a, 0x67, 0x0a, 0x18, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, + 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, + 0x26, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, + 0x44, 0x45, 0x53, 0x54, 0x49, 0x4e, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, + 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, + 0x48, 0x55, 0x42, 0x10, 0x0a, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, + 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, 0x52, 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, + 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, + 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, + 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, + 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, + 0x42, 0x69, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x42, 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, + 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, +} + +var ( + file_google_api_client_proto_rawDescOnce sync.Once + file_google_api_client_proto_rawDescData = file_google_api_client_proto_rawDesc +) + +func file_google_api_client_proto_rawDescGZIP() []byte { + file_google_api_client_proto_rawDescOnce.Do(func() { + file_google_api_client_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_client_proto_rawDescData) + }) + return file_google_api_client_proto_rawDescData +} + +var file_google_api_client_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_google_api_client_proto_msgTypes = make([]protoimpl.MessageInfo, 16) +var file_google_api_client_proto_goTypes = []interface{}{ + (ClientLibraryOrganization)(0), // 0: google.api.ClientLibraryOrganization + (ClientLibraryDestination)(0), // 1: google.api.ClientLibraryDestination + (*CommonLanguageSettings)(nil), // 2: google.api.CommonLanguageSettings + (*ClientLibrarySettings)(nil), // 3: google.api.ClientLibrarySettings + (*Publishing)(nil), // 4: google.api.Publishing + (*JavaSettings)(nil), // 5: google.api.JavaSettings + (*CppSettings)(nil), // 6: google.api.CppSettings + (*PhpSettings)(nil), // 7: google.api.PhpSettings + (*PythonSettings)(nil), // 8: google.api.PythonSettings + (*NodeSettings)(nil), // 9: google.api.NodeSettings + (*DotnetSettings)(nil), // 10: google.api.DotnetSettings + (*RubySettings)(nil), // 11: google.api.RubySettings + (*GoSettings)(nil), // 12: google.api.GoSettings + (*MethodSettings)(nil), // 13: google.api.MethodSettings + nil, // 14: google.api.JavaSettings.ServiceClassNamesEntry + nil, // 15: google.api.DotnetSettings.RenamedServicesEntry + nil, // 16: google.api.DotnetSettings.RenamedResourcesEntry + (*MethodSettings_LongRunning)(nil), // 17: google.api.MethodSettings.LongRunning + (api.LaunchStage)(0), // 18: google.api.LaunchStage + (*durationpb.Duration)(nil), // 19: google.protobuf.Duration + (*descriptorpb.MethodOptions)(nil), // 20: google.protobuf.MethodOptions + (*descriptorpb.ServiceOptions)(nil), // 21: google.protobuf.ServiceOptions +} +var file_google_api_client_proto_depIdxs = []int32{ + 1, // 0: google.api.CommonLanguageSettings.destinations:type_name -> google.api.ClientLibraryDestination + 18, // 1: google.api.ClientLibrarySettings.launch_stage:type_name -> google.api.LaunchStage + 5, // 2: google.api.ClientLibrarySettings.java_settings:type_name -> google.api.JavaSettings + 6, // 3: google.api.ClientLibrarySettings.cpp_settings:type_name -> google.api.CppSettings + 7, // 4: google.api.ClientLibrarySettings.php_settings:type_name -> google.api.PhpSettings + 8, // 5: google.api.ClientLibrarySettings.python_settings:type_name -> google.api.PythonSettings + 9, // 6: google.api.ClientLibrarySettings.node_settings:type_name -> google.api.NodeSettings + 10, // 7: google.api.ClientLibrarySettings.dotnet_settings:type_name -> google.api.DotnetSettings + 11, // 8: google.api.ClientLibrarySettings.ruby_settings:type_name -> google.api.RubySettings + 12, // 9: google.api.ClientLibrarySettings.go_settings:type_name -> google.api.GoSettings + 13, // 10: google.api.Publishing.method_settings:type_name -> google.api.MethodSettings + 0, // 11: google.api.Publishing.organization:type_name -> google.api.ClientLibraryOrganization + 3, // 12: google.api.Publishing.library_settings:type_name -> google.api.ClientLibrarySettings + 14, // 13: google.api.JavaSettings.service_class_names:type_name -> google.api.JavaSettings.ServiceClassNamesEntry + 2, // 14: google.api.JavaSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 15: google.api.CppSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 16: google.api.PhpSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 17: google.api.PythonSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 18: google.api.NodeSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 19: google.api.DotnetSettings.common:type_name -> google.api.CommonLanguageSettings + 15, // 20: google.api.DotnetSettings.renamed_services:type_name -> google.api.DotnetSettings.RenamedServicesEntry + 16, // 21: google.api.DotnetSettings.renamed_resources:type_name -> google.api.DotnetSettings.RenamedResourcesEntry + 2, // 22: google.api.RubySettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 23: google.api.GoSettings.common:type_name -> google.api.CommonLanguageSettings + 17, // 24: google.api.MethodSettings.long_running:type_name -> google.api.MethodSettings.LongRunning + 19, // 25: google.api.MethodSettings.LongRunning.initial_poll_delay:type_name -> google.protobuf.Duration + 19, // 26: google.api.MethodSettings.LongRunning.max_poll_delay:type_name -> google.protobuf.Duration + 19, // 27: google.api.MethodSettings.LongRunning.total_poll_timeout:type_name -> google.protobuf.Duration + 20, // 28: google.api.method_signature:extendee -> google.protobuf.MethodOptions + 21, // 29: google.api.default_host:extendee -> google.protobuf.ServiceOptions + 21, // 30: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions + 31, // [31:31] is the sub-list for method output_type + 31, // [31:31] is the sub-list for method input_type + 31, // [31:31] is the sub-list for extension type_name + 28, // [28:31] is the sub-list for extension extendee + 0, // [0:28] is the sub-list for field type_name +} + +func init() { file_google_api_client_proto_init() } +func file_google_api_client_proto_init() { + if File_google_api_client_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_google_api_client_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CommonLanguageSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ClientLibrarySettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Publishing); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*JavaSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CppSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PhpSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PythonSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NodeSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DotnetSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RubySettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GoSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MethodSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MethodSettings_LongRunning); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_client_proto_rawDesc, + NumEnums: 2, + NumMessages: 16, + NumExtensions: 3, + NumServices: 0, + }, + GoTypes: file_google_api_client_proto_goTypes, + DependencyIndexes: file_google_api_client_proto_depIdxs, + EnumInfos: file_google_api_client_proto_enumTypes, + MessageInfos: file_google_api_client_proto_msgTypes, + ExtensionInfos: file_google_api_client_proto_extTypes, + }.Build() + File_google_api_client_proto = out.File + file_google_api_client_proto_rawDesc = nil + file_google_api_client_proto_goTypes = nil + file_google_api_client_proto_depIdxs = nil +} diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go new file mode 100644 index 0000000000..dbe2e2d0c6 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go @@ -0,0 +1,250 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.21.9 +// source: google/api/field_behavior.proto + +package annotations + +import ( + reflect "reflect" + sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// An indicator of the behavior of a given field (for example, that a field +// is required in requests, or given as output but ignored as input). +// This **does not** change the behavior in protocol buffers itself; it only +// denotes the behavior and may affect how API tooling handles the field. +// +// Note: This enum **may** receive new values in the future. +type FieldBehavior int32 + +const ( + // Conventional default for enums. Do not use this. + FieldBehavior_FIELD_BEHAVIOR_UNSPECIFIED FieldBehavior = 0 + // Specifically denotes a field as optional. + // While all fields in protocol buffers are optional, this may be specified + // for emphasis if appropriate. + FieldBehavior_OPTIONAL FieldBehavior = 1 + // Denotes a field as required. + // This indicates that the field **must** be provided as part of the request, + // and failure to do so will cause an error (usually `INVALID_ARGUMENT`). + FieldBehavior_REQUIRED FieldBehavior = 2 + // Denotes a field as output only. + // This indicates that the field is provided in responses, but including the + // field in a request does nothing (the server *must* ignore it and + // *must not* throw an error as a result of the field's presence). + FieldBehavior_OUTPUT_ONLY FieldBehavior = 3 + // Denotes a field as input only. + // This indicates that the field is provided in requests, and the + // corresponding field is not included in output. + FieldBehavior_INPUT_ONLY FieldBehavior = 4 + // Denotes a field as immutable. + // This indicates that the field may be set once in a request to create a + // resource, but may not be changed thereafter. + FieldBehavior_IMMUTABLE FieldBehavior = 5 + // Denotes that a (repeated) field is an unordered list. + // This indicates that the service may provide the elements of the list + // in any arbitrary order, rather than the order the user originally + // provided. Additionally, the list's order may or may not be stable. + FieldBehavior_UNORDERED_LIST FieldBehavior = 6 + // Denotes that this field returns a non-empty default value if not set. + // This indicates that if the user provides the empty value in a request, + // a non-empty value will be returned. The user will not be aware of what + // non-empty value to expect. + FieldBehavior_NON_EMPTY_DEFAULT FieldBehavior = 7 +) + +// Enum value maps for FieldBehavior. +var ( + FieldBehavior_name = map[int32]string{ + 0: "FIELD_BEHAVIOR_UNSPECIFIED", + 1: "OPTIONAL", + 2: "REQUIRED", + 3: "OUTPUT_ONLY", + 4: "INPUT_ONLY", + 5: "IMMUTABLE", + 6: "UNORDERED_LIST", + 7: "NON_EMPTY_DEFAULT", + } + FieldBehavior_value = map[string]int32{ + "FIELD_BEHAVIOR_UNSPECIFIED": 0, + "OPTIONAL": 1, + "REQUIRED": 2, + "OUTPUT_ONLY": 3, + "INPUT_ONLY": 4, + "IMMUTABLE": 5, + "UNORDERED_LIST": 6, + "NON_EMPTY_DEFAULT": 7, + } +) + +func (x FieldBehavior) Enum() *FieldBehavior { + p := new(FieldBehavior) + *p = x + return p +} + +func (x FieldBehavior) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FieldBehavior) Descriptor() protoreflect.EnumDescriptor { + return file_google_api_field_behavior_proto_enumTypes[0].Descriptor() +} + +func (FieldBehavior) Type() protoreflect.EnumType { + return &file_google_api_field_behavior_proto_enumTypes[0] +} + +func (x FieldBehavior) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use FieldBehavior.Descriptor instead. +func (FieldBehavior) EnumDescriptor() ([]byte, []int) { + return file_google_api_field_behavior_proto_rawDescGZIP(), []int{0} +} + +var file_google_api_field_behavior_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.FieldOptions)(nil), + ExtensionType: ([]FieldBehavior)(nil), + Field: 1052, + Name: "google.api.field_behavior", + Tag: "varint,1052,rep,name=field_behavior,enum=google.api.FieldBehavior", + Filename: "google/api/field_behavior.proto", + }, +} + +// Extension fields to descriptorpb.FieldOptions. +var ( + // A designation of a specific field behavior (required, output only, etc.) + // in protobuf messages. + // + // Examples: + // + // string name = 1 [(google.api.field_behavior) = REQUIRED]; + // State state = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + // google.protobuf.Duration ttl = 1 + // [(google.api.field_behavior) = INPUT_ONLY]; + // google.protobuf.Timestamp expire_time = 1 + // [(google.api.field_behavior) = OUTPUT_ONLY, + // (google.api.field_behavior) = IMMUTABLE]; + // + // repeated google.api.FieldBehavior field_behavior = 1052; + E_FieldBehavior = &file_google_api_field_behavior_proto_extTypes[0] +) + +var File_google_api_field_behavior_proto protoreflect.FileDescriptor + +var file_google_api_field_behavior_proto_rawDesc = []byte{ + 0x0a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, + 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x20, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, + 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2a, + 0xa6, 0x01, 0x0a, 0x0d, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, + 0x72, 0x12, 0x1e, 0x0a, 0x1a, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x42, 0x45, 0x48, 0x41, 0x56, + 0x49, 0x4f, 0x52, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, + 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, + 0x0c, 0x0a, 0x08, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12, 0x0f, 0x0a, + 0x0b, 0x4f, 0x55, 0x54, 0x50, 0x55, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x03, 0x12, 0x0e, + 0x0a, 0x0a, 0x49, 0x4e, 0x50, 0x55, 0x54, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x04, 0x12, 0x0d, + 0x0a, 0x09, 0x49, 0x4d, 0x4d, 0x55, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x05, 0x12, 0x12, 0x0a, + 0x0e, 0x55, 0x4e, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x45, 0x44, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, + 0x06, 0x12, 0x15, 0x0a, 0x11, 0x4e, 0x4f, 0x4e, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x5f, 0x44, + 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x07, 0x3a, 0x60, 0x0a, 0x0e, 0x66, 0x69, 0x65, 0x6c, + 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, + 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9c, 0x08, 0x20, 0x03, 0x28, 0x0e, + 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x46, 0x69, + 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x52, 0x0d, 0x66, 0x69, 0x65, + 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x42, 0x70, 0x0a, 0x0e, 0x63, 0x6f, + 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x12, 0x46, 0x69, + 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, + 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, + 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_google_api_field_behavior_proto_rawDescOnce sync.Once + file_google_api_field_behavior_proto_rawDescData = file_google_api_field_behavior_proto_rawDesc +) + +func file_google_api_field_behavior_proto_rawDescGZIP() []byte { + file_google_api_field_behavior_proto_rawDescOnce.Do(func() { + file_google_api_field_behavior_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_field_behavior_proto_rawDescData) + }) + return file_google_api_field_behavior_proto_rawDescData +} + +var file_google_api_field_behavior_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_google_api_field_behavior_proto_goTypes = []interface{}{ + (FieldBehavior)(0), // 0: google.api.FieldBehavior + (*descriptorpb.FieldOptions)(nil), // 1: google.protobuf.FieldOptions +} +var file_google_api_field_behavior_proto_depIdxs = []int32{ + 1, // 0: google.api.field_behavior:extendee -> google.protobuf.FieldOptions + 0, // 1: google.api.field_behavior:type_name -> google.api.FieldBehavior + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 1, // [1:2] is the sub-list for extension type_name + 0, // [0:1] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_google_api_field_behavior_proto_init() } +func file_google_api_field_behavior_proto_init() { + if File_google_api_field_behavior_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_field_behavior_proto_rawDesc, + NumEnums: 1, + NumMessages: 0, + NumExtensions: 1, + NumServices: 0, + }, + GoTypes: file_google_api_field_behavior_proto_goTypes, + DependencyIndexes: file_google_api_field_behavior_proto_depIdxs, + EnumInfos: file_google_api_field_behavior_proto_enumTypes, + ExtensionInfos: file_google_api_field_behavior_proto_extTypes, + }.Build() + File_google_api_field_behavior_proto = out.File + file_google_api_field_behavior_proto_rawDesc = nil + file_google_api_field_behavior_proto_goTypes = nil + file_google_api_field_behavior_proto_depIdxs = nil +} diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go new file mode 100644 index 0000000000..8a0e1c345b --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go @@ -0,0 +1,782 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.21.9 +// source: google/api/http.proto + +package annotations + +import ( + reflect "reflect" + sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Defines the HTTP configuration for an API service. It contains a list of +// [HttpRule][google.api.HttpRule], each specifying the mapping of an RPC method +// to one or more HTTP REST API methods. +type Http struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A list of HTTP configuration rules that apply to individual API methods. + // + // **NOTE:** All service configuration rules follow "last one wins" order. + Rules []*HttpRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"` + // When set to true, URL path parameters will be fully URI-decoded except in + // cases of single segment matches in reserved expansion, where "%2F" will be + // left encoded. + // + // The default behavior is to not decode RFC 6570 reserved characters in multi + // segment matches. + FullyDecodeReservedExpansion bool `protobuf:"varint,2,opt,name=fully_decode_reserved_expansion,json=fullyDecodeReservedExpansion,proto3" json:"fully_decode_reserved_expansion,omitempty"` +} + +func (x *Http) Reset() { + *x = Http{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_http_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Http) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Http) ProtoMessage() {} + +func (x *Http) ProtoReflect() protoreflect.Message { + mi := &file_google_api_http_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Http.ProtoReflect.Descriptor instead. +func (*Http) Descriptor() ([]byte, []int) { + return file_google_api_http_proto_rawDescGZIP(), []int{0} +} + +func (x *Http) GetRules() []*HttpRule { + if x != nil { + return x.Rules + } + return nil +} + +func (x *Http) GetFullyDecodeReservedExpansion() bool { + if x != nil { + return x.FullyDecodeReservedExpansion + } + return false +} + +// # gRPC Transcoding +// +// gRPC Transcoding is a feature for mapping between a gRPC method and one or +// more HTTP REST endpoints. It allows developers to build a single API service +// that supports both gRPC APIs and REST APIs. Many systems, including [Google +// APIs](https://github.com/googleapis/googleapis), +// [Cloud Endpoints](https://cloud.google.com/endpoints), [gRPC +// Gateway](https://github.com/grpc-ecosystem/grpc-gateway), +// and [Envoy](https://github.com/envoyproxy/envoy) proxy support this feature +// and use it for large scale production services. +// +// `HttpRule` defines the schema of the gRPC/REST mapping. The mapping specifies +// how different portions of the gRPC request message are mapped to the URL +// path, URL query parameters, and HTTP request body. It also controls how the +// gRPC response message is mapped to the HTTP response body. `HttpRule` is +// typically specified as an `google.api.http` annotation on the gRPC method. +// +// Each mapping specifies a URL path template and an HTTP method. The path +// template may refer to one or more fields in the gRPC request message, as long +// as each field is a non-repeated field with a primitive (non-message) type. +// The path template controls how fields of the request message are mapped to +// the URL path. +// +// Example: +// +// service Messaging { +// rpc GetMessage(GetMessageRequest) returns (Message) { +// option (google.api.http) = { +// get: "/v1/{name=messages/*}" +// }; +// } +// } +// message GetMessageRequest { +// string name = 1; // Mapped to URL path. +// } +// message Message { +// string text = 1; // The resource content. +// } +// +// This enables an HTTP REST to gRPC mapping as below: +// +// HTTP | gRPC +// -----|----- +// `GET /v1/messages/123456` | `GetMessage(name: "messages/123456")` +// +// Any fields in the request message which are not bound by the path template +// automatically become HTTP query parameters if there is no HTTP request body. +// For example: +// +// service Messaging { +// rpc GetMessage(GetMessageRequest) returns (Message) { +// option (google.api.http) = { +// get:"/v1/messages/{message_id}" +// }; +// } +// } +// message GetMessageRequest { +// message SubMessage { +// string subfield = 1; +// } +// string message_id = 1; // Mapped to URL path. +// int64 revision = 2; // Mapped to URL query parameter `revision`. +// SubMessage sub = 3; // Mapped to URL query parameter `sub.subfield`. +// } +// +// This enables a HTTP JSON to RPC mapping as below: +// +// HTTP | gRPC +// -----|----- +// `GET /v1/messages/123456?revision=2&sub.subfield=foo` | +// `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield: +// "foo"))` +// +// Note that fields which are mapped to URL query parameters must have a +// primitive type or a repeated primitive type or a non-repeated message type. +// In the case of a repeated type, the parameter can be repeated in the URL +// as `...?param=A¶m=B`. In the case of a message type, each field of the +// message is mapped to a separate parameter, such as +// `...?foo.a=A&foo.b=B&foo.c=C`. +// +// For HTTP methods that allow a request body, the `body` field +// specifies the mapping. Consider a REST update method on the +// message resource collection: +// +// service Messaging { +// rpc UpdateMessage(UpdateMessageRequest) returns (Message) { +// option (google.api.http) = { +// patch: "/v1/messages/{message_id}" +// body: "message" +// }; +// } +// } +// message UpdateMessageRequest { +// string message_id = 1; // mapped to the URL +// Message message = 2; // mapped to the body +// } +// +// The following HTTP JSON to RPC mapping is enabled, where the +// representation of the JSON in the request body is determined by +// protos JSON encoding: +// +// HTTP | gRPC +// -----|----- +// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: +// "123456" message { text: "Hi!" })` +// +// The special name `*` can be used in the body mapping to define that +// every field not bound by the path template should be mapped to the +// request body. This enables the following alternative definition of +// the update method: +// +// service Messaging { +// rpc UpdateMessage(Message) returns (Message) { +// option (google.api.http) = { +// patch: "/v1/messages/{message_id}" +// body: "*" +// }; +// } +// } +// message Message { +// string message_id = 1; +// string text = 2; +// } +// +// The following HTTP JSON to RPC mapping is enabled: +// +// HTTP | gRPC +// -----|----- +// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: +// "123456" text: "Hi!")` +// +// Note that when using `*` in the body mapping, it is not possible to +// have HTTP parameters, as all fields not bound by the path end in +// the body. This makes this option more rarely used in practice when +// defining REST APIs. The common usage of `*` is in custom methods +// which don't use the URL at all for transferring data. +// +// It is possible to define multiple HTTP methods for one RPC by using +// the `additional_bindings` option. Example: +// +// service Messaging { +// rpc GetMessage(GetMessageRequest) returns (Message) { +// option (google.api.http) = { +// get: "/v1/messages/{message_id}" +// additional_bindings { +// get: "/v1/users/{user_id}/messages/{message_id}" +// } +// }; +// } +// } +// message GetMessageRequest { +// string message_id = 1; +// string user_id = 2; +// } +// +// This enables the following two alternative HTTP JSON to RPC mappings: +// +// HTTP | gRPC +// -----|----- +// `GET /v1/messages/123456` | `GetMessage(message_id: "123456")` +// `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id: +// "123456")` +// +// ## Rules for HTTP mapping +// +// 1. Leaf request fields (recursive expansion nested messages in the request +// message) are classified into three categories: +// - Fields referred by the path template. They are passed via the URL path. +// - Fields referred by the [HttpRule.body][google.api.HttpRule.body]. They +// are passed via the HTTP +// request body. +// - All other fields are passed via the URL query parameters, and the +// parameter name is the field path in the request message. A repeated +// field can be represented as multiple query parameters under the same +// name. +// 2. If [HttpRule.body][google.api.HttpRule.body] is "*", there is no URL +// query parameter, all fields +// are passed via URL path and HTTP request body. +// 3. If [HttpRule.body][google.api.HttpRule.body] is omitted, there is no HTTP +// request body, all +// fields are passed via URL path and URL query parameters. +// +// ### Path template syntax +// +// Template = "/" Segments [ Verb ] ; +// Segments = Segment { "/" Segment } ; +// Segment = "*" | "**" | LITERAL | Variable ; +// Variable = "{" FieldPath [ "=" Segments ] "}" ; +// FieldPath = IDENT { "." IDENT } ; +// Verb = ":" LITERAL ; +// +// The syntax `*` matches a single URL path segment. The syntax `**` matches +// zero or more URL path segments, which must be the last part of the URL path +// except the `Verb`. +// +// The syntax `Variable` matches part of the URL path as specified by its +// template. A variable template must not contain other variables. If a variable +// matches a single path segment, its template may be omitted, e.g. `{var}` +// is equivalent to `{var=*}`. +// +// The syntax `LITERAL` matches literal text in the URL path. If the `LITERAL` +// contains any reserved character, such characters should be percent-encoded +// before the matching. +// +// If a variable contains exactly one path segment, such as `"{var}"` or +// `"{var=*}"`, when such a variable is expanded into a URL path on the client +// side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The +// server side does the reverse decoding. Such variables show up in the +// [Discovery +// Document](https://developers.google.com/discovery/v1/reference/apis) as +// `{var}`. +// +// If a variable contains multiple path segments, such as `"{var=foo/*}"` +// or `"{var=**}"`, when such a variable is expanded into a URL path on the +// client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded. +// The server side does the reverse decoding, except "%2F" and "%2f" are left +// unchanged. Such variables show up in the +// [Discovery +// Document](https://developers.google.com/discovery/v1/reference/apis) as +// `{+var}`. +// +// ## Using gRPC API Service Configuration +// +// gRPC API Service Configuration (service config) is a configuration language +// for configuring a gRPC service to become a user-facing product. The +// service config is simply the YAML representation of the `google.api.Service` +// proto message. +// +// As an alternative to annotating your proto file, you can configure gRPC +// transcoding in your service config YAML files. You do this by specifying a +// `HttpRule` that maps the gRPC method to a REST endpoint, achieving the same +// effect as the proto annotation. This can be particularly useful if you +// have a proto that is reused in multiple services. Note that any transcoding +// specified in the service config will override any matching transcoding +// configuration in the proto. +// +// Example: +// +// http: +// rules: +// # Selects a gRPC method and applies HttpRule to it. +// - selector: example.v1.Messaging.GetMessage +// get: /v1/messages/{message_id}/{sub.subfield} +// +// ## Special notes +// +// When gRPC Transcoding is used to map a gRPC to JSON REST endpoints, the +// proto to JSON conversion must follow the [proto3 +// specification](https://developers.google.com/protocol-buffers/docs/proto3#json). +// +// While the single segment variable follows the semantics of +// [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2 Simple String +// Expansion, the multi segment variable **does not** follow RFC 6570 Section +// 3.2.3 Reserved Expansion. The reason is that the Reserved Expansion +// does not expand special characters like `?` and `#`, which would lead +// to invalid URLs. As the result, gRPC Transcoding uses a custom encoding +// for multi segment variables. +// +// The path variables **must not** refer to any repeated or mapped field, +// because client libraries are not capable of handling such variable expansion. +// +// The path variables **must not** capture the leading "/" character. The reason +// is that the most common use case "{var}" does not capture the leading "/" +// character. For consistency, all path variables must share the same behavior. +// +// Repeated message fields must not be mapped to URL query parameters, because +// no client library can support such complicated mapping. +// +// If an API needs to use a JSON array for request or response body, it can map +// the request or response body to a repeated field. However, some gRPC +// Transcoding implementations may not support this feature. +type HttpRule struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Selects a method to which this rule applies. + // + // Refer to [selector][google.api.DocumentationRule.selector] for syntax + // details. + Selector string `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"` + // Determines the URL pattern is matched by this rules. This pattern can be + // used with any of the {get|put|post|delete|patch} methods. A custom method + // can be defined using the 'custom' field. + // + // Types that are assignable to Pattern: + // + // *HttpRule_Get + // *HttpRule_Put + // *HttpRule_Post + // *HttpRule_Delete + // *HttpRule_Patch + // *HttpRule_Custom + Pattern isHttpRule_Pattern `protobuf_oneof:"pattern"` + // The name of the request field whose value is mapped to the HTTP request + // body, or `*` for mapping all request fields not captured by the path + // pattern to the HTTP body, or omitted for not having any HTTP request body. + // + // NOTE: the referred field must be present at the top-level of the request + // message type. + Body string `protobuf:"bytes,7,opt,name=body,proto3" json:"body,omitempty"` + // Optional. The name of the response field whose value is mapped to the HTTP + // response body. When omitted, the entire response message will be used + // as the HTTP response body. + // + // NOTE: The referred field must be present at the top-level of the response + // message type. + ResponseBody string `protobuf:"bytes,12,opt,name=response_body,json=responseBody,proto3" json:"response_body,omitempty"` + // Additional HTTP bindings for the selector. Nested bindings must + // not contain an `additional_bindings` field themselves (that is, + // the nesting may only be one level deep). + AdditionalBindings []*HttpRule `protobuf:"bytes,11,rep,name=additional_bindings,json=additionalBindings,proto3" json:"additional_bindings,omitempty"` +} + +func (x *HttpRule) Reset() { + *x = HttpRule{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_http_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HttpRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HttpRule) ProtoMessage() {} + +func (x *HttpRule) ProtoReflect() protoreflect.Message { + mi := &file_google_api_http_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HttpRule.ProtoReflect.Descriptor instead. +func (*HttpRule) Descriptor() ([]byte, []int) { + return file_google_api_http_proto_rawDescGZIP(), []int{1} +} + +func (x *HttpRule) GetSelector() string { + if x != nil { + return x.Selector + } + return "" +} + +func (m *HttpRule) GetPattern() isHttpRule_Pattern { + if m != nil { + return m.Pattern + } + return nil +} + +func (x *HttpRule) GetGet() string { + if x, ok := x.GetPattern().(*HttpRule_Get); ok { + return x.Get + } + return "" +} + +func (x *HttpRule) GetPut() string { + if x, ok := x.GetPattern().(*HttpRule_Put); ok { + return x.Put + } + return "" +} + +func (x *HttpRule) GetPost() string { + if x, ok := x.GetPattern().(*HttpRule_Post); ok { + return x.Post + } + return "" +} + +func (x *HttpRule) GetDelete() string { + if x, ok := x.GetPattern().(*HttpRule_Delete); ok { + return x.Delete + } + return "" +} + +func (x *HttpRule) GetPatch() string { + if x, ok := x.GetPattern().(*HttpRule_Patch); ok { + return x.Patch + } + return "" +} + +func (x *HttpRule) GetCustom() *CustomHttpPattern { + if x, ok := x.GetPattern().(*HttpRule_Custom); ok { + return x.Custom + } + return nil +} + +func (x *HttpRule) GetBody() string { + if x != nil { + return x.Body + } + return "" +} + +func (x *HttpRule) GetResponseBody() string { + if x != nil { + return x.ResponseBody + } + return "" +} + +func (x *HttpRule) GetAdditionalBindings() []*HttpRule { + if x != nil { + return x.AdditionalBindings + } + return nil +} + +type isHttpRule_Pattern interface { + isHttpRule_Pattern() +} + +type HttpRule_Get struct { + // Maps to HTTP GET. Used for listing and getting information about + // resources. + Get string `protobuf:"bytes,2,opt,name=get,proto3,oneof"` +} + +type HttpRule_Put struct { + // Maps to HTTP PUT. Used for replacing a resource. + Put string `protobuf:"bytes,3,opt,name=put,proto3,oneof"` +} + +type HttpRule_Post struct { + // Maps to HTTP POST. Used for creating a resource or performing an action. + Post string `protobuf:"bytes,4,opt,name=post,proto3,oneof"` +} + +type HttpRule_Delete struct { + // Maps to HTTP DELETE. Used for deleting a resource. + Delete string `protobuf:"bytes,5,opt,name=delete,proto3,oneof"` +} + +type HttpRule_Patch struct { + // Maps to HTTP PATCH. Used for updating a resource. + Patch string `protobuf:"bytes,6,opt,name=patch,proto3,oneof"` +} + +type HttpRule_Custom struct { + // The custom pattern is used for specifying an HTTP method that is not + // included in the `pattern` field, such as HEAD, or "*" to leave the + // HTTP method unspecified for this rule. The wild-card rule is useful + // for services that provide content to Web (HTML) clients. + Custom *CustomHttpPattern `protobuf:"bytes,8,opt,name=custom,proto3,oneof"` +} + +func (*HttpRule_Get) isHttpRule_Pattern() {} + +func (*HttpRule_Put) isHttpRule_Pattern() {} + +func (*HttpRule_Post) isHttpRule_Pattern() {} + +func (*HttpRule_Delete) isHttpRule_Pattern() {} + +func (*HttpRule_Patch) isHttpRule_Pattern() {} + +func (*HttpRule_Custom) isHttpRule_Pattern() {} + +// A custom pattern is used for defining custom HTTP verb. +type CustomHttpPattern struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The name of this custom HTTP verb. + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + // The path matched by this custom verb. + Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` +} + +func (x *CustomHttpPattern) Reset() { + *x = CustomHttpPattern{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_http_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CustomHttpPattern) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CustomHttpPattern) ProtoMessage() {} + +func (x *CustomHttpPattern) ProtoReflect() protoreflect.Message { + mi := &file_google_api_http_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CustomHttpPattern.ProtoReflect.Descriptor instead. +func (*CustomHttpPattern) Descriptor() ([]byte, []int) { + return file_google_api_http_proto_rawDescGZIP(), []int{2} +} + +func (x *CustomHttpPattern) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *CustomHttpPattern) GetPath() string { + if x != nil { + return x.Path + } + return "" +} + +var File_google_api_http_proto protoreflect.FileDescriptor + +var file_google_api_http_proto_rawDesc = []byte{ + 0x0a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x68, 0x74, 0x74, + 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x22, 0x79, 0x0a, 0x04, 0x48, 0x74, 0x74, 0x70, 0x12, 0x2a, 0x0a, 0x05, 0x72, + 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x52, 0x75, 0x6c, 0x65, + 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x1f, 0x66, 0x75, 0x6c, 0x6c, 0x79, + 0x5f, 0x64, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, + 0x5f, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x1c, 0x66, 0x75, 0x6c, 0x6c, 0x79, 0x44, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x64, 0x45, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xda, + 0x02, 0x0a, 0x08, 0x48, 0x74, 0x74, 0x70, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x12, 0x0a, 0x03, 0x67, 0x65, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x03, 0x67, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x03, 0x70, + 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x03, 0x70, 0x75, 0x74, 0x12, + 0x14, 0x0a, 0x04, 0x70, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, + 0x04, 0x70, 0x6f, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, + 0x16, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, + 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x12, 0x37, 0x0a, 0x06, 0x63, 0x75, 0x73, 0x74, 0x6f, + 0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x48, 0x74, 0x74, 0x70, 0x50, + 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x48, 0x00, 0x52, 0x06, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, + 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x62, 0x6f, 0x64, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x5f, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x45, 0x0a, 0x13, 0x61, 0x64, 0x64, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x62, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, + 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x12, 0x61, 0x64, + 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x42, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, + 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x22, 0x3b, 0x0a, 0x11, 0x43, + 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x48, 0x74, 0x74, 0x70, 0x50, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, + 0x12, 0x12, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x42, 0x6a, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x09, 0x48, 0x74, 0x74, 0x70, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, + 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x04, + 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_google_api_http_proto_rawDescOnce sync.Once + file_google_api_http_proto_rawDescData = file_google_api_http_proto_rawDesc +) + +func file_google_api_http_proto_rawDescGZIP() []byte { + file_google_api_http_proto_rawDescOnce.Do(func() { + file_google_api_http_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_http_proto_rawDescData) + }) + return file_google_api_http_proto_rawDescData +} + +var file_google_api_http_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_google_api_http_proto_goTypes = []interface{}{ + (*Http)(nil), // 0: google.api.Http + (*HttpRule)(nil), // 1: google.api.HttpRule + (*CustomHttpPattern)(nil), // 2: google.api.CustomHttpPattern +} +var file_google_api_http_proto_depIdxs = []int32{ + 1, // 0: google.api.Http.rules:type_name -> google.api.HttpRule + 2, // 1: google.api.HttpRule.custom:type_name -> google.api.CustomHttpPattern + 1, // 2: google.api.HttpRule.additional_bindings:type_name -> google.api.HttpRule + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_google_api_http_proto_init() } +func file_google_api_http_proto_init() { + if File_google_api_http_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_google_api_http_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Http); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_http_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HttpRule); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_http_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CustomHttpPattern); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_google_api_http_proto_msgTypes[1].OneofWrappers = []interface{}{ + (*HttpRule_Get)(nil), + (*HttpRule_Put)(nil), + (*HttpRule_Post)(nil), + (*HttpRule_Delete)(nil), + (*HttpRule_Patch)(nil), + (*HttpRule_Custom)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_http_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_google_api_http_proto_goTypes, + DependencyIndexes: file_google_api_http_proto_depIdxs, + MessageInfos: file_google_api_http_proto_msgTypes, + }.Build() + File_google_api_http_proto = out.File + file_google_api_http_proto_rawDesc = nil + file_google_api_http_proto_goTypes = nil + file_google_api_http_proto_depIdxs = nil +} diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go new file mode 100644 index 0000000000..bbcc12d29c --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go @@ -0,0 +1,655 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.21.9 +// source: google/api/resource.proto + +package annotations + +import ( + reflect "reflect" + sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// A description of the historical or future-looking state of the +// resource pattern. +type ResourceDescriptor_History int32 + +const ( + // The "unset" value. + ResourceDescriptor_HISTORY_UNSPECIFIED ResourceDescriptor_History = 0 + // The resource originally had one pattern and launched as such, and + // additional patterns were added later. + ResourceDescriptor_ORIGINALLY_SINGLE_PATTERN ResourceDescriptor_History = 1 + // The resource has one pattern, but the API owner expects to add more + // later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents + // that from being necessary once there are multiple patterns.) + ResourceDescriptor_FUTURE_MULTI_PATTERN ResourceDescriptor_History = 2 +) + +// Enum value maps for ResourceDescriptor_History. +var ( + ResourceDescriptor_History_name = map[int32]string{ + 0: "HISTORY_UNSPECIFIED", + 1: "ORIGINALLY_SINGLE_PATTERN", + 2: "FUTURE_MULTI_PATTERN", + } + ResourceDescriptor_History_value = map[string]int32{ + "HISTORY_UNSPECIFIED": 0, + "ORIGINALLY_SINGLE_PATTERN": 1, + "FUTURE_MULTI_PATTERN": 2, + } +) + +func (x ResourceDescriptor_History) Enum() *ResourceDescriptor_History { + p := new(ResourceDescriptor_History) + *p = x + return p +} + +func (x ResourceDescriptor_History) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ResourceDescriptor_History) Descriptor() protoreflect.EnumDescriptor { + return file_google_api_resource_proto_enumTypes[0].Descriptor() +} + +func (ResourceDescriptor_History) Type() protoreflect.EnumType { + return &file_google_api_resource_proto_enumTypes[0] +} + +func (x ResourceDescriptor_History) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ResourceDescriptor_History.Descriptor instead. +func (ResourceDescriptor_History) EnumDescriptor() ([]byte, []int) { + return file_google_api_resource_proto_rawDescGZIP(), []int{0, 0} +} + +// A flag representing a specific style that a resource claims to conform to. +type ResourceDescriptor_Style int32 + +const ( + // The unspecified value. Do not use. + ResourceDescriptor_STYLE_UNSPECIFIED ResourceDescriptor_Style = 0 + // This resource is intended to be "declarative-friendly". + // + // Declarative-friendly resources must be more strictly consistent, and + // setting this to true communicates to tools that this resource should + // adhere to declarative-friendly expectations. + // + // Note: This is used by the API linter (linter.aip.dev) to enable + // additional checks. + ResourceDescriptor_DECLARATIVE_FRIENDLY ResourceDescriptor_Style = 1 +) + +// Enum value maps for ResourceDescriptor_Style. +var ( + ResourceDescriptor_Style_name = map[int32]string{ + 0: "STYLE_UNSPECIFIED", + 1: "DECLARATIVE_FRIENDLY", + } + ResourceDescriptor_Style_value = map[string]int32{ + "STYLE_UNSPECIFIED": 0, + "DECLARATIVE_FRIENDLY": 1, + } +) + +func (x ResourceDescriptor_Style) Enum() *ResourceDescriptor_Style { + p := new(ResourceDescriptor_Style) + *p = x + return p +} + +func (x ResourceDescriptor_Style) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ResourceDescriptor_Style) Descriptor() protoreflect.EnumDescriptor { + return file_google_api_resource_proto_enumTypes[1].Descriptor() +} + +func (ResourceDescriptor_Style) Type() protoreflect.EnumType { + return &file_google_api_resource_proto_enumTypes[1] +} + +func (x ResourceDescriptor_Style) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ResourceDescriptor_Style.Descriptor instead. +func (ResourceDescriptor_Style) EnumDescriptor() ([]byte, []int) { + return file_google_api_resource_proto_rawDescGZIP(), []int{0, 1} +} + +// A simple descriptor of a resource type. +// +// ResourceDescriptor annotates a resource message (either by means of a +// protobuf annotation or use in the service config), and associates the +// resource's schema, the resource type, and the pattern of the resource name. +// +// Example: +// +// message Topic { +// // Indicates this message defines a resource schema. +// // Declares the resource type in the format of {service}/{kind}. +// // For Kubernetes resources, the format is {api group}/{kind}. +// option (google.api.resource) = { +// type: "pubsub.googleapis.com/Topic" +// pattern: "projects/{project}/topics/{topic}" +// }; +// } +// +// The ResourceDescriptor Yaml config will look like: +// +// resources: +// - type: "pubsub.googleapis.com/Topic" +// pattern: "projects/{project}/topics/{topic}" +// +// Sometimes, resources have multiple patterns, typically because they can +// live under multiple parents. +// +// Example: +// +// message LogEntry { +// option (google.api.resource) = { +// type: "logging.googleapis.com/LogEntry" +// pattern: "projects/{project}/logs/{log}" +// pattern: "folders/{folder}/logs/{log}" +// pattern: "organizations/{organization}/logs/{log}" +// pattern: "billingAccounts/{billing_account}/logs/{log}" +// }; +// } +// +// The ResourceDescriptor Yaml config will look like: +// +// resources: +// - type: 'logging.googleapis.com/LogEntry' +// pattern: "projects/{project}/logs/{log}" +// pattern: "folders/{folder}/logs/{log}" +// pattern: "organizations/{organization}/logs/{log}" +// pattern: "billingAccounts/{billing_account}/logs/{log}" +type ResourceDescriptor struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The resource type. It must be in the format of + // {service_name}/{resource_type_kind}. The `resource_type_kind` must be + // singular and must not include version numbers. + // + // Example: `storage.googleapis.com/Bucket` + // + // The value of the resource_type_kind must follow the regular expression + // /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and + // should use PascalCase (UpperCamelCase). The maximum number of + // characters allowed for the `resource_type_kind` is 100. + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + // Optional. The relative resource name pattern associated with this resource + // type. The DNS prefix of the full resource name shouldn't be specified here. + // + // The path pattern must follow the syntax, which aligns with HTTP binding + // syntax: + // + // Template = Segment { "/" Segment } ; + // Segment = LITERAL | Variable ; + // Variable = "{" LITERAL "}" ; + // + // Examples: + // + // - "projects/{project}/topics/{topic}" + // - "projects/{project}/knowledgeBases/{knowledge_base}" + // + // The components in braces correspond to the IDs for each resource in the + // hierarchy. It is expected that, if multiple patterns are provided, + // the same component name (e.g. "project") refers to IDs of the same + // type of resource. + Pattern []string `protobuf:"bytes,2,rep,name=pattern,proto3" json:"pattern,omitempty"` + // Optional. The field on the resource that designates the resource name + // field. If omitted, this is assumed to be "name". + NameField string `protobuf:"bytes,3,opt,name=name_field,json=nameField,proto3" json:"name_field,omitempty"` + // Optional. The historical or future-looking state of the resource pattern. + // + // Example: + // + // // The InspectTemplate message originally only supported resource + // // names with organization, and project was added later. + // message InspectTemplate { + // option (google.api.resource) = { + // type: "dlp.googleapis.com/InspectTemplate" + // pattern: + // "organizations/{organization}/inspectTemplates/{inspect_template}" + // pattern: "projects/{project}/inspectTemplates/{inspect_template}" + // history: ORIGINALLY_SINGLE_PATTERN + // }; + // } + History ResourceDescriptor_History `protobuf:"varint,4,opt,name=history,proto3,enum=google.api.ResourceDescriptor_History" json:"history,omitempty"` + // The plural name used in the resource name and permission names, such as + // 'projects' for the resource name of 'projects/{project}' and the permission + // name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same + // concept of the `plural` field in k8s CRD spec + // https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ + // + // Note: The plural form is required even for singleton resources. See + // https://aip.dev/156 + Plural string `protobuf:"bytes,5,opt,name=plural,proto3" json:"plural,omitempty"` + // The same concept of the `singular` field in k8s CRD spec + // https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ + // Such as "project" for the `resourcemanager.googleapis.com/Project` type. + Singular string `protobuf:"bytes,6,opt,name=singular,proto3" json:"singular,omitempty"` + // Style flag(s) for this resource. + // These indicate that a resource is expected to conform to a given + // style. See the specific style flags for additional information. + Style []ResourceDescriptor_Style `protobuf:"varint,10,rep,packed,name=style,proto3,enum=google.api.ResourceDescriptor_Style" json:"style,omitempty"` +} + +func (x *ResourceDescriptor) Reset() { + *x = ResourceDescriptor{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_resource_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ResourceDescriptor) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ResourceDescriptor) ProtoMessage() {} + +func (x *ResourceDescriptor) ProtoReflect() protoreflect.Message { + mi := &file_google_api_resource_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ResourceDescriptor.ProtoReflect.Descriptor instead. +func (*ResourceDescriptor) Descriptor() ([]byte, []int) { + return file_google_api_resource_proto_rawDescGZIP(), []int{0} +} + +func (x *ResourceDescriptor) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *ResourceDescriptor) GetPattern() []string { + if x != nil { + return x.Pattern + } + return nil +} + +func (x *ResourceDescriptor) GetNameField() string { + if x != nil { + return x.NameField + } + return "" +} + +func (x *ResourceDescriptor) GetHistory() ResourceDescriptor_History { + if x != nil { + return x.History + } + return ResourceDescriptor_HISTORY_UNSPECIFIED +} + +func (x *ResourceDescriptor) GetPlural() string { + if x != nil { + return x.Plural + } + return "" +} + +func (x *ResourceDescriptor) GetSingular() string { + if x != nil { + return x.Singular + } + return "" +} + +func (x *ResourceDescriptor) GetStyle() []ResourceDescriptor_Style { + if x != nil { + return x.Style + } + return nil +} + +// Defines a proto annotation that describes a string field that refers to +// an API resource. +type ResourceReference struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The resource type that the annotated field references. + // + // Example: + // + // message Subscription { + // string topic = 2 [(google.api.resource_reference) = { + // type: "pubsub.googleapis.com/Topic" + // }]; + // } + // + // Occasionally, a field may reference an arbitrary resource. In this case, + // APIs use the special value * in their resource reference. + // + // Example: + // + // message GetIamPolicyRequest { + // string resource = 2 [(google.api.resource_reference) = { + // type: "*" + // }]; + // } + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + // The resource type of a child collection that the annotated field + // references. This is useful for annotating the `parent` field that + // doesn't have a fixed resource type. + // + // Example: + // + // message ListLogEntriesRequest { + // string parent = 1 [(google.api.resource_reference) = { + // child_type: "logging.googleapis.com/LogEntry" + // }; + // } + ChildType string `protobuf:"bytes,2,opt,name=child_type,json=childType,proto3" json:"child_type,omitempty"` +} + +func (x *ResourceReference) Reset() { + *x = ResourceReference{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_resource_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ResourceReference) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ResourceReference) ProtoMessage() {} + +func (x *ResourceReference) ProtoReflect() protoreflect.Message { + mi := &file_google_api_resource_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ResourceReference.ProtoReflect.Descriptor instead. +func (*ResourceReference) Descriptor() ([]byte, []int) { + return file_google_api_resource_proto_rawDescGZIP(), []int{1} +} + +func (x *ResourceReference) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *ResourceReference) GetChildType() string { + if x != nil { + return x.ChildType + } + return "" +} + +var file_google_api_resource_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.FieldOptions)(nil), + ExtensionType: (*ResourceReference)(nil), + Field: 1055, + Name: "google.api.resource_reference", + Tag: "bytes,1055,opt,name=resource_reference", + Filename: "google/api/resource.proto", + }, + { + ExtendedType: (*descriptorpb.FileOptions)(nil), + ExtensionType: ([]*ResourceDescriptor)(nil), + Field: 1053, + Name: "google.api.resource_definition", + Tag: "bytes,1053,rep,name=resource_definition", + Filename: "google/api/resource.proto", + }, + { + ExtendedType: (*descriptorpb.MessageOptions)(nil), + ExtensionType: (*ResourceDescriptor)(nil), + Field: 1053, + Name: "google.api.resource", + Tag: "bytes,1053,opt,name=resource", + Filename: "google/api/resource.proto", + }, +} + +// Extension fields to descriptorpb.FieldOptions. +var ( + // An annotation that describes a resource reference, see + // [ResourceReference][]. + // + // optional google.api.ResourceReference resource_reference = 1055; + E_ResourceReference = &file_google_api_resource_proto_extTypes[0] +) + +// Extension fields to descriptorpb.FileOptions. +var ( + // An annotation that describes a resource definition without a corresponding + // message; see [ResourceDescriptor][]. + // + // repeated google.api.ResourceDescriptor resource_definition = 1053; + E_ResourceDefinition = &file_google_api_resource_proto_extTypes[1] +) + +// Extension fields to descriptorpb.MessageOptions. +var ( + // An annotation that describes a resource definition, see + // [ResourceDescriptor][]. + // + // optional google.api.ResourceDescriptor resource = 1053; + E_Resource = &file_google_api_resource_proto_extTypes[2] +) + +var File_google_api_resource_proto protoreflect.FileDescriptor + +var file_google_api_resource_proto_rawDesc = []byte{ + 0x0a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xaa, 0x03, 0x0a, 0x12, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, + 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6e, 0x12, 0x1d, + 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x40, 0x0a, + 0x07, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x72, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x48, + 0x69, 0x73, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x07, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x72, 0x79, 0x12, + 0x16, 0x0a, 0x06, 0x70, 0x6c, 0x75, 0x72, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x70, 0x6c, 0x75, 0x72, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x69, 0x6e, 0x67, 0x75, + 0x6c, 0x61, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x69, 0x6e, 0x67, 0x75, + 0x6c, 0x61, 0x72, 0x12, 0x3a, 0x0a, 0x05, 0x73, 0x74, 0x79, 0x6c, 0x65, 0x18, 0x0a, 0x20, 0x03, + 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x6f, 0x72, 0x2e, 0x53, 0x74, 0x79, 0x6c, 0x65, 0x52, 0x05, 0x73, 0x74, 0x79, 0x6c, 0x65, 0x22, + 0x5b, 0x0a, 0x07, 0x48, 0x69, 0x73, 0x74, 0x6f, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x49, + 0x53, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, + 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x4f, 0x52, 0x49, 0x47, 0x49, 0x4e, 0x41, 0x4c, 0x4c, + 0x59, 0x5f, 0x53, 0x49, 0x4e, 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x41, 0x54, 0x54, 0x45, 0x52, 0x4e, + 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x46, 0x55, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4d, 0x55, 0x4c, + 0x54, 0x49, 0x5f, 0x50, 0x41, 0x54, 0x54, 0x45, 0x52, 0x4e, 0x10, 0x02, 0x22, 0x38, 0x0a, 0x05, + 0x53, 0x74, 0x79, 0x6c, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x54, 0x59, 0x4c, 0x45, 0x5f, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, + 0x44, 0x45, 0x43, 0x4c, 0x41, 0x52, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x46, 0x52, 0x49, 0x45, + 0x4e, 0x44, 0x4c, 0x59, 0x10, 0x01, 0x22, 0x46, 0x0a, 0x11, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, + 0x1d, 0x0a, 0x0a, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x6c, + 0x0a, 0x12, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, + 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0x9f, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x11, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x3a, 0x6e, 0x0a, 0x13, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x18, 0x9d, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x44, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x52, 0x12, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x5c, 0x0a, 0x08, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9d, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, + 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x6e, 0x0a, 0x0e, 0x63, 0x6f, + 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0d, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, + 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_google_api_resource_proto_rawDescOnce sync.Once + file_google_api_resource_proto_rawDescData = file_google_api_resource_proto_rawDesc +) + +func file_google_api_resource_proto_rawDescGZIP() []byte { + file_google_api_resource_proto_rawDescOnce.Do(func() { + file_google_api_resource_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_resource_proto_rawDescData) + }) + return file_google_api_resource_proto_rawDescData +} + +var file_google_api_resource_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_google_api_resource_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_google_api_resource_proto_goTypes = []interface{}{ + (ResourceDescriptor_History)(0), // 0: google.api.ResourceDescriptor.History + (ResourceDescriptor_Style)(0), // 1: google.api.ResourceDescriptor.Style + (*ResourceDescriptor)(nil), // 2: google.api.ResourceDescriptor + (*ResourceReference)(nil), // 3: google.api.ResourceReference + (*descriptorpb.FieldOptions)(nil), // 4: google.protobuf.FieldOptions + (*descriptorpb.FileOptions)(nil), // 5: google.protobuf.FileOptions + (*descriptorpb.MessageOptions)(nil), // 6: google.protobuf.MessageOptions +} +var file_google_api_resource_proto_depIdxs = []int32{ + 0, // 0: google.api.ResourceDescriptor.history:type_name -> google.api.ResourceDescriptor.History + 1, // 1: google.api.ResourceDescriptor.style:type_name -> google.api.ResourceDescriptor.Style + 4, // 2: google.api.resource_reference:extendee -> google.protobuf.FieldOptions + 5, // 3: google.api.resource_definition:extendee -> google.protobuf.FileOptions + 6, // 4: google.api.resource:extendee -> google.protobuf.MessageOptions + 3, // 5: google.api.resource_reference:type_name -> google.api.ResourceReference + 2, // 6: google.api.resource_definition:type_name -> google.api.ResourceDescriptor + 2, // 7: google.api.resource:type_name -> google.api.ResourceDescriptor + 8, // [8:8] is the sub-list for method output_type + 8, // [8:8] is the sub-list for method input_type + 5, // [5:8] is the sub-list for extension type_name + 2, // [2:5] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_google_api_resource_proto_init() } +func file_google_api_resource_proto_init() { + if File_google_api_resource_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_google_api_resource_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ResourceDescriptor); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_resource_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ResourceReference); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_resource_proto_rawDesc, + NumEnums: 2, + NumMessages: 2, + NumExtensions: 3, + NumServices: 0, + }, + GoTypes: file_google_api_resource_proto_goTypes, + DependencyIndexes: file_google_api_resource_proto_depIdxs, + EnumInfos: file_google_api_resource_proto_enumTypes, + MessageInfos: file_google_api_resource_proto_msgTypes, + ExtensionInfos: file_google_api_resource_proto_extTypes, + }.Build() + File_google_api_resource_proto = out.File + file_google_api_resource_proto_rawDesc = nil + file_google_api_resource_proto_goTypes = nil + file_google_api_resource_proto_depIdxs = nil +} diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go new file mode 100644 index 0000000000..9a9ae04c29 --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go @@ -0,0 +1,693 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.21.9 +// source: google/api/routing.proto + +package annotations + +import ( + reflect "reflect" + sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Specifies the routing information that should be sent along with the request +// in the form of routing header. +// **NOTE:** All service configuration rules follow the "last one wins" order. +// +// The examples below will apply to an RPC which has the following request type: +// +// Message Definition: +// +// message Request { +// // The name of the Table +// // Values can be of the following formats: +// // - `projects//tables/` +// // - `projects//instances//tables/
      ` +// // - `region//zones//tables/
      ` +// string table_name = 1; +// +// // This value specifies routing for replication. +// // It can be in the following formats: +// // - `profiles/` +// // - a legacy `profile_id` that can be any string +// string app_profile_id = 2; +// } +// +// Example message: +// +// { +// table_name: projects/proj_foo/instances/instance_bar/table/table_baz, +// app_profile_id: profiles/prof_qux +// } +// +// The routing header consists of one or multiple key-value pairs. Every key +// and value must be percent-encoded, and joined together in the format of +// `key1=value1&key2=value2`. +// In the examples below I am skipping the percent-encoding for readablity. +// +// # Example 1 +// +// Extracting a field from the request to put into the routing header +// unchanged, with the key equal to the field name. +// +// annotation: +// +// option (google.api.routing) = { +// // Take the `app_profile_id`. +// routing_parameters { +// field: "app_profile_id" +// } +// }; +// +// result: +// +// x-goog-request-params: app_profile_id=profiles/prof_qux +// +// # Example 2 +// +// Extracting a field from the request to put into the routing header +// unchanged, with the key different from the field name. +// +// annotation: +// +// option (google.api.routing) = { +// // Take the `app_profile_id`, but name it `routing_id` in the header. +// routing_parameters { +// field: "app_profile_id" +// path_template: "{routing_id=**}" +// } +// }; +// +// result: +// +// x-goog-request-params: routing_id=profiles/prof_qux +// +// # Example 3 +// +// Extracting a field from the request to put into the routing +// header, while matching a path template syntax on the field's value. +// +// NB: it is more useful to send nothing than to send garbage for the purpose +// of dynamic routing, since garbage pollutes cache. Thus the matching. +// +// # Sub-example 3a +// +// The field matches the template. +// +// annotation: +// +// option (google.api.routing) = { +// // Take the `table_name`, if it's well-formed (with project-based +// // syntax). +// routing_parameters { +// field: "table_name" +// path_template: "{table_name=projects/*/instances/*/**}" +// } +// }; +// +// result: +// +// x-goog-request-params: +// table_name=projects/proj_foo/instances/instance_bar/table/table_baz +// +// # Sub-example 3b +// +// The field does not match the template. +// +// annotation: +// +// option (google.api.routing) = { +// // Take the `table_name`, if it's well-formed (with region-based +// // syntax). +// routing_parameters { +// field: "table_name" +// path_template: "{table_name=regions/*/zones/*/**}" +// } +// }; +// +// result: +// +// +// +// # Sub-example 3c +// +// Multiple alternative conflictingly named path templates are +// specified. The one that matches is used to construct the header. +// +// annotation: +// +// option (google.api.routing) = { +// // Take the `table_name`, if it's well-formed, whether +// // using the region- or projects-based syntax. +// +// routing_parameters { +// field: "table_name" +// path_template: "{table_name=regions/*/zones/*/**}" +// } +// routing_parameters { +// field: "table_name" +// path_template: "{table_name=projects/*/instances/*/**}" +// } +// }; +// +// result: +// +// x-goog-request-params: +// table_name=projects/proj_foo/instances/instance_bar/table/table_baz +// +// # Example 4 +// +// Extracting a single routing header key-value pair by matching a +// template syntax on (a part of) a single request field. +// +// annotation: +// +// option (google.api.routing) = { +// // Take just the project id from the `table_name` field. +// routing_parameters { +// field: "table_name" +// path_template: "{routing_id=projects/*}/**" +// } +// }; +// +// result: +// +// x-goog-request-params: routing_id=projects/proj_foo +// +// # Example 5 +// +// Extracting a single routing header key-value pair by matching +// several conflictingly named path templates on (parts of) a single request +// field. The last template to match "wins" the conflict. +// +// annotation: +// +// option (google.api.routing) = { +// // If the `table_name` does not have instances information, +// // take just the project id for routing. +// // Otherwise take project + instance. +// +// routing_parameters { +// field: "table_name" +// path_template: "{routing_id=projects/*}/**" +// } +// routing_parameters { +// field: "table_name" +// path_template: "{routing_id=projects/*/instances/*}/**" +// } +// }; +// +// result: +// +// x-goog-request-params: +// routing_id=projects/proj_foo/instances/instance_bar +// +// # Example 6 +// +// Extracting multiple routing header key-value pairs by matching +// several non-conflicting path templates on (parts of) a single request field. +// +// # Sub-example 6a +// +// Make the templates strict, so that if the `table_name` does not +// have an instance information, nothing is sent. +// +// annotation: +// +// option (google.api.routing) = { +// // The routing code needs two keys instead of one composite +// // but works only for the tables with the "project-instance" name +// // syntax. +// +// routing_parameters { +// field: "table_name" +// path_template: "{project_id=projects/*}/instances/*/**" +// } +// routing_parameters { +// field: "table_name" +// path_template: "projects/*/{instance_id=instances/*}/**" +// } +// }; +// +// result: +// +// x-goog-request-params: +// project_id=projects/proj_foo&instance_id=instances/instance_bar +// +// # Sub-example 6b +// +// Make the templates loose, so that if the `table_name` does not +// have an instance information, just the project id part is sent. +// +// annotation: +// +// option (google.api.routing) = { +// // The routing code wants two keys instead of one composite +// // but will work with just the `project_id` for tables without +// // an instance in the `table_name`. +// +// routing_parameters { +// field: "table_name" +// path_template: "{project_id=projects/*}/**" +// } +// routing_parameters { +// field: "table_name" +// path_template: "projects/*/{instance_id=instances/*}/**" +// } +// }; +// +// result (is the same as 6a for our example message because it has the instance +// information): +// +// x-goog-request-params: +// project_id=projects/proj_foo&instance_id=instances/instance_bar +// +// # Example 7 +// +// Extracting multiple routing header key-value pairs by matching +// several path templates on multiple request fields. +// +// NB: note that here there is no way to specify sending nothing if one of the +// fields does not match its template. E.g. if the `table_name` is in the wrong +// format, the `project_id` will not be sent, but the `routing_id` will be. +// The backend routing code has to be aware of that and be prepared to not +// receive a full complement of keys if it expects multiple. +// +// annotation: +// +// option (google.api.routing) = { +// // The routing needs both `project_id` and `routing_id` +// // (from the `app_profile_id` field) for routing. +// +// routing_parameters { +// field: "table_name" +// path_template: "{project_id=projects/*}/**" +// } +// routing_parameters { +// field: "app_profile_id" +// path_template: "{routing_id=**}" +// } +// }; +// +// result: +// +// x-goog-request-params: +// project_id=projects/proj_foo&routing_id=profiles/prof_qux +// +// # Example 8 +// +// Extracting a single routing header key-value pair by matching +// several conflictingly named path templates on several request fields. The +// last template to match "wins" the conflict. +// +// annotation: +// +// option (google.api.routing) = { +// // The `routing_id` can be a project id or a region id depending on +// // the table name format, but only if the `app_profile_id` is not set. +// // If `app_profile_id` is set it should be used instead. +// +// routing_parameters { +// field: "table_name" +// path_template: "{routing_id=projects/*}/**" +// } +// routing_parameters { +// field: "table_name" +// path_template: "{routing_id=regions/*}/**" +// } +// routing_parameters { +// field: "app_profile_id" +// path_template: "{routing_id=**}" +// } +// }; +// +// result: +// +// x-goog-request-params: routing_id=profiles/prof_qux +// +// # Example 9 +// +// Bringing it all together. +// +// annotation: +// +// option (google.api.routing) = { +// // For routing both `table_location` and a `routing_id` are needed. +// // +// // table_location can be either an instance id or a region+zone id. +// // +// // For `routing_id`, take the value of `app_profile_id` +// // - If it's in the format `profiles/`, send +// // just the `` part. +// // - If it's any other literal, send it as is. +// // If the `app_profile_id` is empty, and the `table_name` starts with +// // the project_id, send that instead. +// +// routing_parameters { +// field: "table_name" +// path_template: "projects/*/{table_location=instances/*}/tables/*" +// } +// routing_parameters { +// field: "table_name" +// path_template: "{table_location=regions/*/zones/*}/tables/*" +// } +// routing_parameters { +// field: "table_name" +// path_template: "{routing_id=projects/*}/**" +// } +// routing_parameters { +// field: "app_profile_id" +// path_template: "{routing_id=**}" +// } +// routing_parameters { +// field: "app_profile_id" +// path_template: "profiles/{routing_id=*}" +// } +// }; +// +// result: +// +// x-goog-request-params: +// table_location=instances/instance_bar&routing_id=prof_qux +type RoutingRule struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A collection of Routing Parameter specifications. + // **NOTE:** If multiple Routing Parameters describe the same key + // (via the `path_template` field or via the `field` field when + // `path_template` is not provided), "last one wins" rule + // determines which Parameter gets used. + // See the examples for more details. + RoutingParameters []*RoutingParameter `protobuf:"bytes,2,rep,name=routing_parameters,json=routingParameters,proto3" json:"routing_parameters,omitempty"` +} + +func (x *RoutingRule) Reset() { + *x = RoutingRule{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_routing_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RoutingRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RoutingRule) ProtoMessage() {} + +func (x *RoutingRule) ProtoReflect() protoreflect.Message { + mi := &file_google_api_routing_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RoutingRule.ProtoReflect.Descriptor instead. +func (*RoutingRule) Descriptor() ([]byte, []int) { + return file_google_api_routing_proto_rawDescGZIP(), []int{0} +} + +func (x *RoutingRule) GetRoutingParameters() []*RoutingParameter { + if x != nil { + return x.RoutingParameters + } + return nil +} + +// A projection from an input message to the GRPC or REST header. +type RoutingParameter struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A request field to extract the header key-value pair from. + Field string `protobuf:"bytes,1,opt,name=field,proto3" json:"field,omitempty"` + // A pattern matching the key-value field. Optional. + // If not specified, the whole field specified in the `field` field will be + // taken as value, and its name used as key. If specified, it MUST contain + // exactly one named segment (along with any number of unnamed segments) The + // pattern will be matched over the field specified in the `field` field, then + // if the match is successful: + // - the name of the single named segment will be used as a header name, + // - the match value of the segment will be used as a header value; + // if the match is NOT successful, nothing will be sent. + // + // Example: + // + // -- This is a field in the request message + // | that the header value will be extracted from. + // | + // | -- This is the key name in the + // | | routing header. + // V | + // field: "table_name" v + // path_template: "projects/*/{table_location=instances/*}/tables/*" + // ^ ^ + // | | + // In the {} brackets is the pattern that -- | + // specifies what to extract from the | + // field as a value to be sent. | + // | + // The string in the field must match the whole pattern -- + // before brackets, inside brackets, after brackets. + // + // When looking at this specific example, we can see that: + // - A key-value pair with the key `table_location` + // and the value matching `instances/*` should be added + // to the x-goog-request-params routing header. + // - The value is extracted from the request message's `table_name` field + // if it matches the full pattern specified: + // `projects/*/instances/*/tables/*`. + // + // **NB:** If the `path_template` field is not provided, the key name is + // equal to the field name, and the whole field should be sent as a value. + // This makes the pattern for the field and the value functionally equivalent + // to `**`, and the configuration + // + // { + // field: "table_name" + // } + // + // is a functionally equivalent shorthand to: + // + // { + // field: "table_name" + // path_template: "{table_name=**}" + // } + // + // See Example 1 for more details. + PathTemplate string `protobuf:"bytes,2,opt,name=path_template,json=pathTemplate,proto3" json:"path_template,omitempty"` +} + +func (x *RoutingParameter) Reset() { + *x = RoutingParameter{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_routing_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RoutingParameter) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RoutingParameter) ProtoMessage() {} + +func (x *RoutingParameter) ProtoReflect() protoreflect.Message { + mi := &file_google_api_routing_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RoutingParameter.ProtoReflect.Descriptor instead. +func (*RoutingParameter) Descriptor() ([]byte, []int) { + return file_google_api_routing_proto_rawDescGZIP(), []int{1} +} + +func (x *RoutingParameter) GetField() string { + if x != nil { + return x.Field + } + return "" +} + +func (x *RoutingParameter) GetPathTemplate() string { + if x != nil { + return x.PathTemplate + } + return "" +} + +var file_google_api_routing_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.MethodOptions)(nil), + ExtensionType: (*RoutingRule)(nil), + Field: 72295729, + Name: "google.api.routing", + Tag: "bytes,72295729,opt,name=routing", + Filename: "google/api/routing.proto", + }, +} + +// Extension fields to descriptorpb.MethodOptions. +var ( + // See RoutingRule. + // + // optional google.api.RoutingRule routing = 72295729; + E_Routing = &file_google_api_routing_proto_extTypes[0] +) + +var File_google_api_routing_proto protoreflect.FileDescriptor + +var file_google_api_routing_proto_rawDesc = []byte{ + 0x0a, 0x18, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x6f, 0x75, + 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5a, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, + 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x4b, 0x0a, 0x12, 0x72, 0x6f, 0x75, 0x74, 0x69, + 0x6e, 0x67, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, + 0x72, 0x52, 0x11, 0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, + 0x74, 0x65, 0x72, 0x73, 0x22, 0x4d, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x50, + 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x23, + 0x0a, 0x0d, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x61, 0x74, 0x68, 0x54, 0x65, 0x6d, 0x70, 0x6c, + 0x61, 0x74, 0x65, 0x3a, 0x54, 0x0a, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x1e, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xb1, + 0xca, 0xbc, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, + 0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x42, 0x6a, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0c, 0x52, 0x6f, 0x75, + 0x74, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, + 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, + 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, + 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_google_api_routing_proto_rawDescOnce sync.Once + file_google_api_routing_proto_rawDescData = file_google_api_routing_proto_rawDesc +) + +func file_google_api_routing_proto_rawDescGZIP() []byte { + file_google_api_routing_proto_rawDescOnce.Do(func() { + file_google_api_routing_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_routing_proto_rawDescData) + }) + return file_google_api_routing_proto_rawDescData +} + +var file_google_api_routing_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_google_api_routing_proto_goTypes = []interface{}{ + (*RoutingRule)(nil), // 0: google.api.RoutingRule + (*RoutingParameter)(nil), // 1: google.api.RoutingParameter + (*descriptorpb.MethodOptions)(nil), // 2: google.protobuf.MethodOptions +} +var file_google_api_routing_proto_depIdxs = []int32{ + 1, // 0: google.api.RoutingRule.routing_parameters:type_name -> google.api.RoutingParameter + 2, // 1: google.api.routing:extendee -> google.protobuf.MethodOptions + 0, // 2: google.api.routing:type_name -> google.api.RoutingRule + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 2, // [2:3] is the sub-list for extension type_name + 1, // [1:2] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_google_api_routing_proto_init() } +func file_google_api_routing_proto_init() { + if File_google_api_routing_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_google_api_routing_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RoutingRule); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_routing_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RoutingParameter); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_routing_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 1, + NumServices: 0, + }, + GoTypes: file_google_api_routing_proto_goTypes, + DependencyIndexes: file_google_api_routing_proto_depIdxs, + MessageInfos: file_google_api_routing_proto_msgTypes, + ExtensionInfos: file_google_api_routing_proto_extTypes, + }.Build() + File_google_api_routing_proto = out.File + file_google_api_routing_proto_rawDesc = nil + file_google_api_routing_proto_goTypes = nil + file_google_api_routing_proto_depIdxs = nil +} diff --git a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go new file mode 100644 index 0000000000..454948669d --- /dev/null +++ b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go @@ -0,0 +1,203 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.21.9 +// source: google/api/launch_stage.proto + +package api + +import ( + reflect "reflect" + sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// The launch stage as defined by [Google Cloud Platform +// Launch Stages](https://cloud.google.com/terms/launch-stages). +type LaunchStage int32 + +const ( + // Do not use this default value. + LaunchStage_LAUNCH_STAGE_UNSPECIFIED LaunchStage = 0 + // The feature is not yet implemented. Users can not use it. + LaunchStage_UNIMPLEMENTED LaunchStage = 6 + // Prelaunch features are hidden from users and are only visible internally. + LaunchStage_PRELAUNCH LaunchStage = 7 + // Early Access features are limited to a closed group of testers. To use + // these features, you must sign up in advance and sign a Trusted Tester + // agreement (which includes confidentiality provisions). These features may + // be unstable, changed in backward-incompatible ways, and are not + // guaranteed to be released. + LaunchStage_EARLY_ACCESS LaunchStage = 1 + // Alpha is a limited availability test for releases before they are cleared + // for widespread use. By Alpha, all significant design issues are resolved + // and we are in the process of verifying functionality. Alpha customers + // need to apply for access, agree to applicable terms, and have their + // projects allowlisted. Alpha releases don't have to be feature complete, + // no SLAs are provided, and there are no technical support obligations, but + // they will be far enough along that customers can actually use them in + // test environments or for limited-use tests -- just like they would in + // normal production cases. + LaunchStage_ALPHA LaunchStage = 2 + // Beta is the point at which we are ready to open a release for any + // customer to use. There are no SLA or technical support obligations in a + // Beta release. Products will be complete from a feature perspective, but + // may have some open outstanding issues. Beta releases are suitable for + // limited production use cases. + LaunchStage_BETA LaunchStage = 3 + // GA features are open to all developers and are considered stable and + // fully qualified for production use. + LaunchStage_GA LaunchStage = 4 + // Deprecated features are scheduled to be shut down and removed. For more + // information, see the "Deprecation Policy" section of our [Terms of + // Service](https://cloud.google.com/terms/) + // and the [Google Cloud Platform Subject to the Deprecation + // Policy](https://cloud.google.com/terms/deprecation) documentation. + LaunchStage_DEPRECATED LaunchStage = 5 +) + +// Enum value maps for LaunchStage. +var ( + LaunchStage_name = map[int32]string{ + 0: "LAUNCH_STAGE_UNSPECIFIED", + 6: "UNIMPLEMENTED", + 7: "PRELAUNCH", + 1: "EARLY_ACCESS", + 2: "ALPHA", + 3: "BETA", + 4: "GA", + 5: "DEPRECATED", + } + LaunchStage_value = map[string]int32{ + "LAUNCH_STAGE_UNSPECIFIED": 0, + "UNIMPLEMENTED": 6, + "PRELAUNCH": 7, + "EARLY_ACCESS": 1, + "ALPHA": 2, + "BETA": 3, + "GA": 4, + "DEPRECATED": 5, + } +) + +func (x LaunchStage) Enum() *LaunchStage { + p := new(LaunchStage) + *p = x + return p +} + +func (x LaunchStage) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (LaunchStage) Descriptor() protoreflect.EnumDescriptor { + return file_google_api_launch_stage_proto_enumTypes[0].Descriptor() +} + +func (LaunchStage) Type() protoreflect.EnumType { + return &file_google_api_launch_stage_proto_enumTypes[0] +} + +func (x LaunchStage) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use LaunchStage.Descriptor instead. +func (LaunchStage) EnumDescriptor() ([]byte, []int) { + return file_google_api_launch_stage_proto_rawDescGZIP(), []int{0} +} + +var File_google_api_launch_stage_proto protoreflect.FileDescriptor + +var file_google_api_launch_stage_proto_rawDesc = []byte{ + 0x0a, 0x1d, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6c, 0x61, 0x75, + 0x6e, 0x63, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2a, 0x8c, 0x01, 0x0a, 0x0b, + 0x4c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x4c, + 0x41, 0x55, 0x4e, 0x43, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, + 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x55, 0x4e, 0x49, + 0x4d, 0x50, 0x4c, 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x45, 0x44, 0x10, 0x06, 0x12, 0x0d, 0x0a, 0x09, + 0x50, 0x52, 0x45, 0x4c, 0x41, 0x55, 0x4e, 0x43, 0x48, 0x10, 0x07, 0x12, 0x10, 0x0a, 0x0c, 0x45, + 0x41, 0x52, 0x4c, 0x59, 0x5f, 0x41, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x09, 0x0a, + 0x05, 0x41, 0x4c, 0x50, 0x48, 0x41, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x42, 0x45, 0x54, 0x41, + 0x10, 0x03, 0x12, 0x06, 0x0a, 0x02, 0x47, 0x41, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x44, 0x45, + 0x50, 0x52, 0x45, 0x43, 0x41, 0x54, 0x45, 0x44, 0x10, 0x05, 0x42, 0x5a, 0x0a, 0x0e, 0x63, 0x6f, + 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x10, 0x4c, 0x61, + 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x2d, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, + 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x3b, 0x61, 0x70, 0x69, 0xa2, + 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_google_api_launch_stage_proto_rawDescOnce sync.Once + file_google_api_launch_stage_proto_rawDescData = file_google_api_launch_stage_proto_rawDesc +) + +func file_google_api_launch_stage_proto_rawDescGZIP() []byte { + file_google_api_launch_stage_proto_rawDescOnce.Do(func() { + file_google_api_launch_stage_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_launch_stage_proto_rawDescData) + }) + return file_google_api_launch_stage_proto_rawDescData +} + +var file_google_api_launch_stage_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_google_api_launch_stage_proto_goTypes = []interface{}{ + (LaunchStage)(0), // 0: google.api.LaunchStage +} +var file_google_api_launch_stage_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_google_api_launch_stage_proto_init() } +func file_google_api_launch_stage_proto_init() { + if File_google_api_launch_stage_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_api_launch_stage_proto_rawDesc, + NumEnums: 1, + NumMessages: 0, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_google_api_launch_stage_proto_goTypes, + DependencyIndexes: file_google_api_launch_stage_proto_depIdxs, + EnumInfos: file_google_api_launch_stage_proto_enumTypes, + }.Build() + File_google_api_launch_stage_proto = out.File + file_google_api_launch_stage_proto_rawDesc = nil + file_google_api_launch_stage_proto_goTypes = nil + file_google_api_launch_stage_proto_depIdxs = nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 1c4976e05e..fa173dd9f1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -52,6 +52,9 @@ github.com/acarl005/stripansi # github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 ## explicit; go 1.13 github.com/asaskevich/govalidator +# github.com/blang/semver v3.5.1+incompatible +## explicit +github.com/blang/semver # github.com/blang/semver/v4 v4.0.0 ## explicit; go 1.14 github.com/blang/semver/v4 @@ -447,6 +450,16 @@ github.com/fsnotify/fsnotify # github.com/fsouza/go-dockerclient v1.9.7 ## explicit; go 1.19 github.com/fsouza/go-dockerclient +# github.com/gabriel-vasile/mimetype v1.4.2 +## explicit; go 1.20 +github.com/gabriel-vasile/mimetype +github.com/gabriel-vasile/mimetype/internal/charset +github.com/gabriel-vasile/mimetype/internal/json +github.com/gabriel-vasile/mimetype/internal/magic +# github.com/go-chi/chi v4.1.2+incompatible +## explicit +github.com/go-chi/chi +github.com/go-chi/chi/middleware # github.com/go-jose/go-jose/v3 v3.0.0 ## explicit; go 1.12 github.com/go-jose/go-jose/v3 @@ -507,6 +520,16 @@ github.com/go-openapi/swag # github.com/go-openapi/validate v0.22.1 ## explicit; go 1.14 github.com/go-openapi/validate +# github.com/go-playground/locales v0.14.1 +## explicit; go 1.17 +github.com/go-playground/locales +github.com/go-playground/locales/currency +# github.com/go-playground/universal-translator v0.18.1 +## explicit; go 1.18 +github.com/go-playground/universal-translator +# github.com/go-playground/validator/v10 v10.14.0 +## explicit; go 1.18 +github.com/go-playground/validator/v10 # github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 ## explicit; go 1.13 github.com/go-task/slim-sprig @@ -552,8 +575,8 @@ github.com/google/pprof/profile # github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 ## explicit; go 1.13 github.com/google/shlex -# github.com/google/trillian v1.5.1 -## explicit; go 1.17 +# github.com/google/trillian v1.5.2 +## explicit; go 1.19 github.com/google/trillian github.com/google/trillian/types github.com/google/trillian/types/internal/tls @@ -587,6 +610,9 @@ github.com/imdario/mergo # github.com/inconshreveable/mousetrap v1.1.0 ## explicit; go 1.18 github.com/inconshreveable/mousetrap +# github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b +## explicit; go 1.17 +github.com/jedisct1/go-minisign # github.com/jinzhu/copier v0.3.5 ## explicit; go 1.13 github.com/jinzhu/copier @@ -612,6 +638,9 @@ github.com/klauspost/pgzip # github.com/kr/fs v0.1.0 ## explicit github.com/kr/fs +# github.com/leodido/go-urn v1.2.4 +## explicit; go 1.16 +github.com/leodido/go-urn # github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 ## explicit; go 1.18 github.com/letsencrypt/boulder/core @@ -797,9 +826,16 @@ github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udpproxy github.com/rootless-containers/rootlesskit/pkg/port/portutil +# github.com/sassoftware/relic v7.2.1+incompatible +## explicit +github.com/sassoftware/relic/lib/pkcs7 +github.com/sassoftware/relic/lib/x509tools # github.com/seccomp/libseccomp-golang v0.10.0 ## explicit; go 1.14 github.com/seccomp/libseccomp-golang +# github.com/secure-systems-lab/go-securesystemslib v0.6.0 +## explicit; go 1.20 +github.com/secure-systems-lab/go-securesystemslib/cjson # github.com/segmentio/ksuid v1.0.4 ## explicit; go 1.12 github.com/segmentio/ksuid @@ -807,7 +843,11 @@ github.com/segmentio/ksuid ## explicit; go 1.20 github.com/sigstore/fulcio/pkg/api github.com/sigstore/fulcio/pkg/certificate -# github.com/sigstore/rekor v1.1.2-0.20230508234306-ad288b385a44 +# github.com/sigstore/protobuf-specs v0.1.0 +## explicit; go 1.18 +github.com/sigstore/protobuf-specs/gen/pb-go/common/v1 +github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1 +# github.com/sigstore/rekor v1.2.0 ## explicit; go 1.19 github.com/sigstore/rekor/pkg/client github.com/sigstore/rekor/pkg/generated/client @@ -816,6 +856,15 @@ github.com/sigstore/rekor/pkg/generated/client/index github.com/sigstore/rekor/pkg/generated/client/pubkey github.com/sigstore/rekor/pkg/generated/client/tlog github.com/sigstore/rekor/pkg/generated/models +github.com/sigstore/rekor/pkg/log +github.com/sigstore/rekor/pkg/pki +github.com/sigstore/rekor/pkg/pki/minisign +github.com/sigstore/rekor/pkg/pki/pgp +github.com/sigstore/rekor/pkg/pki/pkcs7 +github.com/sigstore/rekor/pkg/pki/ssh +github.com/sigstore/rekor/pkg/pki/tuf +github.com/sigstore/rekor/pkg/pki/x509 +github.com/sigstore/rekor/pkg/types github.com/sigstore/rekor/pkg/util # github.com/sigstore/sigstore v1.6.4 ## explicit; go 1.18 @@ -856,7 +905,11 @@ github.com/syndtr/gocapability/capability github.com/tchap/go-patricia/v2/patricia # github.com/theupdateframework/go-tuf v0.5.2 ## explicit; go 1.18 +github.com/theupdateframework/go-tuf/data github.com/theupdateframework/go-tuf/encrypted +github.com/theupdateframework/go-tuf/internal/roles +github.com/theupdateframework/go-tuf/pkg/keys +github.com/theupdateframework/go-tuf/verify # github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 ## explicit github.com/titanous/rocacheck @@ -922,8 +975,24 @@ go.opentelemetry.io/otel/semconv/v1.12.0 # go.opentelemetry.io/otel/trace v1.15.0 ## explicit; go 1.19 go.opentelemetry.io/otel/trace -# golang.org/x/crypto v0.8.0 +# go.uber.org/atomic v1.10.0 +## explicit; go 1.18 +go.uber.org/atomic +# go.uber.org/multierr v1.11.0 +## explicit; go 1.19 +go.uber.org/multierr +# go.uber.org/zap v1.24.0 +## explicit; go 1.19 +go.uber.org/zap +go.uber.org/zap/buffer +go.uber.org/zap/internal +go.uber.org/zap/internal/bufferpool +go.uber.org/zap/internal/color +go.uber.org/zap/internal/exit +go.uber.org/zap/zapcore +# golang.org/x/crypto v0.9.0 ## explicit; go 1.17 +golang.org/x/crypto/blake2b golang.org/x/crypto/blowfish golang.org/x/crypto/cast5 golang.org/x/crypto/chacha20 @@ -948,6 +1017,7 @@ golang.org/x/crypto/ssh golang.org/x/crypto/ssh/agent golang.org/x/crypto/ssh/internal/bcrypt_pbkdf golang.org/x/crypto/ssh/knownhosts +golang.org/x/crypto/ssh/terminal # golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 ## explicit; go 1.20 golang.org/x/exp/constraints @@ -1044,6 +1114,8 @@ google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/urlfetch # google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 ## explicit; go 1.19 +google.golang.org/genproto/googleapis/api +google.golang.org/genproto/googleapis/api/annotations google.golang.org/genproto/googleapis/rpc/status # google.golang.org/grpc v1.55.0 ## explicit; go 1.17